From e4ab7289184688e14fd8d857dec5104909e8b2e9 Mon Sep 17 00:00:00 2001 From: Rafal Krypa Date: Fri, 9 Jun 2017 20:24:22 +0200 Subject: [PATCH] Revert "Imported Upstream version 3.4.11" This reverts commit 1bd29a24229d1e3822fc47fdd4aac3c2ab9b8b85. Change-Id: I18b7368628bbac16976cde44474f217161a50a0b --- ChangeLog | 10374 +---------------- GNUmakefile | 2 +- Makefile.am | 54 +- Makefile.in | 148 +- NEWS | 605 +- README | 76 +- aclocal.m4 | 69 +- build-aux/config.rpath | 18 +- build-aux/gendocs.sh | 119 +- build-aux/pmccabe2html | 2 +- build-aux/snippet/arg-nonnull.h | 2 +- build-aux/snippet/c++defs.h | 2 +- build-aux/snippet/warn-on-use.h | 2 +- build-aux/useless-if-before-free | 2 +- build-aux/vc-list-files | 2 +- cfg.mk | 25 +- config.h.in | 101 +- configure | 4160 +++---- configure.ac | 293 +- doc/Makefile.am | 398 +- doc/Makefile.in | 489 +- doc/TODO | 22 +- doc/abstract-api.texi | 506 +- doc/alerts.texi | 3 - doc/algorithms.texi | 226 +- doc/certtool.cfg | 36 +- doc/cha-auth.texi | 6 +- doc/cha-bib.texi | 13 +- doc/cha-cert-auth.texi | 123 +- doc/cha-cert-auth2.texi | 8 +- doc/cha-crypto.texi | 78 +- doc/cha-errors.texi | 2 +- doc/cha-functions.texi | 9 - doc/cha-gtls-app.texi | 347 +- doc/cha-internals.texi | 169 +- doc/cha-intro-tls.texi | 77 +- doc/cha-library.texi | 43 +- doc/cha-shared-key.texi | 2 +- doc/cha-support.texi | 4 +- doc/cha-tokens.texi | 153 +- doc/cha-upgrade.texi | 84 +- doc/compat-api.texi | 534 +- doc/core.c.texi | 232 +- doc/credentials/Makefile.in | 39 +- doc/credentials/openpgp/Makefile.in | 39 +- doc/credentials/srp/Makefile.in | 39 +- doc/credentials/x509/Makefile.in | 39 +- doc/crypto-api.texi | 359 +- doc/cyclo/Makefile.in | 39 +- doc/dane-api.texi | 54 +- doc/doc.mk | 7 +- doc/dtls-api.texi | 21 +- doc/enums.texi | 237 +- doc/enums/gnutls_alert_description_t | 5 +- doc/enums/gnutls_certificate_flags | 7 - doc/enums/gnutls_certificate_import_flags | 31 +- doc/enums/gnutls_certificate_status_t | 2 - doc/enums/gnutls_certificate_verify_flags | 3 - doc/enums/gnutls_cipher_algorithm_t | 44 +- doc/enums/gnutls_ext_parse_type_t | 44 - doc/enums/gnutls_keyid_flags_t | 11 - doc/enums/gnutls_pkcs11_obj_attr_t | 19 + doc/enums/gnutls_pkcs11_obj_flags | 70 - doc/enums/gnutls_pkcs11_obj_info_t | 6 +- doc/enums/gnutls_pkcs11_obj_type_t | 2 - doc/enums/gnutls_pkcs11_token_info_t | 2 - doc/enums/gnutls_pkcs11_url_type_t | 18 + doc/enums/gnutls_pkcs7_sign_flags | 13 - doc/enums/gnutls_pkcs_encrypt_flags_t | 16 +- doc/enums/gnutls_pubkey_flags_t | 3 + doc/enums/gnutls_sec_param_t | 6 +- doc/enums/gnutls_sign_algorithm_t | 4 +- doc/enums/gnutls_supplemental_data_format_type_t | 4 +- doc/enums/gnutls_vdata_types_t | 11 +- doc/error_codes.texi | 9 +- doc/examples/Makefile.am | 4 +- doc/examples/Makefile.in | 44 +- doc/examples/ex-cert-select-pkcs11.c | 9 +- doc/examples/ex-cert-select.c | 3 +- doc/examples/ex-client-dtls.c | 6 +- doc/examples/ex-client-srp.c | 3 +- doc/examples/ex-client-x509.c | 97 +- doc/examples/ex-pkcs11-list.c | 22 +- doc/examples/ex-serv-anon.c | 5 +- doc/examples/ex-serv-dtls.c | 2 +- doc/examples/ex-serv-pgp.c | 3 +- doc/examples/ex-serv-psk.c | 3 +- doc/examples/ex-serv-srp.c | 3 +- doc/examples/ex-serv-x509.c | 3 +- doc/functions/dane_query_to_raw_tlsa | 31 - doc/functions/dane_query_to_raw_tlsa.short | 1 - doc/functions/dane_raw_tlsa | 3 +- doc/functions/dane_verify_crt | 10 +- doc/functions/dane_verify_crt_raw | 9 +- doc/functions/dane_verify_session_crt | 2 +- doc/functions/gnutls_aead_cipher_decrypt | 33 - doc/functions/gnutls_aead_cipher_decrypt.short | 1 - doc/functions/gnutls_aead_cipher_deinit | 12 - doc/functions/gnutls_aead_cipher_deinit.short | 1 - doc/functions/gnutls_aead_cipher_encrypt | 34 - doc/functions/gnutls_aead_cipher_encrypt.short | 1 - doc/functions/gnutls_aead_cipher_init | 20 - doc/functions/gnutls_aead_cipher_init.short | 1 - doc/functions/gnutls_alert_get | 2 +- doc/functions/gnutls_alert_send | 2 +- doc/functions/gnutls_alert_send_appropriate | 2 +- doc/functions/gnutls_alpn_get_selected_protocol | 7 +- doc/functions/gnutls_alpn_set_protocols | 6 +- .../gnutls_anon_allocate_client_credentials | 2 +- .../gnutls_anon_allocate_server_credentials | 2 +- doc/functions/gnutls_anon_free_client_credentials | 2 +- doc/functions/gnutls_anon_free_server_credentials | 2 +- doc/functions/gnutls_anon_set_params_function | 2 +- doc/functions/gnutls_anon_set_server_dh_params | 4 +- .../gnutls_anon_set_server_params_function | 2 +- doc/functions/gnutls_auth_client_get_type | 2 +- doc/functions/gnutls_auth_get_type | 2 +- doc/functions/gnutls_auth_server_get_type | 2 +- doc/functions/gnutls_buffer_append_data | 17 - doc/functions/gnutls_buffer_append_data.short | 1 - doc/functions/gnutls_bye | 2 +- .../gnutls_certificate_allocate_credentials | 2 +- ...gnutls_certificate_client_set_retrieve_function | 37 + ..._certificate_client_set_retrieve_function.short | 1 + doc/functions/gnutls_certificate_free_ca_names | 2 +- doc/functions/gnutls_certificate_free_cas | 2 +- doc/functions/gnutls_certificate_free_credentials | 2 +- doc/functions/gnutls_certificate_free_crls | 2 +- doc/functions/gnutls_certificate_free_keys | 2 +- doc/functions/gnutls_certificate_get_crt_raw | 2 +- doc/functions/gnutls_certificate_get_issuer | 7 +- doc/functions/gnutls_certificate_get_openpgp_crt | 31 - .../gnutls_certificate_get_openpgp_crt.short | 1 - doc/functions/gnutls_certificate_get_openpgp_key | 28 - .../gnutls_certificate_get_openpgp_key.short | 1 - doc/functions/gnutls_certificate_get_peers | 2 +- doc/functions/gnutls_certificate_get_trust_list | 15 - .../gnutls_certificate_get_trust_list.short | 1 - doc/functions/gnutls_certificate_get_verify_flags | 14 - .../gnutls_certificate_get_verify_flags.short | 1 - doc/functions/gnutls_certificate_get_x509_crt | 32 - .../gnutls_certificate_get_x509_crt.short | 1 - doc/functions/gnutls_certificate_get_x509_key | 27 - .../gnutls_certificate_get_x509_key.short | 1 - .../gnutls_certificate_send_x509_rdn_sequence | 2 +- .../gnutls_certificate_server_set_request | 2 +- ...gnutls_certificate_server_set_retrieve_function | 26 + ..._certificate_server_set_retrieve_function.short | 1 + doc/functions/gnutls_certificate_set_dh_params | 4 +- doc/functions/gnutls_certificate_set_flags | 15 - doc/functions/gnutls_certificate_set_flags.short | 1 - doc/functions/gnutls_certificate_set_key | 9 +- ...ls_certificate_set_ocsp_status_request_function | 2 +- doc/functions/gnutls_certificate_set_openpgp_key | 5 +- .../gnutls_certificate_set_openpgp_key_file | 2 +- .../gnutls_certificate_set_openpgp_key_file2 | 2 +- .../gnutls_certificate_set_openpgp_key_mem | 2 +- .../gnutls_certificate_set_openpgp_key_mem2 | 2 +- .../gnutls_certificate_set_params_function | 2 +- doc/functions/gnutls_certificate_set_pin_function | 2 +- .../gnutls_certificate_set_retrieve_function | 15 +- .../gnutls_certificate_set_retrieve_function2 | 19 +- .../gnutls_certificate_set_rsa_export_params | 13 + .../gnutls_certificate_set_rsa_export_params.short | 1 + doc/functions/gnutls_certificate_set_trust_list | 7 +- doc/functions/gnutls_certificate_set_verify_flags | 2 +- .../gnutls_certificate_set_verify_function | 2 +- doc/functions/gnutls_certificate_set_verify_limits | 2 +- doc/functions/gnutls_certificate_set_x509_crl | 2 +- doc/functions/gnutls_certificate_set_x509_crl_file | 2 +- doc/functions/gnutls_certificate_set_x509_crl_mem | 2 +- doc/functions/gnutls_certificate_set_x509_key | 7 +- doc/functions/gnutls_certificate_set_x509_key_file | 13 +- .../gnutls_certificate_set_x509_key_file2 | 13 +- doc/functions/gnutls_certificate_set_x509_key_mem | 4 +- doc/functions/gnutls_certificate_set_x509_key_mem2 | 4 +- .../gnutls_certificate_set_x509_simple_pkcs12_file | 4 +- .../gnutls_certificate_set_x509_simple_pkcs12_mem | 4 +- .../gnutls_certificate_set_x509_system_trust | 2 +- doc/functions/gnutls_certificate_set_x509_trust | 2 +- .../gnutls_certificate_set_x509_trust_dir | 20 - .../gnutls_certificate_set_x509_trust_dir.short | 1 - .../gnutls_certificate_set_x509_trust_file | 5 +- .../gnutls_certificate_set_x509_trust_mem | 2 +- doc/functions/gnutls_certificate_type_get | 2 +- doc/functions/gnutls_certificate_type_set_priority | 18 + .../gnutls_certificate_type_set_priority.short | 1 + doc/functions/gnutls_certificate_verify_peers | 17 +- doc/functions/gnutls_certificate_verify_peers2 | 4 +- doc/functions/gnutls_certificate_verify_peers3 | 4 +- doc/functions/gnutls_cipher_add_auth | 9 +- doc/functions/gnutls_cipher_add_auth.short | 2 +- doc/functions/gnutls_cipher_decrypt | 8 +- doc/functions/gnutls_cipher_decrypt.short | 2 +- doc/functions/gnutls_cipher_decrypt2 | 16 +- doc/functions/gnutls_cipher_decrypt2.short | 2 +- doc/functions/gnutls_cipher_deinit | 2 +- doc/functions/gnutls_cipher_encrypt | 8 +- doc/functions/gnutls_cipher_encrypt.short | 2 +- doc/functions/gnutls_cipher_encrypt2 | 16 +- doc/functions/gnutls_cipher_encrypt2.short | 2 +- doc/functions/gnutls_cipher_get | 2 +- doc/functions/gnutls_cipher_init | 10 +- doc/functions/gnutls_cipher_set_iv | 4 +- doc/functions/gnutls_cipher_set_priority | 17 + doc/functions/gnutls_cipher_set_priority.short | 1 + doc/functions/gnutls_cipher_tag | 4 +- doc/functions/gnutls_compression_get | 2 +- doc/functions/gnutls_compression_set_priority | 22 + .../gnutls_compression_set_priority.short | 1 + doc/functions/gnutls_credentials_clear | 2 +- doc/functions/gnutls_credentials_get | 6 +- doc/functions/gnutls_credentials_set | 6 +- doc/functions/gnutls_crypto_register_aead_cipher | 35 - .../gnutls_crypto_register_aead_cipher.short | 1 - doc/functions/gnutls_crypto_register_cipher | 38 - doc/functions/gnutls_crypto_register_cipher.short | 1 - doc/functions/gnutls_crypto_register_digest | 29 - doc/functions/gnutls_crypto_register_digest.short | 1 - doc/functions/gnutls_crypto_register_mac | 33 - doc/functions/gnutls_crypto_register_mac.short | 1 - doc/functions/gnutls_db_check_entry | 2 +- doc/functions/gnutls_db_check_entry_time | 2 +- doc/functions/gnutls_db_get_ptr | 2 +- doc/functions/gnutls_db_remove_session | 2 +- doc/functions/gnutls_db_set_cache_expiration | 2 +- doc/functions/gnutls_db_set_ptr | 2 +- doc/functions/gnutls_db_set_remove_function | 2 +- doc/functions/gnutls_db_set_retrieve_function | 2 +- doc/functions/gnutls_db_set_store_function | 2 +- doc/functions/gnutls_deinit | 2 +- doc/functions/gnutls_dh_get_group | 3 - doc/functions/gnutls_dh_get_pubkey | 3 - doc/functions/gnutls_dh_params_cpy | 4 +- doc/functions/gnutls_dh_params_deinit | 4 +- doc/functions/gnutls_dh_params_generate2 | 2 +- doc/functions/gnutls_dh_params_import_pkcs3 | 2 +- doc/functions/gnutls_dh_params_import_raw | 2 +- doc/functions/gnutls_dh_params_import_raw2 | 20 - doc/functions/gnutls_dh_params_import_raw2.short | 1 - doc/functions/gnutls_dh_params_init | 4 +- doc/functions/gnutls_dh_set_prime_bits | 6 +- doc/functions/gnutls_digest_get_id | 2 +- doc/functions/gnutls_digest_get_oid | 14 - doc/functions/gnutls_digest_get_oid.short | 1 - doc/functions/gnutls_dtls_get_data_mtu | 2 +- doc/functions/gnutls_dtls_get_mtu | 2 +- doc/functions/gnutls_dtls_get_timeout | 2 +- doc/functions/gnutls_dtls_set_data_mtu | 2 +- doc/functions/gnutls_dtls_set_mtu | 4 +- doc/functions/gnutls_dtls_set_timeouts | 7 +- doc/functions/gnutls_ecc_curve_get | 2 +- doc/functions/gnutls_ecc_curve_get_id | 14 - doc/functions/gnutls_ecc_curve_get_id.short | 1 - doc/functions/gnutls_ecc_curve_get_oid | 14 - doc/functions/gnutls_ecc_curve_get_oid.short | 1 - doc/functions/gnutls_error_is_fatal | 3 +- doc/functions/gnutls_ext_get_data | 17 - doc/functions/gnutls_ext_get_data.short | 1 - doc/functions/gnutls_ext_register | 35 - doc/functions/gnutls_ext_register.short | 1 - doc/functions/gnutls_ext_set_data | 17 - doc/functions/gnutls_ext_set_data.short | 1 - doc/functions/gnutls_global_init | 7 +- doc/functions/gnutls_global_set_mem_functions | 1 + doc/functions/gnutls_global_set_mutex | 2 +- doc/functions/gnutls_handshake | 23 +- doc/functions/gnutls_handshake_get_last_in | 2 +- doc/functions/gnutls_handshake_get_last_out | 2 +- doc/functions/gnutls_handshake_set_hook_function | 2 +- .../gnutls_handshake_set_max_packet_length | 2 +- ...gnutls_handshake_set_post_client_hello_function | 2 +- .../gnutls_handshake_set_private_extensions | 2 +- doc/functions/gnutls_handshake_set_random | 2 +- doc/functions/gnutls_handshake_set_timeout | 11 +- doc/functions/gnutls_hash | 8 +- doc/functions/gnutls_hash.short | 2 +- doc/functions/gnutls_hash_deinit | 2 +- doc/functions/gnutls_hash_fast | 6 +- doc/functions/gnutls_hash_fast.short | 2 +- doc/functions/gnutls_hash_init | 2 +- doc/functions/gnutls_hash_output | 2 +- doc/functions/gnutls_heartbeat_allowed | 2 +- doc/functions/gnutls_heartbeat_enable | 2 +- doc/functions/gnutls_heartbeat_get_timeout | 2 +- doc/functions/gnutls_heartbeat_ping | 2 +- doc/functions/gnutls_heartbeat_pong | 2 +- doc/functions/gnutls_heartbeat_set_timeouts | 5 +- doc/functions/gnutls_hex2bin | 4 +- doc/functions/gnutls_hex_decode | 5 +- doc/functions/gnutls_hex_decode2 | 14 - doc/functions/gnutls_hex_decode2.short | 1 - doc/functions/gnutls_hex_encode2 | 16 - doc/functions/gnutls_hex_encode2.short | 1 - doc/functions/gnutls_hmac | 8 +- doc/functions/gnutls_hmac.short | 2 +- doc/functions/gnutls_hmac_deinit | 2 +- doc/functions/gnutls_hmac_fast | 8 +- doc/functions/gnutls_hmac_fast.short | 2 +- doc/functions/gnutls_hmac_init | 6 +- doc/functions/gnutls_hmac_output | 2 +- doc/functions/gnutls_hmac_set_nonce | 4 +- doc/functions/gnutls_init | 8 +- doc/functions/gnutls_key_generate | 4 +- doc/functions/gnutls_kx_get | 2 +- doc/functions/gnutls_kx_set_priority | 18 + doc/functions/gnutls_kx_set_priority.short | 1 + doc/functions/gnutls_mac_get | 2 +- doc/functions/gnutls_mac_get_id | 2 +- doc/functions/gnutls_mac_set_priority | 18 + doc/functions/gnutls_mac_set_priority.short | 1 + doc/functions/gnutls_memcmp | 19 - doc/functions/gnutls_memcmp.short | 1 - doc/functions/gnutls_memset | 18 - doc/functions/gnutls_memset.short | 1 - doc/functions/gnutls_ocsp_req_add_cert | 2 +- doc/functions/gnutls_ocsp_req_add_cert_id | 2 +- doc/functions/gnutls_ocsp_req_deinit | 2 +- doc/functions/gnutls_ocsp_req_get_cert_id | 2 +- doc/functions/gnutls_ocsp_req_get_extension | 2 +- doc/functions/gnutls_ocsp_req_get_nonce | 2 +- doc/functions/gnutls_ocsp_req_get_version | 2 +- doc/functions/gnutls_ocsp_req_import | 2 +- doc/functions/gnutls_ocsp_req_init | 2 +- doc/functions/gnutls_ocsp_req_print | 2 +- doc/functions/gnutls_ocsp_req_randomize_nonce | 2 +- doc/functions/gnutls_ocsp_req_set_extension | 2 +- doc/functions/gnutls_ocsp_req_set_nonce | 2 +- doc/functions/gnutls_ocsp_resp_check_crt | 2 +- doc/functions/gnutls_ocsp_resp_deinit | 2 +- doc/functions/gnutls_ocsp_resp_get_certs | 2 +- doc/functions/gnutls_ocsp_resp_get_extension | 2 +- doc/functions/gnutls_ocsp_resp_get_nonce | 2 +- doc/functions/gnutls_ocsp_resp_get_produced | 2 +- doc/functions/gnutls_ocsp_resp_get_responder | 5 +- .../gnutls_ocsp_resp_get_responder_raw_id | 21 - .../gnutls_ocsp_resp_get_responder_raw_id.short | 1 - doc/functions/gnutls_ocsp_resp_get_response | 2 +- doc/functions/gnutls_ocsp_resp_get_signature | 2 +- .../gnutls_ocsp_resp_get_signature_algorithm | 2 +- doc/functions/gnutls_ocsp_resp_get_single | 2 +- doc/functions/gnutls_ocsp_resp_get_status | 2 +- doc/functions/gnutls_ocsp_resp_get_version | 2 +- doc/functions/gnutls_ocsp_resp_import | 2 +- doc/functions/gnutls_ocsp_resp_init | 2 +- doc/functions/gnutls_ocsp_resp_print | 2 +- doc/functions/gnutls_ocsp_resp_verify | 6 +- doc/functions/gnutls_ocsp_resp_verify_direct | 4 +- .../gnutls_ocsp_status_request_enable_client | 2 +- doc/functions/gnutls_ocsp_status_request_get | 2 +- .../gnutls_ocsp_status_request_is_checked | 12 +- doc/functions/gnutls_oid_to_digest | 14 - doc/functions/gnutls_oid_to_digest.short | 1 - doc/functions/gnutls_oid_to_ecc_curve | 13 - doc/functions/gnutls_oid_to_ecc_curve.short | 1 - doc/functions/gnutls_oid_to_pk | 14 - doc/functions/gnutls_oid_to_pk.short | 1 - doc/functions/gnutls_oid_to_sign | 14 - doc/functions/gnutls_oid_to_sign.short | 1 - doc/functions/gnutls_openpgp_crt_check_email | 16 - doc/functions/gnutls_openpgp_crt_check_email.short | 1 - doc/functions/gnutls_openpgp_crt_check_hostname | 2 +- doc/functions/gnutls_openpgp_crt_check_hostname2 | 2 +- doc/functions/gnutls_openpgp_crt_deinit | 2 +- doc/functions/gnutls_openpgp_crt_get_key_usage | 2 +- doc/functions/gnutls_openpgp_crt_get_subkey_usage | 2 +- doc/functions/gnutls_openpgp_crt_init | 2 +- doc/functions/gnutls_openpgp_keyring_deinit | 2 +- doc/functions/gnutls_openpgp_keyring_get_crt | 2 +- doc/functions/gnutls_openpgp_keyring_init | 2 +- doc/functions/gnutls_openpgp_privkey_deinit | 2 +- doc/functions/gnutls_openpgp_privkey_init | 2 +- doc/functions/gnutls_openpgp_send_cert | 2 +- doc/functions/gnutls_openpgp_set_recv_key_function | 2 +- doc/functions/gnutls_packet_get | 2 +- doc/functions/gnutls_pcert_export_openpgp | 19 - doc/functions/gnutls_pcert_export_openpgp.short | 1 - doc/functions/gnutls_pcert_export_x509 | 19 - doc/functions/gnutls_pcert_export_x509.short | 1 - doc/functions/gnutls_pcert_import_x509 | 2 +- doc/functions/gnutls_pcert_import_x509_list | 27 - doc/functions/gnutls_pcert_import_x509_list.short | 1 - doc/functions/gnutls_pem_base64_decode2.short | 1 - ...se64_decode2 => gnutls_pem_base64_decode_alloc} | 2 +- doc/functions/gnutls_pem_base64_decode_alloc.short | 1 + doc/functions/gnutls_pem_base64_encode2.short | 1 - ...se64_encode2 => gnutls_pem_base64_encode_alloc} | 2 +- doc/functions/gnutls_pem_base64_encode_alloc.short | 1 + doc/functions/gnutls_pk_get_oid | 14 - doc/functions/gnutls_pk_get_oid.short | 1 - .../gnutls_pkcs11_copy_attached_extension | 25 - .../gnutls_pkcs11_copy_attached_extension.short | 1 - doc/functions/gnutls_pkcs11_copy_pubkey | 27 - doc/functions/gnutls_pkcs11_copy_pubkey.short | 1 - doc/functions/gnutls_pkcs11_copy_x509_crt2 | 25 - doc/functions/gnutls_pkcs11_copy_x509_crt2.short | 1 - doc/functions/gnutls_pkcs11_copy_x509_privkey2 | 26 - .../gnutls_pkcs11_copy_x509_privkey2.short | 1 - doc/functions/gnutls_pkcs11_crt_is_known | 2 +- doc/functions/gnutls_pkcs11_get_raw_issuer | 2 +- doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn | 28 - .../gnutls_pkcs11_get_raw_issuer_by_dn.short | 1 - .../gnutls_pkcs11_get_raw_issuer_by_subject_key_id | 30 - ...s_pkcs11_get_raw_issuer_by_subject_key_id.short | 1 - doc/functions/gnutls_pkcs11_init | 4 +- doc/functions/gnutls_pkcs11_obj_deinit | 2 +- doc/functions/gnutls_pkcs11_obj_flags_get_str | 15 - .../gnutls_pkcs11_obj_flags_get_str.short | 1 - doc/functions/gnutls_pkcs11_obj_get_exts | 21 - doc/functions/gnutls_pkcs11_obj_get_exts.short | 1 - doc/functions/gnutls_pkcs11_obj_get_flags | 18 - doc/functions/gnutls_pkcs11_obj_get_flags.short | 1 - doc/functions/gnutls_pkcs11_obj_get_info | 4 +- doc/functions/gnutls_pkcs11_obj_get_info.short | 2 +- doc/functions/gnutls_pkcs11_obj_get_type | 4 +- doc/functions/gnutls_pkcs11_obj_import_url | 4 +- doc/functions/gnutls_pkcs11_obj_init | 2 +- doc/functions/gnutls_pkcs11_obj_list_import_url | 23 + .../gnutls_pkcs11_obj_list_import_url.short | 1 + doc/functions/gnutls_pkcs11_obj_list_import_url2 | 24 + .../gnutls_pkcs11_obj_list_import_url2.short | 1 + doc/functions/gnutls_pkcs11_obj_list_import_url3 | 27 - .../gnutls_pkcs11_obj_list_import_url3.short | 1 - doc/functions/gnutls_pkcs11_obj_list_import_url4 | 31 - .../gnutls_pkcs11_obj_list_import_url4.short | 1 - doc/functions/gnutls_pkcs11_obj_set_info | 23 - doc/functions/gnutls_pkcs11_obj_set_info.short | 1 - doc/functions/gnutls_pkcs11_privkey_cpy | 17 - doc/functions/gnutls_pkcs11_privkey_cpy.short | 1 - doc/functions/gnutls_pkcs11_privkey_deinit | 2 +- doc/functions/gnutls_pkcs11_privkey_export_pubkey | 23 - .../gnutls_pkcs11_privkey_export_pubkey.short | 1 - doc/functions/gnutls_pkcs11_privkey_generate2 | 8 +- doc/functions/gnutls_pkcs11_privkey_generate3 | 38 - .../gnutls_pkcs11_privkey_generate3.short | 1 - doc/functions/gnutls_pkcs11_privkey_get_info | 2 +- .../gnutls_pkcs11_privkey_get_pk_algorithm | 2 +- doc/functions/gnutls_pkcs11_privkey_import_url | 6 +- doc/functions/gnutls_pkcs11_privkey_init | 2 +- doc/functions/gnutls_pkcs12_bag_deinit | 2 +- doc/functions/gnutls_pkcs12_bag_enc_info | 30 - doc/functions/gnutls_pkcs12_bag_enc_info.short | 1 - doc/functions/gnutls_pkcs12_bag_get_count | 2 +- doc/functions/gnutls_pkcs12_bag_init | 2 +- doc/functions/gnutls_pkcs12_bag_set_privkey | 19 - doc/functions/gnutls_pkcs12_bag_set_privkey.short | 1 - doc/functions/gnutls_pkcs12_deinit | 4 +- doc/functions/gnutls_pkcs12_export | 2 +- doc/functions/gnutls_pkcs12_export2 | 2 +- doc/functions/gnutls_pkcs12_generate_mac | 2 +- doc/functions/gnutls_pkcs12_generate_mac2 | 16 - doc/functions/gnutls_pkcs12_generate_mac2.short | 1 - doc/functions/gnutls_pkcs12_get_bag | 2 +- doc/functions/gnutls_pkcs12_import | 2 +- doc/functions/gnutls_pkcs12_init | 4 +- doc/functions/gnutls_pkcs12_mac_info | 28 - doc/functions/gnutls_pkcs12_mac_info.short | 1 - doc/functions/gnutls_pkcs12_set_bag | 2 +- doc/functions/gnutls_pkcs12_simple_parse | 39 +- doc/functions/gnutls_pkcs12_verify_mac | 2 +- doc/functions/gnutls_pkcs7_add_attr | 22 - doc/functions/gnutls_pkcs7_add_attr.short | 1 - doc/functions/gnutls_pkcs7_attrs_deinit | 11 - doc/functions/gnutls_pkcs7_attrs_deinit.short | 1 - doc/functions/gnutls_pkcs7_deinit | 4 +- doc/functions/gnutls_pkcs7_delete_crl | 2 +- doc/functions/gnutls_pkcs7_delete_crt | 2 +- doc/functions/gnutls_pkcs7_export | 2 +- doc/functions/gnutls_pkcs7_export2 | 2 +- doc/functions/gnutls_pkcs7_get_attr | 25 - doc/functions/gnutls_pkcs7_get_attr.short | 1 - doc/functions/gnutls_pkcs7_get_crl_count | 4 +- doc/functions/gnutls_pkcs7_get_crl_raw | 2 +- doc/functions/gnutls_pkcs7_get_crl_raw2 | 19 - doc/functions/gnutls_pkcs7_get_crl_raw2.short | 1 - doc/functions/gnutls_pkcs7_get_crt_count | 6 +- doc/functions/gnutls_pkcs7_get_crt_raw | 2 +- doc/functions/gnutls_pkcs7_get_crt_raw2 | 24 - doc/functions/gnutls_pkcs7_get_crt_raw2.short | 1 - doc/functions/gnutls_pkcs7_get_embedded_data | 24 - doc/functions/gnutls_pkcs7_get_embedded_data.short | 1 - doc/functions/gnutls_pkcs7_get_signature_count | 15 - .../gnutls_pkcs7_get_signature_count.short | 1 - doc/functions/gnutls_pkcs7_get_signature_info | 20 - .../gnutls_pkcs7_get_signature_info.short | 1 - doc/functions/gnutls_pkcs7_import | 2 +- doc/functions/gnutls_pkcs7_init | 2 +- doc/functions/gnutls_pkcs7_print | 22 - doc/functions/gnutls_pkcs7_print.short | 1 - doc/functions/gnutls_pkcs7_set_crl | 2 +- doc/functions/gnutls_pkcs7_set_crl_raw | 2 +- doc/functions/gnutls_pkcs7_set_crt | 2 +- doc/functions/gnutls_pkcs7_set_crt_raw | 2 +- doc/functions/gnutls_pkcs7_sign | 35 - doc/functions/gnutls_pkcs7_sign.short | 1 - doc/functions/gnutls_pkcs7_signature_info_deinit | 12 - .../gnutls_pkcs7_signature_info_deinit.short | 1 - doc/functions/gnutls_pkcs7_verify | 31 - doc/functions/gnutls_pkcs7_verify.short | 1 - doc/functions/gnutls_pkcs7_verify_direct | 27 - doc/functions/gnutls_pkcs7_verify_direct.short | 1 - doc/functions/gnutls_pkcs8_info | 32 - doc/functions/gnutls_pkcs8_info.short | 1 - doc/functions/gnutls_pkcs_schema_get_name | 14 - doc/functions/gnutls_pkcs_schema_get_name.short | 1 - doc/functions/gnutls_pkcs_schema_get_oid | 14 - doc/functions/gnutls_pkcs_schema_get_oid.short | 1 - doc/functions/gnutls_prf | 10 +- doc/functions/gnutls_prf_raw | 2 +- doc/functions/gnutls_prf_rfc5705 | 43 - doc/functions/gnutls_prf_rfc5705.short | 1 - .../gnutls_priority_certificate_type_list | 2 +- doc/functions/gnutls_priority_cipher_list | 2 +- doc/functions/gnutls_priority_compression_list | 2 +- doc/functions/gnutls_priority_deinit | 2 +- doc/functions/gnutls_priority_ecc_curve_list | 2 +- .../gnutls_priority_get_cipher_suite_index | 4 +- doc/functions/gnutls_priority_init | 19 +- doc/functions/gnutls_priority_kx_list | 2 +- doc/functions/gnutls_priority_mac_list | 2 +- doc/functions/gnutls_priority_protocol_list | 2 +- doc/functions/gnutls_priority_set | 4 +- doc/functions/gnutls_priority_set_direct | 4 +- doc/functions/gnutls_priority_sign_list | 2 +- doc/functions/gnutls_priority_string_list | 18 - doc/functions/gnutls_priority_string_list.short | 1 - doc/functions/gnutls_privkey_deinit | 2 +- doc/functions/gnutls_privkey_export_openpgp | 19 - doc/functions/gnutls_privkey_export_openpgp.short | 1 - doc/functions/gnutls_privkey_export_pkcs11 | 19 - doc/functions/gnutls_privkey_export_pkcs11.short | 1 - doc/functions/gnutls_privkey_export_x509 | 18 - doc/functions/gnutls_privkey_export_x509.short | 1 - doc/functions/gnutls_privkey_get_pk_algorithm | 2 +- doc/functions/gnutls_privkey_get_type | 2 +- doc/functions/gnutls_privkey_import_ecc_raw | 2 +- doc/functions/gnutls_privkey_import_ext | 4 +- doc/functions/gnutls_privkey_import_ext2 | 12 +- doc/functions/gnutls_privkey_import_ext2.short | 2 +- doc/functions/gnutls_privkey_import_ext3 | 38 - doc/functions/gnutls_privkey_import_ext3.short | 1 - doc/functions/gnutls_privkey_import_openpgp | 2 +- doc/functions/gnutls_privkey_import_openpgp_raw | 2 +- doc/functions/gnutls_privkey_import_pkcs11 | 2 +- doc/functions/gnutls_privkey_import_pkcs11_url | 2 +- doc/functions/gnutls_privkey_import_tpm_raw | 2 +- doc/functions/gnutls_privkey_import_tpm_url | 2 +- doc/functions/gnutls_privkey_import_x509 | 2 +- doc/functions/gnutls_privkey_import_x509_raw | 2 +- doc/functions/gnutls_privkey_init | 4 +- doc/functions/gnutls_privkey_sign_data | 2 +- doc/functions/gnutls_privkey_sign_raw_data | 27 + doc/functions/gnutls_privkey_sign_raw_data.short | 1 + doc/functions/gnutls_privkey_verify_params | 2 +- doc/functions/gnutls_protocol_get_version | 2 +- doc/functions/gnutls_protocol_set_priority | 15 + doc/functions/gnutls_protocol_set_priority.short | 1 + .../gnutls_psk_allocate_client_credentials | 2 +- .../gnutls_psk_allocate_server_credentials | 2 +- doc/functions/gnutls_psk_free_client_credentials | 2 +- doc/functions/gnutls_psk_free_server_credentials | 2 +- doc/functions/gnutls_psk_set_client_credentials | 4 +- .../gnutls_psk_set_client_credentials_function | 2 +- doc/functions/gnutls_psk_set_params_function | 2 +- .../gnutls_psk_set_server_credentials_file | 4 +- .../gnutls_psk_set_server_credentials_function | 2 +- .../gnutls_psk_set_server_credentials_hint | 4 +- doc/functions/gnutls_psk_set_server_dh_params | 2 +- .../gnutls_psk_set_server_params_function | 2 +- doc/functions/gnutls_pubkey_deinit | 2 +- doc/functions/gnutls_pubkey_encrypt_data | 2 +- doc/functions/gnutls_pubkey_export_dsa_raw | 10 +- doc/functions/gnutls_pubkey_export_ecc_raw | 10 +- doc/functions/gnutls_pubkey_export_rsa_raw | 6 +- doc/functions/gnutls_pubkey_get_key_id | 2 +- doc/functions/gnutls_pubkey_get_key_usage | 2 +- doc/functions/gnutls_pubkey_get_pk_algorithm | 2 +- .../gnutls_pubkey_get_preferred_hash_algorithm | 2 +- doc/functions/gnutls_pubkey_get_verify_algorithm | 19 + .../gnutls_pubkey_get_verify_algorithm.short | 1 + doc/functions/gnutls_pubkey_import | 4 +- doc/functions/gnutls_pubkey_import_openpgp | 2 +- doc/functions/gnutls_pubkey_import_openpgp_raw | 2 +- doc/functions/gnutls_pubkey_import_pkcs11 | 2 +- doc/functions/gnutls_pubkey_import_pkcs11_url | 19 + .../gnutls_pubkey_import_pkcs11_url.short | 1 + doc/functions/gnutls_pubkey_import_privkey | 2 +- doc/functions/gnutls_pubkey_import_rsa_raw | 2 +- doc/functions/gnutls_pubkey_import_tpm_url | 2 +- doc/functions/gnutls_pubkey_import_url | 3 +- doc/functions/gnutls_pubkey_import_x509 | 2 +- doc/functions/gnutls_pubkey_import_x509_crq | 2 +- doc/functions/gnutls_pubkey_import_x509_raw | 2 +- doc/functions/gnutls_pubkey_init | 4 +- doc/functions/gnutls_pubkey_print | 4 +- doc/functions/gnutls_pubkey_verify_data | 24 + doc/functions/gnutls_pubkey_verify_data.short | 1 + doc/functions/gnutls_pubkey_verify_data2 | 6 +- doc/functions/gnutls_pubkey_verify_hash | 24 + doc/functions/gnutls_pubkey_verify_hash.short | 1 + doc/functions/gnutls_pubkey_verify_hash2 | 2 +- doc/functions/gnutls_pubkey_verify_params | 2 +- doc/functions/gnutls_random_art | 4 +- doc/functions/gnutls_range_split | 2 +- doc/functions/gnutls_record_can_use_length_hiding | 2 +- doc/functions/gnutls_record_check_corked | 4 +- doc/functions/gnutls_record_check_pending | 2 +- doc/functions/gnutls_record_cork | 7 +- doc/functions/gnutls_record_disable_padding | 2 +- doc/functions/gnutls_record_discard_queued | 14 - doc/functions/gnutls_record_discard_queued.short | 1 - doc/functions/gnutls_record_get_direction | 19 +- doc/functions/gnutls_record_get_discarded | 2 +- doc/functions/gnutls_record_get_max_size | 2 +- doc/functions/gnutls_record_get_state | 27 - doc/functions/gnutls_record_get_state.short | 1 - doc/functions/gnutls_record_recv | 15 +- doc/functions/gnutls_record_recv_packet | 6 +- doc/functions/gnutls_record_recv_seq | 2 +- doc/functions/gnutls_record_send | 2 +- doc/functions/gnutls_record_send_range | 2 +- doc/functions/gnutls_record_set_max_empty_records | 17 + .../gnutls_record_set_max_empty_records.short | 1 + doc/functions/gnutls_record_set_max_size | 2 +- doc/functions/gnutls_record_set_state | 19 - doc/functions/gnutls_record_set_state.short | 1 - doc/functions/gnutls_record_set_timeout | 5 +- doc/functions/gnutls_record_uncork | 4 +- doc/functions/gnutls_register_custom_url | 23 - doc/functions/gnutls_register_custom_url.short | 1 - doc/functions/gnutls_rehandshake | 6 +- doc/functions/gnutls_rnd | 4 +- doc/functions/gnutls_rnd_refresh | 2 +- doc/functions/gnutls_rnd_refresh.short | 2 +- doc/functions/gnutls_rsa_export_get_modulus_bits | 12 + .../gnutls_rsa_export_get_modulus_bits.short | 1 + doc/functions/gnutls_rsa_export_get_pubkey | 18 + doc/functions/gnutls_rsa_export_get_pubkey.short | 1 + doc/functions/gnutls_rsa_params_cpy | 14 + doc/functions/gnutls_rsa_params_cpy.short | 1 + doc/functions/gnutls_rsa_params_deinit | 9 + doc/functions/gnutls_rsa_params_deinit.short | 1 + doc/functions/gnutls_rsa_params_export_pkcs1 | 22 + doc/functions/gnutls_rsa_params_export_pkcs1.short | 1 + doc/functions/gnutls_rsa_params_export_raw | 27 + doc/functions/gnutls_rsa_params_export_raw.short | 1 + doc/functions/gnutls_rsa_params_generate2 | 20 + doc/functions/gnutls_rsa_params_generate2.short | 1 + doc/functions/gnutls_rsa_params_import_pkcs1 | 19 + doc/functions/gnutls_rsa_params_import_pkcs1.short | 1 + doc/functions/gnutls_rsa_params_import_raw | 25 + doc/functions/gnutls_rsa_params_import_raw.short | 1 + doc/functions/gnutls_rsa_params_init | 11 + doc/functions/gnutls_rsa_params_init.short | 1 + doc/functions/gnutls_safe_renegotiation_status | 2 +- doc/functions/gnutls_server_name_get | 4 +- doc/functions/gnutls_server_name_set | 9 +- doc/functions/gnutls_session_channel_binding | 2 +- .../gnutls_session_enable_compatibility_mode | 2 +- doc/functions/gnutls_session_etm_status | 12 - doc/functions/gnutls_session_etm_status.short | 1 - .../gnutls_session_ext_master_secret_status | 12 - .../gnutls_session_ext_master_secret_status.short | 1 - doc/functions/gnutls_session_force_valid | 2 +- doc/functions/gnutls_session_get_data | 5 +- doc/functions/gnutls_session_get_data2 | 6 +- doc/functions/gnutls_session_get_desc | 3 - doc/functions/gnutls_session_get_id | 6 +- doc/functions/gnutls_session_get_id2 | 2 +- doc/functions/gnutls_session_get_ptr | 2 +- doc/functions/gnutls_session_get_random | 2 +- .../gnutls_session_get_verify_cert_status | 18 - .../gnutls_session_get_verify_cert_status.short | 1 - doc/functions/gnutls_session_is_resumed | 2 +- doc/functions/gnutls_session_resumption_requested | 2 +- doc/functions/gnutls_session_set_data | 2 +- doc/functions/gnutls_session_set_id | 2 +- doc/functions/gnutls_session_set_premaster | 2 +- doc/functions/gnutls_session_set_ptr | 2 +- doc/functions/gnutls_session_set_verify_cert | 27 - doc/functions/gnutls_session_set_verify_cert.short | 1 - doc/functions/gnutls_session_set_verify_cert2 | 24 - .../gnutls_session_set_verify_cert2.short | 1 - doc/functions/gnutls_session_set_verify_function | 28 - .../gnutls_session_set_verify_function.short | 1 - doc/functions/gnutls_session_ticket_enable_client | 2 +- doc/functions/gnutls_session_ticket_enable_server | 5 +- doc/functions/gnutls_set_default_export_priority | 22 + .../gnutls_set_default_export_priority.short | 1 + doc/functions/gnutls_set_default_priority | 16 +- doc/functions/gnutls_sign_algorithm_get | 2 +- doc/functions/gnutls_sign_algorithm_get_client | 2 +- doc/functions/gnutls_sign_algorithm_get_requested | 2 +- doc/functions/gnutls_sign_callback_get | 16 + doc/functions/gnutls_sign_callback_get.short | 1 + doc/functions/gnutls_sign_callback_set | 26 + doc/functions/gnutls_sign_callback_set.short | 1 + doc/functions/gnutls_sign_get_oid | 14 - doc/functions/gnutls_sign_get_oid.short | 1 - .../gnutls_srp_allocate_client_credentials | 2 +- .../gnutls_srp_allocate_server_credentials | 2 +- doc/functions/gnutls_srp_base64_decode2.short | 1 - ...se64_decode2 => gnutls_srp_base64_decode_alloc} | 2 +- doc/functions/gnutls_srp_base64_decode_alloc.short | 1 + doc/functions/gnutls_srp_base64_encode2.short | 1 - ...se64_encode2 => gnutls_srp_base64_encode_alloc} | 2 +- doc/functions/gnutls_srp_base64_encode_alloc.short | 1 + doc/functions/gnutls_srp_free_client_credentials | 2 +- doc/functions/gnutls_srp_free_server_credentials | 2 +- doc/functions/gnutls_srp_set_client_credentials | 4 +- .../gnutls_srp_set_client_credentials_function | 2 +- doc/functions/gnutls_srp_set_prime_bits | 2 +- .../gnutls_srp_set_server_credentials_file | 4 +- .../gnutls_srp_set_server_credentials_function | 11 +- doc/functions/gnutls_srp_set_server_fake_salt_seed | 2 +- doc/functions/gnutls_srtp_get_keys | 2 +- doc/functions/gnutls_srtp_get_mki | 2 +- doc/functions/gnutls_srtp_get_selected_profile | 2 +- doc/functions/gnutls_srtp_set_mki | 2 +- doc/functions/gnutls_srtp_set_profile | 2 +- doc/functions/gnutls_srtp_set_profile_direct | 4 +- doc/functions/gnutls_subject_alt_names_deinit | 2 +- doc/functions/gnutls_subject_alt_names_get | 4 +- doc/functions/gnutls_subject_alt_names_init | 2 +- doc/functions/gnutls_subject_alt_names_set | 4 +- doc/functions/gnutls_supplemental_recv | 15 - doc/functions/gnutls_supplemental_recv.short | 1 - doc/functions/gnutls_supplemental_register | 26 - doc/functions/gnutls_supplemental_register.short | 1 - doc/functions/gnutls_supplemental_send | 14 - doc/functions/gnutls_supplemental_send.short | 1 - doc/functions/gnutls_system_key_add_x509 | 23 - doc/functions/gnutls_system_key_add_x509.short | 1 - doc/functions/gnutls_system_key_delete | 16 - doc/functions/gnutls_system_key_delete.short | 1 - doc/functions/gnutls_system_key_iter_deinit | 11 - doc/functions/gnutls_system_key_iter_deinit.short | 1 - doc/functions/gnutls_system_key_iter_get_info | 33 - .../gnutls_system_key_iter_get_info.short | 1 - doc/functions/gnutls_system_recv_timeout | 20 - doc/functions/gnutls_system_recv_timeout.short | 1 - doc/functions/gnutls_tdb_init | 2 +- doc/functions/gnutls_tdb_set_store_commitment_func | 4 +- doc/functions/gnutls_tdb_set_store_func | 4 +- doc/functions/gnutls_tdb_set_verify_func | 7 +- doc/functions/gnutls_transport_get_int | 2 +- doc/functions/gnutls_transport_get_int2 | 2 +- doc/functions/gnutls_transport_get_ptr | 2 +- doc/functions/gnutls_transport_get_ptr2 | 2 +- doc/functions/gnutls_transport_set_errno | 4 +- doc/functions/gnutls_transport_set_errno_function | 2 +- doc/functions/gnutls_transport_set_int | 2 +- doc/functions/gnutls_transport_set_int2 | 2 +- doc/functions/gnutls_transport_set_ptr | 2 +- doc/functions/gnutls_transport_set_ptr2 | 2 +- doc/functions/gnutls_transport_set_pull_function | 2 +- .../gnutls_transport_set_pull_timeout_function | 12 +- doc/functions/gnutls_transport_set_push_function | 2 +- .../gnutls_transport_set_vec_push_function | 2 +- doc/functions/gnutls_x509_aia_deinit | 4 +- doc/functions/gnutls_x509_aia_get | 4 +- doc/functions/gnutls_x509_aia_init | 4 +- doc/functions/gnutls_x509_aia_set | 4 +- doc/functions/gnutls_x509_aki_deinit | 4 +- doc/functions/gnutls_x509_aki_get_cert_issuer | 13 +- doc/functions/gnutls_x509_aki_get_id | 4 +- doc/functions/gnutls_x509_aki_init | 4 +- doc/functions/gnutls_x509_aki_set_cert_issuer | 4 +- doc/functions/gnutls_x509_aki_set_id | 4 +- doc/functions/gnutls_x509_crl_deinit | 2 +- doc/functions/gnutls_x509_crl_dist_points_deinit | 4 +- doc/functions/gnutls_x509_crl_dist_points_get | 4 +- doc/functions/gnutls_x509_crl_dist_points_init | 4 +- doc/functions/gnutls_x509_crl_dist_points_set | 6 +- doc/functions/gnutls_x509_crl_export | 2 +- doc/functions/gnutls_x509_crl_export2 | 2 +- .../gnutls_x509_crl_get_authority_key_gn_serial | 2 +- doc/functions/gnutls_x509_crl_get_authority_key_id | 2 +- doc/functions/gnutls_x509_crl_get_crt_count | 2 +- doc/functions/gnutls_x509_crl_get_crt_serial | 4 +- doc/functions/gnutls_x509_crl_get_dn_oid | 4 +- doc/functions/gnutls_x509_crl_get_extension_data | 2 +- doc/functions/gnutls_x509_crl_get_extension_data2 | 2 +- doc/functions/gnutls_x509_crl_get_extension_info | 4 +- doc/functions/gnutls_x509_crl_get_extension_oid | 4 +- doc/functions/gnutls_x509_crl_get_issuer_dn | 2 +- doc/functions/gnutls_x509_crl_get_issuer_dn2 | 4 +- doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid | 2 +- doc/functions/gnutls_x509_crl_get_next_update | 2 +- doc/functions/gnutls_x509_crl_get_number | 2 +- doc/functions/gnutls_x509_crl_get_raw_issuer_dn | 2 +- doc/functions/gnutls_x509_crl_get_signature | 4 +- .../gnutls_x509_crl_get_signature_algorithm | 2 +- doc/functions/gnutls_x509_crl_get_this_update | 2 +- doc/functions/gnutls_x509_crl_get_version | 2 +- doc/functions/gnutls_x509_crl_import | 2 +- doc/functions/gnutls_x509_crl_init | 2 +- doc/functions/gnutls_x509_crl_iter_crt_serial | 4 +- doc/functions/gnutls_x509_crl_iter_deinit | 4 +- doc/functions/gnutls_x509_crl_list_import | 2 +- doc/functions/gnutls_x509_crl_list_import2 | 2 +- doc/functions/gnutls_x509_crl_print | 4 +- doc/functions/gnutls_x509_crl_privkey_sign | 2 +- doc/functions/gnutls_x509_crl_set_crt | 2 +- doc/functions/gnutls_x509_crl_set_crt_serial | 2 +- doc/functions/gnutls_x509_crl_set_next_update | 2 +- doc/functions/gnutls_x509_crl_set_this_update | 2 +- doc/functions/gnutls_x509_crl_set_version | 2 +- doc/functions/gnutls_x509_crl_sign | 2 +- doc/functions/gnutls_x509_crl_sign2 | 2 +- doc/functions/gnutls_x509_crq_deinit | 2 +- doc/functions/gnutls_x509_crq_export | 2 +- doc/functions/gnutls_x509_crq_export2 | 2 +- doc/functions/gnutls_x509_crq_get_attribute_by_oid | 2 +- doc/functions/gnutls_x509_crq_get_attribute_data | 2 +- doc/functions/gnutls_x509_crq_get_attribute_info | 2 +- .../gnutls_x509_crq_get_basic_constraints | 2 +- .../gnutls_x509_crq_get_challenge_password | 2 +- doc/functions/gnutls_x509_crq_get_dn | 2 +- doc/functions/gnutls_x509_crq_get_dn2 | 2 +- doc/functions/gnutls_x509_crq_get_dn_by_oid | 2 +- doc/functions/gnutls_x509_crq_get_dn_oid | 2 +- doc/functions/gnutls_x509_crq_get_extension_by_oid | 2 +- .../gnutls_x509_crq_get_extension_by_oid2 | 27 - .../gnutls_x509_crq_get_extension_by_oid2.short | 1 - doc/functions/gnutls_x509_crq_get_extension_data | 2 +- doc/functions/gnutls_x509_crq_get_extension_data2 | 2 +- doc/functions/gnutls_x509_crq_get_extension_info | 4 +- doc/functions/gnutls_x509_crq_get_key_id | 2 +- doc/functions/gnutls_x509_crq_get_key_purpose_oid | 4 +- doc/functions/gnutls_x509_crq_get_key_usage | 2 +- doc/functions/gnutls_x509_crq_get_pk_algorithm | 2 +- .../gnutls_x509_crq_get_private_key_usage_period | 2 +- .../gnutls_x509_crq_get_signature_algorithm | 16 - .../gnutls_x509_crq_get_signature_algorithm.short | 1 - doc/functions/gnutls_x509_crq_get_subject_alt_name | 2 +- .../gnutls_x509_crq_get_subject_alt_othername_oid | 2 +- doc/functions/gnutls_x509_crq_get_version | 2 +- doc/functions/gnutls_x509_crq_import | 4 +- doc/functions/gnutls_x509_crq_init | 2 +- doc/functions/gnutls_x509_crq_print | 4 +- doc/functions/gnutls_x509_crq_privkey_sign | 2 +- doc/functions/gnutls_x509_crq_set_attribute_by_oid | 2 +- .../gnutls_x509_crq_set_challenge_password | 2 +- doc/functions/gnutls_x509_crq_set_dn_by_oid | 2 +- doc/functions/gnutls_x509_crq_set_key | 2 +- doc/functions/gnutls_x509_crq_set_key_purpose_oid | 2 +- doc/functions/gnutls_x509_crq_set_key_rsa_raw | 2 +- doc/functions/gnutls_x509_crq_set_pubkey | 4 +- doc/functions/gnutls_x509_crq_set_version | 2 +- doc/functions/gnutls_x509_crq_sign | 2 +- doc/functions/gnutls_x509_crq_sign2 | 2 +- doc/functions/gnutls_x509_crt_check_email | 16 - doc/functions/gnutls_x509_crt_check_email.short | 1 - doc/functions/gnutls_x509_crt_check_hostname | 10 +- doc/functions/gnutls_x509_crt_check_hostname2 | 12 +- doc/functions/gnutls_x509_crt_check_issuer | 3 - doc/functions/gnutls_x509_crt_check_revocation | 4 +- doc/functions/gnutls_x509_crt_deinit | 2 +- doc/functions/gnutls_x509_crt_get_activation_time | 2 +- .../gnutls_x509_crt_get_authority_info_access | 9 +- .../gnutls_x509_crt_get_authority_key_gn_serial | 2 +- doc/functions/gnutls_x509_crt_get_authority_key_id | 2 +- .../gnutls_x509_crt_get_basic_constraints | 2 +- doc/functions/gnutls_x509_crt_get_ca_status | 10 +- doc/functions/gnutls_x509_crt_get_crl_dist_points | 2 +- doc/functions/gnutls_x509_crt_get_dn | 2 +- doc/functions/gnutls_x509_crt_get_dn2 | 4 +- doc/functions/gnutls_x509_crt_get_dn_by_oid | 2 +- doc/functions/gnutls_x509_crt_get_dn_oid | 2 +- doc/functions/gnutls_x509_crt_get_expiration_time | 2 +- doc/functions/gnutls_x509_crt_get_extension_by_oid | 2 +- .../gnutls_x509_crt_get_extension_by_oid2 | 26 - .../gnutls_x509_crt_get_extension_by_oid2.short | 1 - doc/functions/gnutls_x509_crt_get_extension_data | 2 +- doc/functions/gnutls_x509_crt_get_extension_data2 | 2 +- doc/functions/gnutls_x509_crt_get_extension_info | 2 +- doc/functions/gnutls_x509_crt_get_extension_oid | 2 +- doc/functions/gnutls_x509_crt_get_fingerprint | 2 +- doc/functions/gnutls_x509_crt_get_issuer | 2 +- doc/functions/gnutls_x509_crt_get_issuer_alt_name | 2 +- doc/functions/gnutls_x509_crt_get_issuer_alt_name2 | 2 +- .../gnutls_x509_crt_get_issuer_alt_othername_oid | 2 +- doc/functions/gnutls_x509_crt_get_issuer_dn | 2 +- doc/functions/gnutls_x509_crt_get_issuer_dn2 | 4 +- doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid | 2 +- doc/functions/gnutls_x509_crt_get_issuer_dn_oid | 2 +- doc/functions/gnutls_x509_crt_get_issuer_unique_id | 5 - doc/functions/gnutls_x509_crt_get_key_id | 2 +- doc/functions/gnutls_x509_crt_get_key_purpose_oid | 2 +- doc/functions/gnutls_x509_crt_get_key_usage | 2 +- doc/functions/gnutls_x509_crt_get_name_constraints | 6 +- doc/functions/gnutls_x509_crt_get_pk_algorithm | 2 +- doc/functions/gnutls_x509_crt_get_pk_ecc_raw | 21 - doc/functions/gnutls_x509_crt_get_pk_ecc_raw.short | 1 - doc/functions/gnutls_x509_crt_get_policy | 2 +- .../gnutls_x509_crt_get_preferred_hash_algorithm | 2 +- .../gnutls_x509_crt_get_private_key_usage_period | 2 +- doc/functions/gnutls_x509_crt_get_proxy | 2 +- doc/functions/gnutls_x509_crt_get_raw_dn | 2 +- doc/functions/gnutls_x509_crt_get_raw_issuer_dn | 2 +- doc/functions/gnutls_x509_crt_get_serial | 2 +- doc/functions/gnutls_x509_crt_get_signature | 4 +- .../gnutls_x509_crt_get_signature_algorithm | 2 +- doc/functions/gnutls_x509_crt_get_subject | 2 +- doc/functions/gnutls_x509_crt_get_subject_alt_name | 2 +- .../gnutls_x509_crt_get_subject_alt_name2 | 2 +- .../gnutls_x509_crt_get_subject_alt_othername_oid | 2 +- doc/functions/gnutls_x509_crt_get_subject_key_id | 2 +- .../gnutls_x509_crt_get_subject_unique_id | 5 - doc/functions/gnutls_x509_crt_get_verify_algorithm | 21 + .../gnutls_x509_crt_get_verify_algorithm.short | 1 + doc/functions/gnutls_x509_crt_get_version | 2 +- doc/functions/gnutls_x509_crt_import | 2 +- doc/functions/gnutls_x509_crt_import_pkcs11_url | 20 + .../gnutls_x509_crt_import_pkcs11_url.short | 1 + doc/functions/gnutls_x509_crt_import_url | 25 - doc/functions/gnutls_x509_crt_import_url.short | 1 - doc/functions/gnutls_x509_crt_init | 2 +- doc/functions/gnutls_x509_crt_list_import | 2 +- doc/functions/gnutls_x509_crt_list_import2 | 2 +- doc/functions/gnutls_x509_crt_list_import_pkcs11 | 2 +- doc/functions/gnutls_x509_crt_list_verify | 9 +- doc/functions/gnutls_x509_crt_print | 4 +- doc/functions/gnutls_x509_crt_set_crq | 3 - doc/functions/gnutls_x509_crt_set_issuer_unique_id | 18 - .../gnutls_x509_crt_set_issuer_unique_id.short | 1 - doc/functions/gnutls_x509_crt_set_key | 6 +- doc/functions/gnutls_x509_crt_set_name_constraints | 2 +- doc/functions/gnutls_x509_crt_set_pin_function | 2 +- doc/functions/gnutls_x509_crt_set_policy | 4 +- doc/functions/gnutls_x509_crt_set_proxy_dn | 2 +- doc/functions/gnutls_x509_crt_set_pubkey | 4 +- .../gnutls_x509_crt_set_subject_unique_id | 18 - .../gnutls_x509_crt_set_subject_unique_id.short | 1 - doc/functions/gnutls_x509_crt_verify | 3 - doc/functions/gnutls_x509_crt_verify_data | 22 + doc/functions/gnutls_x509_crt_verify_data.short | 1 + doc/functions/gnutls_x509_crt_verify_data2 | 23 - doc/functions/gnutls_x509_crt_verify_data2.short | 1 - doc/functions/gnutls_x509_crt_verify_hash | 22 + doc/functions/gnutls_x509_crt_verify_hash.short | 1 + doc/functions/gnutls_x509_dn_get_str | 19 - doc/functions/gnutls_x509_dn_get_str.short | 1 - doc/functions/gnutls_x509_dn_import | 2 +- doc/functions/gnutls_x509_dn_init | 2 +- doc/functions/gnutls_x509_ext_deinit | 11 - doc/functions/gnutls_x509_ext_deinit.short | 1 - doc/functions/gnutls_x509_ext_export_aia | 2 +- .../gnutls_x509_ext_export_authority_key_id | 2 +- .../gnutls_x509_ext_export_crl_dist_points | 2 +- doc/functions/gnutls_x509_ext_export_key_purposes | 4 +- .../gnutls_x509_ext_export_name_constraints | 4 +- doc/functions/gnutls_x509_ext_export_policies | 2 +- .../gnutls_x509_ext_export_subject_alt_names | 2 +- doc/functions/gnutls_x509_ext_import_aia | 2 +- .../gnutls_x509_ext_import_authority_key_id | 2 +- .../gnutls_x509_ext_import_crl_dist_points | 4 +- doc/functions/gnutls_x509_ext_import_key_purposes | 6 +- .../gnutls_x509_ext_import_name_constraints | 11 +- doc/functions/gnutls_x509_ext_import_policies | 4 +- doc/functions/gnutls_x509_ext_import_proxy | 1 - .../gnutls_x509_ext_import_subject_alt_names | 5 +- doc/functions/gnutls_x509_ext_print | 21 - doc/functions/gnutls_x509_ext_print.short | 1 - doc/functions/gnutls_x509_key_purpose_deinit | 4 +- doc/functions/gnutls_x509_key_purpose_get | 4 +- doc/functions/gnutls_x509_key_purpose_init | 4 +- doc/functions/gnutls_x509_key_purpose_set | 4 +- .../gnutls_x509_name_constraints_add_excluded | 2 +- .../gnutls_x509_name_constraints_add_permitted | 2 +- doc/functions/gnutls_x509_name_constraints_check | 2 +- .../gnutls_x509_name_constraints_check_crt | 2 +- doc/functions/gnutls_x509_name_constraints_deinit | 4 +- .../gnutls_x509_name_constraints_get_excluded | 4 +- .../gnutls_x509_name_constraints_get_permitted | 4 +- doc/functions/gnutls_x509_name_constraints_init | 4 +- doc/functions/gnutls_x509_othername_to_virtual | 20 - .../gnutls_x509_othername_to_virtual.short | 1 - doc/functions/gnutls_x509_policies_deinit | 4 +- doc/functions/gnutls_x509_policies_get | 4 +- doc/functions/gnutls_x509_policies_init | 4 +- doc/functions/gnutls_x509_policies_set | 4 +- doc/functions/gnutls_x509_privkey_deinit | 2 +- doc/functions/gnutls_x509_privkey_export_dsa_raw | 2 +- doc/functions/gnutls_x509_privkey_export_ecc_raw | 2 +- doc/functions/gnutls_x509_privkey_export_rsa_raw | 2 +- doc/functions/gnutls_x509_privkey_export_rsa_raw2 | 2 +- doc/functions/gnutls_x509_privkey_fix | 2 +- doc/functions/gnutls_x509_privkey_generate | 2 +- doc/functions/gnutls_x509_privkey_get_key_id | 4 +- doc/functions/gnutls_x509_privkey_get_pk_algorithm | 2 +- .../gnutls_x509_privkey_get_pk_algorithm2 | 2 +- doc/functions/gnutls_x509_privkey_import | 2 +- doc/functions/gnutls_x509_privkey_import2 | 5 +- doc/functions/gnutls_x509_privkey_import_dsa_raw | 2 +- doc/functions/gnutls_x509_privkey_import_ecc_raw | 2 +- doc/functions/gnutls_x509_privkey_import_openssl | 2 +- doc/functions/gnutls_x509_privkey_import_pkcs8 | 2 +- doc/functions/gnutls_x509_privkey_import_rsa_raw | 2 +- doc/functions/gnutls_x509_privkey_import_rsa_raw2 | 2 +- doc/functions/gnutls_x509_privkey_init | 4 +- doc/functions/gnutls_x509_privkey_sec_param | 2 +- doc/functions/gnutls_x509_privkey_set_pin_function | 19 - .../gnutls_x509_privkey_set_pin_function.short | 1 - doc/functions/gnutls_x509_privkey_sign_data | 4 +- doc/functions/gnutls_x509_privkey_sign_hash | 2 +- doc/functions/gnutls_x509_privkey_verify_params | 2 +- doc/functions/gnutls_x509_trust_list_add_cas | 2 +- doc/functions/gnutls_x509_trust_list_add_crls | 7 +- doc/functions/gnutls_x509_trust_list_add_named_crt | 6 +- .../gnutls_x509_trust_list_add_system_trust | 4 +- doc/functions/gnutls_x509_trust_list_add_trust_dir | 25 - .../gnutls_x509_trust_list_add_trust_dir.short | 1 - .../gnutls_x509_trust_list_add_trust_file | 9 +- doc/functions/gnutls_x509_trust_list_add_trust_mem | 2 +- doc/functions/gnutls_x509_trust_list_deinit | 2 +- doc/functions/gnutls_x509_trust_list_get_issuer | 11 +- .../gnutls_x509_trust_list_get_issuer_by_dn | 21 - .../gnutls_x509_trust_list_get_issuer_by_dn.short | 1 - ...ls_x509_trust_list_get_issuer_by_subject_key_id | 23 - ...9_trust_list_get_issuer_by_subject_key_id.short | 1 - doc/functions/gnutls_x509_trust_list_init | 2 +- doc/functions/gnutls_x509_trust_list_iter_deinit | 11 - .../gnutls_x509_trust_list_iter_deinit.short | 1 - doc/functions/gnutls_x509_trust_list_iter_get_ca | 26 - .../gnutls_x509_trust_list_iter_get_ca.short | 1 - doc/functions/gnutls_x509_trust_list_remove_cas | 2 +- .../gnutls_x509_trust_list_remove_trust_file | 2 +- .../gnutls_x509_trust_list_remove_trust_mem | 2 +- doc/functions/gnutls_x509_trust_list_verify_crt | 9 +- doc/functions/gnutls_x509_trust_list_verify_crt2 | 53 - .../gnutls_x509_trust_list_verify_crt2.short | 1 - .../gnutls_x509_trust_list_verify_named_crt | 9 +- doc/gnutls-api.texi | 1486 +-- doc/gnutls-guile.html | 170 +- doc/gnutls-guile.info | 329 +- doc/gnutls-guile.pdf | Bin 235794 -> 235655 bytes doc/gnutls-guile.texi | 36 +- doc/gnutls.html | 10272 ++++++----------- doc/gnutls.info | 2996 +++-- doc/gnutls.info-1 | 3007 +++-- doc/gnutls.info-2 | Bin 304489 -> 505900 bytes doc/gnutls.info-3 | 11063 ++++++++----------- doc/gnutls.info-4 | 10253 ++++++----------- doc/gnutls.info-5 | 9197 ++++----------- doc/gnutls.info-6 | Bin 19381 -> 0 bytes doc/gnutls.pdf | Bin 2025041 -> 1842954 bytes doc/gnutls.texi | 4 +- doc/invoke-certtool.texi | 291 +- doc/invoke-danetool.texi | 132 +- doc/invoke-gnutls-cli-debug.texi | 108 +- doc/invoke-gnutls-cli.texi | 162 +- doc/invoke-gnutls-serv.texi | 13 +- doc/invoke-ocsptool.texi | 3 +- doc/invoke-p11tool.texi | 418 +- doc/invoke-psktool.texi | 2 +- doc/invoke-srptool.texi | 2 +- doc/invoke-tpmtool.texi | 77 +- doc/latex/Makefile.in | 39 +- doc/manpages/Makefile.am | 245 +- doc/manpages/Makefile.in | 406 +- doc/manpages/certtool.1 | 372 +- doc/manpages/danetool.1 | 165 +- doc/manpages/gnutls-cli-debug.1 | 169 +- doc/manpages/gnutls-cli.1 | 220 +- doc/manpages/gnutls-serv.1 | 143 +- doc/manpages/gnutls_aead_cipher_decrypt.3 | 58 - doc/manpages/gnutls_aead_cipher_deinit.3 | 36 - doc/manpages/gnutls_aead_cipher_encrypt.3 | 58 - doc/manpages/gnutls_aead_cipher_init.3 | 44 - doc/manpages/gnutls_alert_get.3 | 6 +- doc/manpages/gnutls_alert_get_name.3 | 4 +- doc/manpages/gnutls_alert_get_strname.3 | 4 +- doc/manpages/gnutls_alert_send.3 | 6 +- doc/manpages/gnutls_alert_send_appropriate.3 | 6 +- doc/manpages/gnutls_alpn_get_selected_protocol.3 | 11 +- doc/manpages/gnutls_alpn_set_protocols.3 | 10 +- .../gnutls_anon_allocate_client_credentials.3 | 6 +- .../gnutls_anon_allocate_server_credentials.3 | 6 +- doc/manpages/gnutls_anon_free_client_credentials.3 | 6 +- doc/manpages/gnutls_anon_free_server_credentials.3 | 6 +- doc/manpages/gnutls_anon_set_params_function.3 | 6 +- doc/manpages/gnutls_anon_set_server_dh_params.3 | 8 +- .../gnutls_anon_set_server_params_function.3 | 6 +- doc/manpages/gnutls_auth_client_get_type.3 | 6 +- doc/manpages/gnutls_auth_get_type.3 | 6 +- doc/manpages/gnutls_auth_server_get_type.3 | 6 +- doc/manpages/gnutls_buffer_append_data.3 | 41 - doc/manpages/gnutls_bye.3 | 6 +- .../gnutls_certificate_activation_time_peers.3 | 4 +- .../gnutls_certificate_allocate_credentials.3 | 6 +- .../gnutls_certificate_client_get_request_status.3 | 4 +- ...utls_certificate_client_set_retrieve_function.3 | 62 + .../gnutls_certificate_expiration_time_peers.3 | 4 +- doc/manpages/gnutls_certificate_free_ca_names.3 | 6 +- doc/manpages/gnutls_certificate_free_cas.3 | 6 +- doc/manpages/gnutls_certificate_free_credentials.3 | 6 +- doc/manpages/gnutls_certificate_free_crls.3 | 6 +- doc/manpages/gnutls_certificate_free_keys.3 | 6 +- doc/manpages/gnutls_certificate_get_crt_raw.3 | 6 +- doc/manpages/gnutls_certificate_get_issuer.3 | 11 +- doc/manpages/gnutls_certificate_get_openpgp_crt.3 | 56 - doc/manpages/gnutls_certificate_get_openpgp_key.3 | 52 - doc/manpages/gnutls_certificate_get_ours.3 | 4 +- doc/manpages/gnutls_certificate_get_peers.3 | 6 +- .../gnutls_certificate_get_peers_subkey_id.3 | 4 +- doc/manpages/gnutls_certificate_get_trust_list.3 | 40 - doc/manpages/gnutls_certificate_get_verify_flags.3 | 38 - doc/manpages/gnutls_certificate_get_x509_crt.3 | 56 - doc/manpages/gnutls_certificate_get_x509_key.3 | 51 - .../gnutls_certificate_send_x509_rdn_sequence.3 | 6 +- .../gnutls_certificate_server_set_request.3 | 6 +- ...utls_certificate_server_set_retrieve_function.3 | 50 + doc/manpages/gnutls_certificate_set_dh_params.3 | 8 +- doc/manpages/gnutls_certificate_set_flags.3 | 39 - doc/manpages/gnutls_certificate_set_key.3 | 13 +- ...utls_certificate_set_ocsp_status_request_file.3 | 4 +- ..._certificate_set_ocsp_status_request_function.3 | 6 +- doc/manpages/gnutls_certificate_set_openpgp_key.3 | 8 +- .../gnutls_certificate_set_openpgp_key_file.3 | 6 +- .../gnutls_certificate_set_openpgp_key_file2.3 | 6 +- .../gnutls_certificate_set_openpgp_key_mem.3 | 6 +- .../gnutls_certificate_set_openpgp_key_mem2.3 | 6 +- .../gnutls_certificate_set_openpgp_keyring_file.3 | 4 +- .../gnutls_certificate_set_openpgp_keyring_mem.3 | 4 +- .../gnutls_certificate_set_params_function.3 | 6 +- doc/manpages/gnutls_certificate_set_pin_function.3 | 6 +- .../gnutls_certificate_set_retrieve_function.3 | 19 +- .../gnutls_certificate_set_retrieve_function2.3 | 23 +- .../gnutls_certificate_set_rsa_export_params.3 | 37 + doc/manpages/gnutls_certificate_set_trust_list.3 | 10 +- doc/manpages/gnutls_certificate_set_verify_flags.3 | 6 +- .../gnutls_certificate_set_verify_function.3 | 6 +- .../gnutls_certificate_set_verify_limits.3 | 6 +- doc/manpages/gnutls_certificate_set_x509_crl.3 | 6 +- .../gnutls_certificate_set_x509_crl_file.3 | 6 +- doc/manpages/gnutls_certificate_set_x509_crl_mem.3 | 6 +- doc/manpages/gnutls_certificate_set_x509_key.3 | 11 +- .../gnutls_certificate_set_x509_key_file.3 | 17 +- .../gnutls_certificate_set_x509_key_file2.3 | 17 +- doc/manpages/gnutls_certificate_set_x509_key_mem.3 | 8 +- .../gnutls_certificate_set_x509_key_mem2.3 | 8 +- ...nutls_certificate_set_x509_simple_pkcs12_file.3 | 8 +- ...gnutls_certificate_set_x509_simple_pkcs12_mem.3 | 8 +- .../gnutls_certificate_set_x509_system_trust.3 | 6 +- doc/manpages/gnutls_certificate_set_x509_trust.3 | 6 +- .../gnutls_certificate_set_x509_trust_dir.3 | 44 - .../gnutls_certificate_set_x509_trust_file.3 | 9 +- .../gnutls_certificate_set_x509_trust_mem.3 | 6 +- doc/manpages/gnutls_certificate_type_get.3 | 6 +- doc/manpages/gnutls_certificate_type_get_id.3 | 4 +- doc/manpages/gnutls_certificate_type_get_name.3 | 4 +- doc/manpages/gnutls_certificate_type_list.3 | 4 +- .../gnutls_certificate_type_set_priority.3 | 42 + .../gnutls_certificate_verification_status_print.3 | 4 +- doc/manpages/gnutls_certificate_verify_peers.3 | 21 +- doc/manpages/gnutls_certificate_verify_peers2.3 | 8 +- doc/manpages/gnutls_certificate_verify_peers3.3 | 8 +- doc/manpages/gnutls_check_version.3 | 4 +- doc/manpages/gnutls_cipher_add_auth.3 | 14 +- doc/manpages/gnutls_cipher_decrypt.3 | 16 +- doc/manpages/gnutls_cipher_decrypt2.3 | 26 +- doc/manpages/gnutls_cipher_deinit.3 | 6 +- doc/manpages/gnutls_cipher_encrypt.3 | 14 +- doc/manpages/gnutls_cipher_encrypt2.3 | 24 +- doc/manpages/gnutls_cipher_get.3 | 6 +- doc/manpages/gnutls_cipher_get_block_size.3 | 4 +- doc/manpages/gnutls_cipher_get_id.3 | 4 +- doc/manpages/gnutls_cipher_get_iv_size.3 | 4 +- doc/manpages/gnutls_cipher_get_key_size.3 | 4 +- doc/manpages/gnutls_cipher_get_name.3 | 4 +- doc/manpages/gnutls_cipher_get_tag_size.3 | 4 +- doc/manpages/gnutls_cipher_init.3 | 14 +- doc/manpages/gnutls_cipher_list.3 | 4 +- doc/manpages/gnutls_cipher_set_iv.3 | 8 +- doc/manpages/gnutls_cipher_set_priority.3 | 41 + doc/manpages/gnutls_cipher_suite_get_name.3 | 4 +- doc/manpages/gnutls_cipher_suite_info.3 | 4 +- doc/manpages/gnutls_cipher_tag.3 | 8 +- doc/manpages/gnutls_compression_get.3 | 6 +- doc/manpages/gnutls_compression_get_id.3 | 4 +- doc/manpages/gnutls_compression_get_name.3 | 4 +- doc/manpages/gnutls_compression_list.3 | 4 +- doc/manpages/gnutls_compression_set_priority.3 | 46 + doc/manpages/gnutls_credentials_clear.3 | 6 +- doc/manpages/gnutls_credentials_get.3 | 10 +- doc/manpages/gnutls_credentials_set.3 | 10 +- doc/manpages/gnutls_crypto_register_aead_cipher.3 | 59 - doc/manpages/gnutls_crypto_register_cipher.3 | 62 - doc/manpages/gnutls_crypto_register_digest.3 | 53 - doc/manpages/gnutls_crypto_register_mac.3 | 57 - doc/manpages/gnutls_db_check_entry.3 | 6 +- doc/manpages/gnutls_db_check_entry_time.3 | 6 +- .../gnutls_db_get_default_cache_expiration.3 | 4 +- doc/manpages/gnutls_db_get_ptr.3 | 6 +- doc/manpages/gnutls_db_remove_session.3 | 6 +- doc/manpages/gnutls_db_set_cache_expiration.3 | 6 +- doc/manpages/gnutls_db_set_ptr.3 | 6 +- doc/manpages/gnutls_db_set_remove_function.3 | 6 +- doc/manpages/gnutls_db_set_retrieve_function.3 | 6 +- doc/manpages/gnutls_db_set_store_function.3 | 6 +- doc/manpages/gnutls_deinit.3 | 6 +- doc/manpages/gnutls_dh_get_group.3 | 7 +- doc/manpages/gnutls_dh_get_peers_public_bits.3 | 4 +- doc/manpages/gnutls_dh_get_prime_bits.3 | 4 +- doc/manpages/gnutls_dh_get_pubkey.3 | 7 +- doc/manpages/gnutls_dh_get_secret_bits.3 | 4 +- doc/manpages/gnutls_dh_params_cpy.3 | 8 +- doc/manpages/gnutls_dh_params_deinit.3 | 8 +- doc/manpages/gnutls_dh_params_export2_pkcs3.3 | 4 +- doc/manpages/gnutls_dh_params_export_pkcs3.3 | 4 +- doc/manpages/gnutls_dh_params_export_raw.3 | 4 +- doc/manpages/gnutls_dh_params_generate2.3 | 6 +- doc/manpages/gnutls_dh_params_import_pkcs3.3 | 6 +- doc/manpages/gnutls_dh_params_import_raw.3 | 6 +- doc/manpages/gnutls_dh_params_import_raw2.3 | 44 - doc/manpages/gnutls_dh_params_init.3 | 8 +- doc/manpages/gnutls_dh_set_prime_bits.3 | 10 +- doc/manpages/gnutls_digest_get_id.3 | 6 +- doc/manpages/gnutls_digest_get_name.3 | 4 +- doc/manpages/gnutls_digest_get_oid.3 | 38 - doc/manpages/gnutls_digest_list.3 | 4 +- doc/manpages/gnutls_dtls_cookie_send.3 | 4 +- doc/manpages/gnutls_dtls_cookie_verify.3 | 4 +- doc/manpages/gnutls_dtls_get_data_mtu.3 | 6 +- doc/manpages/gnutls_dtls_get_mtu.3 | 6 +- doc/manpages/gnutls_dtls_get_timeout.3 | 6 +- doc/manpages/gnutls_dtls_prestate_set.3 | 4 +- doc/manpages/gnutls_dtls_set_data_mtu.3 | 6 +- doc/manpages/gnutls_dtls_set_mtu.3 | 8 +- doc/manpages/gnutls_dtls_set_timeouts.3 | 11 +- doc/manpages/gnutls_ecc_curve_get.3 | 6 +- doc/manpages/gnutls_ecc_curve_get_id.3 | 38 - doc/manpages/gnutls_ecc_curve_get_name.3 | 4 +- doc/manpages/gnutls_ecc_curve_get_size.3 | 4 +- doc/manpages/gnutls_ecc_curve_list.3 | 4 +- doc/manpages/gnutls_error_is_fatal.3 | 7 +- doc/manpages/gnutls_error_to_alert.3 | 4 +- doc/manpages/gnutls_est_record_overhead_size.3 | 4 +- doc/manpages/gnutls_ext_get_data.3 | 41 - doc/manpages/gnutls_ext_register.3 | 59 - doc/manpages/gnutls_ext_set_data.3 | 41 - doc/manpages/gnutls_fingerprint.3 | 4 +- doc/manpages/gnutls_fips140_mode_enabled.3 | 4 +- doc/manpages/gnutls_global_deinit.3 | 4 +- doc/manpages/gnutls_global_init.3 | 11 +- .../gnutls_global_set_audit_log_function.3 | 4 +- doc/manpages/gnutls_global_set_log_function.3 | 4 +- doc/manpages/gnutls_global_set_log_level.3 | 4 +- doc/manpages/gnutls_global_set_mem_functions.3 | 4 +- doc/manpages/gnutls_global_set_mutex.3 | 6 +- doc/manpages/gnutls_global_set_time_function.3 | 4 +- doc/manpages/gnutls_handshake.3 | 27 +- .../gnutls_handshake_description_get_name.3 | 4 +- doc/manpages/gnutls_handshake_get_last_in.3 | 6 +- doc/manpages/gnutls_handshake_get_last_out.3 | 6 +- doc/manpages/gnutls_handshake_set_hook_function.3 | 6 +- .../gnutls_handshake_set_max_packet_length.3 | 6 +- ...utls_handshake_set_post_client_hello_function.3 | 6 +- .../gnutls_handshake_set_private_extensions.3 | 6 +- doc/manpages/gnutls_handshake_set_random.3 | 6 +- doc/manpages/gnutls_handshake_set_timeout.3 | 15 +- doc/manpages/gnutls_hash.3 | 14 +- doc/manpages/gnutls_hash_deinit.3 | 6 +- doc/manpages/gnutls_hash_fast.3 | 12 +- doc/manpages/gnutls_hash_get_len.3 | 4 +- doc/manpages/gnutls_hash_init.3 | 6 +- doc/manpages/gnutls_hash_output.3 | 6 +- doc/manpages/gnutls_heartbeat_allowed.3 | 6 +- doc/manpages/gnutls_heartbeat_enable.3 | 6 +- doc/manpages/gnutls_heartbeat_get_timeout.3 | 6 +- doc/manpages/gnutls_heartbeat_ping.3 | 6 +- doc/manpages/gnutls_heartbeat_pong.3 | 6 +- doc/manpages/gnutls_heartbeat_set_timeouts.3 | 9 +- doc/manpages/gnutls_hex2bin.3 | 8 +- doc/manpages/gnutls_hex_decode.3 | 9 +- doc/manpages/gnutls_hex_decode2.3 | 38 - doc/manpages/gnutls_hex_encode.3 | 4 +- doc/manpages/gnutls_hex_encode2.3 | 40 - doc/manpages/gnutls_hmac.3 | 14 +- doc/manpages/gnutls_hmac_deinit.3 | 6 +- doc/manpages/gnutls_hmac_fast.3 | 14 +- doc/manpages/gnutls_hmac_get_len.3 | 4 +- doc/manpages/gnutls_hmac_init.3 | 10 +- doc/manpages/gnutls_hmac_output.3 | 6 +- doc/manpages/gnutls_hmac_set_nonce.3 | 8 +- doc/manpages/gnutls_init.3 | 12 +- doc/manpages/gnutls_key_generate.3 | 8 +- doc/manpages/gnutls_kx_get.3 | 6 +- doc/manpages/gnutls_kx_get_id.3 | 4 +- doc/manpages/gnutls_kx_get_name.3 | 4 +- doc/manpages/gnutls_kx_list.3 | 4 +- doc/manpages/gnutls_kx_set_priority.3 | 42 + doc/manpages/gnutls_load_file.3 | 4 +- doc/manpages/gnutls_mac_get.3 | 6 +- doc/manpages/gnutls_mac_get_id.3 | 6 +- doc/manpages/gnutls_mac_get_key_size.3 | 4 +- doc/manpages/gnutls_mac_get_name.3 | 4 +- doc/manpages/gnutls_mac_get_nonce_size.3 | 4 +- doc/manpages/gnutls_mac_list.3 | 4 +- doc/manpages/gnutls_mac_set_priority.3 | 42 + doc/manpages/gnutls_memcmp.3 | 43 - doc/manpages/gnutls_ocsp_req_add_cert.3 | 6 +- doc/manpages/gnutls_ocsp_req_add_cert_id.3 | 6 +- doc/manpages/gnutls_ocsp_req_deinit.3 | 6 +- doc/manpages/gnutls_ocsp_req_export.3 | 4 +- doc/manpages/gnutls_ocsp_req_get_cert_id.3 | 6 +- doc/manpages/gnutls_ocsp_req_get_extension.3 | 6 +- doc/manpages/gnutls_ocsp_req_get_nonce.3 | 6 +- doc/manpages/gnutls_ocsp_req_get_version.3 | 6 +- doc/manpages/gnutls_ocsp_req_import.3 | 6 +- doc/manpages/gnutls_ocsp_req_init.3 | 6 +- doc/manpages/gnutls_ocsp_req_print.3 | 6 +- doc/manpages/gnutls_ocsp_req_randomize_nonce.3 | 6 +- doc/manpages/gnutls_ocsp_req_set_extension.3 | 6 +- doc/manpages/gnutls_ocsp_req_set_nonce.3 | 6 +- doc/manpages/gnutls_ocsp_resp_check_crt.3 | 6 +- doc/manpages/gnutls_ocsp_resp_deinit.3 | 6 +- doc/manpages/gnutls_ocsp_resp_export.3 | 4 +- doc/manpages/gnutls_ocsp_resp_get_certs.3 | 6 +- doc/manpages/gnutls_ocsp_resp_get_extension.3 | 6 +- doc/manpages/gnutls_ocsp_resp_get_nonce.3 | 6 +- doc/manpages/gnutls_ocsp_resp_get_produced.3 | 6 +- doc/manpages/gnutls_ocsp_resp_get_responder.3 | 9 +- .../gnutls_ocsp_resp_get_responder_raw_id.3 | 45 - doc/manpages/gnutls_ocsp_resp_get_response.3 | 6 +- doc/manpages/gnutls_ocsp_resp_get_signature.3 | 6 +- .../gnutls_ocsp_resp_get_signature_algorithm.3 | 6 +- doc/manpages/gnutls_ocsp_resp_get_single.3 | 6 +- doc/manpages/gnutls_ocsp_resp_get_status.3 | 6 +- doc/manpages/gnutls_ocsp_resp_get_version.3 | 6 +- doc/manpages/gnutls_ocsp_resp_import.3 | 6 +- doc/manpages/gnutls_ocsp_resp_init.3 | 6 +- doc/manpages/gnutls_ocsp_resp_print.3 | 6 +- doc/manpages/gnutls_ocsp_resp_verify.3 | 10 +- doc/manpages/gnutls_ocsp_resp_verify_direct.3 | 8 +- .../gnutls_ocsp_status_request_enable_client.3 | 6 +- doc/manpages/gnutls_ocsp_status_request_get.3 | 6 +- .../gnutls_ocsp_status_request_is_checked.3 | 16 +- doc/manpages/gnutls_oid_to_digest.3 | 38 - doc/manpages/gnutls_oid_to_ecc_curve.3 | 36 - doc/manpages/gnutls_oid_to_pk.3 | 38 - doc/manpages/gnutls_oid_to_sign.3 | 38 - doc/manpages/gnutls_openpgp_crt_check_email.3 | 40 - doc/manpages/gnutls_openpgp_crt_check_hostname.3 | 6 +- doc/manpages/gnutls_openpgp_crt_check_hostname2.3 | 6 +- doc/manpages/gnutls_openpgp_crt_deinit.3 | 6 +- doc/manpages/gnutls_openpgp_crt_export.3 | 4 +- doc/manpages/gnutls_openpgp_crt_export2.3 | 4 +- doc/manpages/gnutls_openpgp_crt_get_auth_subkey.3 | 4 +- .../gnutls_openpgp_crt_get_creation_time.3 | 4 +- .../gnutls_openpgp_crt_get_expiration_time.3 | 4 +- doc/manpages/gnutls_openpgp_crt_get_fingerprint.3 | 4 +- doc/manpages/gnutls_openpgp_crt_get_key_id.3 | 4 +- doc/manpages/gnutls_openpgp_crt_get_key_usage.3 | 6 +- doc/manpages/gnutls_openpgp_crt_get_name.3 | 4 +- doc/manpages/gnutls_openpgp_crt_get_pk_algorithm.3 | 4 +- doc/manpages/gnutls_openpgp_crt_get_pk_dsa_raw.3 | 4 +- doc/manpages/gnutls_openpgp_crt_get_pk_rsa_raw.3 | 4 +- .../gnutls_openpgp_crt_get_preferred_key_id.3 | 4 +- .../gnutls_openpgp_crt_get_revoked_status.3 | 4 +- doc/manpages/gnutls_openpgp_crt_get_subkey_count.3 | 4 +- .../gnutls_openpgp_crt_get_subkey_creation_time.3 | 4 +- ...gnutls_openpgp_crt_get_subkey_expiration_time.3 | 4 +- .../gnutls_openpgp_crt_get_subkey_fingerprint.3 | 4 +- doc/manpages/gnutls_openpgp_crt_get_subkey_id.3 | 4 +- doc/manpages/gnutls_openpgp_crt_get_subkey_idx.3 | 4 +- .../gnutls_openpgp_crt_get_subkey_pk_algorithm.3 | 4 +- .../gnutls_openpgp_crt_get_subkey_pk_dsa_raw.3 | 4 +- .../gnutls_openpgp_crt_get_subkey_pk_rsa_raw.3 | 4 +- .../gnutls_openpgp_crt_get_subkey_revoked_status.3 | 4 +- doc/manpages/gnutls_openpgp_crt_get_subkey_usage.3 | 6 +- doc/manpages/gnutls_openpgp_crt_get_version.3 | 4 +- doc/manpages/gnutls_openpgp_crt_import.3 | 4 +- doc/manpages/gnutls_openpgp_crt_init.3 | 6 +- doc/manpages/gnutls_openpgp_crt_print.3 | 4 +- .../gnutls_openpgp_crt_set_preferred_key_id.3 | 4 +- doc/manpages/gnutls_openpgp_crt_verify_ring.3 | 4 +- doc/manpages/gnutls_openpgp_crt_verify_self.3 | 4 +- doc/manpages/gnutls_openpgp_keyring_check_id.3 | 4 +- doc/manpages/gnutls_openpgp_keyring_deinit.3 | 6 +- doc/manpages/gnutls_openpgp_keyring_get_crt.3 | 6 +- .../gnutls_openpgp_keyring_get_crt_count.3 | 4 +- doc/manpages/gnutls_openpgp_keyring_import.3 | 4 +- doc/manpages/gnutls_openpgp_keyring_init.3 | 6 +- doc/manpages/gnutls_openpgp_privkey_deinit.3 | 6 +- doc/manpages/gnutls_openpgp_privkey_export.3 | 4 +- doc/manpages/gnutls_openpgp_privkey_export2.3 | 4 +- .../gnutls_openpgp_privkey_export_dsa_raw.3 | 4 +- .../gnutls_openpgp_privkey_export_rsa_raw.3 | 4 +- .../gnutls_openpgp_privkey_export_subkey_dsa_raw.3 | 4 +- .../gnutls_openpgp_privkey_export_subkey_rsa_raw.3 | 4 +- .../gnutls_openpgp_privkey_get_fingerprint.3 | 4 +- doc/manpages/gnutls_openpgp_privkey_get_key_id.3 | 4 +- .../gnutls_openpgp_privkey_get_pk_algorithm.3 | 4 +- .../gnutls_openpgp_privkey_get_preferred_key_id.3 | 4 +- .../gnutls_openpgp_privkey_get_revoked_status.3 | 4 +- .../gnutls_openpgp_privkey_get_subkey_count.3 | 4 +- ...utls_openpgp_privkey_get_subkey_creation_time.3 | 4 +- ...ls_openpgp_privkey_get_subkey_expiration_time.3 | 4 +- ...gnutls_openpgp_privkey_get_subkey_fingerprint.3 | 4 +- .../gnutls_openpgp_privkey_get_subkey_id.3 | 4 +- .../gnutls_openpgp_privkey_get_subkey_idx.3 | 4 +- ...nutls_openpgp_privkey_get_subkey_pk_algorithm.3 | 4 +- ...tls_openpgp_privkey_get_subkey_revoked_status.3 | 4 +- doc/manpages/gnutls_openpgp_privkey_import.3 | 4 +- doc/manpages/gnutls_openpgp_privkey_init.3 | 6 +- doc/manpages/gnutls_openpgp_privkey_sec_param.3 | 4 +- .../gnutls_openpgp_privkey_set_preferred_key_id.3 | 4 +- doc/manpages/gnutls_openpgp_privkey_sign_hash.3 | 4 +- doc/manpages/gnutls_openpgp_send_cert.3 | 6 +- .../gnutls_openpgp_set_recv_key_function.3 | 6 +- doc/manpages/gnutls_packet_deinit.3 | 4 +- doc/manpages/gnutls_packet_get.3 | 6 +- doc/manpages/gnutls_pcert_deinit.3 | 4 +- doc/manpages/gnutls_pcert_export_openpgp.3 | 43 - doc/manpages/gnutls_pcert_export_x509.3 | 43 - doc/manpages/gnutls_pcert_import_openpgp.3 | 4 +- doc/manpages/gnutls_pcert_import_openpgp_raw.3 | 4 +- doc/manpages/gnutls_pcert_import_x509.3 | 6 +- doc/manpages/gnutls_pcert_import_x509_list.3 | 51 - doc/manpages/gnutls_pcert_import_x509_raw.3 | 4 +- doc/manpages/gnutls_pcert_list_import_x509_raw.3 | 4 +- doc/manpages/gnutls_pem_base64_decode.3 | 4 +- ..._decode2.3 => gnutls_pem_base64_decode_alloc.3} | 8 +- doc/manpages/gnutls_pem_base64_encode.3 | 4 +- ..._encode2.3 => gnutls_pem_base64_encode_alloc.3} | 8 +- doc/manpages/gnutls_perror.3 | 4 +- doc/manpages/gnutls_pk_algorithm_get_name.3 | 4 +- doc/manpages/gnutls_pk_bits_to_sec_param.3 | 4 +- doc/manpages/gnutls_pk_get_id.3 | 4 +- doc/manpages/gnutls_pk_get_name.3 | 4 +- doc/manpages/gnutls_pk_get_oid.3 | 38 - doc/manpages/gnutls_pk_list.3 | 4 +- doc/manpages/gnutls_pk_to_sign.3 | 4 +- doc/manpages/gnutls_pkcs11_add_provider.3 | 4 +- .../gnutls_pkcs11_copy_attached_extension.3 | 49 - doc/manpages/gnutls_pkcs11_copy_pubkey.3 | 51 - doc/manpages/gnutls_pkcs11_copy_secret_key.3 | 4 +- doc/manpages/gnutls_pkcs11_copy_x509_crt.3 | 4 +- doc/manpages/gnutls_pkcs11_copy_x509_crt2.3 | 49 - doc/manpages/gnutls_pkcs11_copy_x509_privkey.3 | 4 +- doc/manpages/gnutls_pkcs11_copy_x509_privkey2.3 | 50 - doc/manpages/gnutls_pkcs11_crt_is_known.3 | 6 +- doc/manpages/gnutls_pkcs11_deinit.3 | 4 +- doc/manpages/gnutls_pkcs11_delete_url.3 | 4 +- doc/manpages/gnutls_pkcs11_get_pin_function.3 | 4 +- doc/manpages/gnutls_pkcs11_get_raw_issuer.3 | 6 +- doc/manpages/gnutls_pkcs11_get_raw_issuer_by_dn.3 | 52 - ...nutls_pkcs11_get_raw_issuer_by_subject_key_id.3 | 54 - doc/manpages/gnutls_pkcs11_init.3 | 8 +- doc/manpages/gnutls_pkcs11_obj_deinit.3 | 6 +- doc/manpages/gnutls_pkcs11_obj_export.3 | 4 +- doc/manpages/gnutls_pkcs11_obj_export2.3 | 4 +- doc/manpages/gnutls_pkcs11_obj_export3.3 | 4 +- doc/manpages/gnutls_pkcs11_obj_export_url.3 | 4 +- doc/manpages/gnutls_pkcs11_obj_flags_get_str.3 | 39 - doc/manpages/gnutls_pkcs11_obj_get_exts.3 | 45 - doc/manpages/gnutls_pkcs11_obj_get_flags.3 | 42 - doc/manpages/gnutls_pkcs11_obj_get_info.3 | 10 +- doc/manpages/gnutls_pkcs11_obj_get_type.3 | 8 +- doc/manpages/gnutls_pkcs11_obj_import_url.3 | 8 +- doc/manpages/gnutls_pkcs11_obj_init.3 | 6 +- ..._url3.3 => gnutls_pkcs11_obj_list_import_url.3} | 20 +- ...url4.3 => gnutls_pkcs11_obj_list_import_url2.3} | 23 +- doc/manpages/gnutls_pkcs11_obj_set_info.3 | 47 - doc/manpages/gnutls_pkcs11_obj_set_pin_function.3 | 4 +- doc/manpages/gnutls_pkcs11_privkey_deinit.3 | 6 +- doc/manpages/gnutls_pkcs11_privkey_export_pubkey.3 | 47 - doc/manpages/gnutls_pkcs11_privkey_export_url.3 | 4 +- doc/manpages/gnutls_pkcs11_privkey_generate.3 | 4 +- doc/manpages/gnutls_pkcs11_privkey_generate2.3 | 12 +- doc/manpages/gnutls_pkcs11_privkey_generate3.3 | 62 - doc/manpages/gnutls_pkcs11_privkey_get_info.3 | 6 +- .../gnutls_pkcs11_privkey_get_pk_algorithm.3 | 6 +- doc/manpages/gnutls_pkcs11_privkey_import_url.3 | 10 +- doc/manpages/gnutls_pkcs11_privkey_init.3 | 6 +- .../gnutls_pkcs11_privkey_set_pin_function.3 | 4 +- doc/manpages/gnutls_pkcs11_privkey_status.3 | 4 +- doc/manpages/gnutls_pkcs11_reinit.3 | 4 +- doc/manpages/gnutls_pkcs11_set_pin_function.3 | 4 +- doc/manpages/gnutls_pkcs11_set_token_function.3 | 4 +- doc/manpages/gnutls_pkcs11_token_get_flags.3 | 4 +- doc/manpages/gnutls_pkcs11_token_get_info.3 | 4 +- doc/manpages/gnutls_pkcs11_token_get_mechanism.3 | 4 +- doc/manpages/gnutls_pkcs11_token_get_random.3 | 4 +- doc/manpages/gnutls_pkcs11_token_get_url.3 | 4 +- doc/manpages/gnutls_pkcs11_token_init.3 | 4 +- doc/manpages/gnutls_pkcs11_token_set_pin.3 | 4 +- doc/manpages/gnutls_pkcs11_type_get_name.3 | 4 +- doc/manpages/gnutls_pkcs12_bag_decrypt.3 | 4 +- doc/manpages/gnutls_pkcs12_bag_deinit.3 | 6 +- doc/manpages/gnutls_pkcs12_bag_enc_info.3 | 54 - doc/manpages/gnutls_pkcs12_bag_encrypt.3 | 4 +- doc/manpages/gnutls_pkcs12_bag_get_count.3 | 6 +- doc/manpages/gnutls_pkcs12_bag_get_data.3 | 4 +- doc/manpages/gnutls_pkcs12_bag_get_friendly_name.3 | 4 +- doc/manpages/gnutls_pkcs12_bag_get_key_id.3 | 4 +- doc/manpages/gnutls_pkcs12_bag_get_type.3 | 4 +- doc/manpages/gnutls_pkcs12_bag_init.3 | 6 +- doc/manpages/gnutls_pkcs12_bag_set_crl.3 | 4 +- doc/manpages/gnutls_pkcs12_bag_set_crt.3 | 4 +- doc/manpages/gnutls_pkcs12_bag_set_data.3 | 4 +- doc/manpages/gnutls_pkcs12_bag_set_friendly_name.3 | 4 +- doc/manpages/gnutls_pkcs12_bag_set_key_id.3 | 4 +- doc/manpages/gnutls_pkcs12_bag_set_privkey.3 | 43 - doc/manpages/gnutls_pkcs12_deinit.3 | 8 +- doc/manpages/gnutls_pkcs12_export.3 | 6 +- doc/manpages/gnutls_pkcs12_export2.3 | 6 +- doc/manpages/gnutls_pkcs12_generate_mac.3 | 6 +- doc/manpages/gnutls_pkcs12_generate_mac2.3 | 40 - doc/manpages/gnutls_pkcs12_get_bag.3 | 6 +- doc/manpages/gnutls_pkcs12_import.3 | 6 +- doc/manpages/gnutls_pkcs12_init.3 | 8 +- doc/manpages/gnutls_pkcs12_mac_info.3 | 52 - doc/manpages/gnutls_pkcs12_set_bag.3 | 6 +- doc/manpages/gnutls_pkcs12_simple_parse.3 | 43 +- doc/manpages/gnutls_pkcs12_verify_mac.3 | 6 +- doc/manpages/gnutls_pkcs7_add_attr.3 | 47 - doc/manpages/gnutls_pkcs7_attrs_deinit.3 | 35 - doc/manpages/gnutls_pkcs7_deinit.3 | 10 +- doc/manpages/gnutls_pkcs7_delete_crl.3 | 8 +- doc/manpages/gnutls_pkcs7_delete_crt.3 | 8 +- doc/manpages/gnutls_pkcs7_export.3 | 8 +- doc/manpages/gnutls_pkcs7_export2.3 | 8 +- doc/manpages/gnutls_pkcs7_get_attr.3 | 49 - doc/manpages/gnutls_pkcs7_get_crl_count.3 | 10 +- doc/manpages/gnutls_pkcs7_get_crl_raw.3 | 8 +- doc/manpages/gnutls_pkcs7_get_crl_raw2.3 | 43 - doc/manpages/gnutls_pkcs7_get_crt_count.3 | 12 +- doc/manpages/gnutls_pkcs7_get_crt_raw.3 | 8 +- doc/manpages/gnutls_pkcs7_get_crt_raw2.3 | 48 - doc/manpages/gnutls_pkcs7_get_embedded_data.3 | 48 - doc/manpages/gnutls_pkcs7_get_signature_count.3 | 39 - doc/manpages/gnutls_pkcs7_get_signature_info.3 | 44 - doc/manpages/gnutls_pkcs7_import.3 | 8 +- doc/manpages/gnutls_pkcs7_init.3 | 8 +- doc/manpages/gnutls_pkcs7_print.3 | 46 - doc/manpages/gnutls_pkcs7_set_crl.3 | 8 +- doc/manpages/gnutls_pkcs7_set_crl_raw.3 | 8 +- doc/manpages/gnutls_pkcs7_set_crt.3 | 8 +- doc/manpages/gnutls_pkcs7_set_crt_raw.3 | 8 +- doc/manpages/gnutls_pkcs7_sign.3 | 59 - doc/manpages/gnutls_pkcs7_signature_info_deinit.3 | 36 - doc/manpages/gnutls_pkcs7_verify.3 | 55 - doc/manpages/gnutls_pkcs7_verify_direct.3 | 51 - doc/manpages/gnutls_pkcs8_info.3 | 56 - doc/manpages/gnutls_pkcs_schema_get_name.3 | 38 - doc/manpages/gnutls_pkcs_schema_get_oid.3 | 38 - doc/manpages/gnutls_prf.3 | 14 +- doc/manpages/gnutls_prf_raw.3 | 6 +- doc/manpages/gnutls_prf_rfc5705.3 | 67 - .../gnutls_priority_certificate_type_list.3 | 6 +- doc/manpages/gnutls_priority_cipher_list.3 | 6 +- doc/manpages/gnutls_priority_compression_list.3 | 6 +- doc/manpages/gnutls_priority_deinit.3 | 6 +- doc/manpages/gnutls_priority_ecc_curve_list.3 | 6 +- .../gnutls_priority_get_cipher_suite_index.3 | 8 +- doc/manpages/gnutls_priority_init.3 | 23 +- doc/manpages/gnutls_priority_kx_list.3 | 6 +- doc/manpages/gnutls_priority_mac_list.3 | 6 +- doc/manpages/gnutls_priority_protocol_list.3 | 6 +- doc/manpages/gnutls_priority_set.3 | 8 +- doc/manpages/gnutls_priority_set_direct.3 | 8 +- doc/manpages/gnutls_priority_sign_list.3 | 6 +- doc/manpages/gnutls_priority_string_list.3 | 42 - doc/manpages/gnutls_privkey_decrypt_data.3 | 4 +- doc/manpages/gnutls_privkey_deinit.3 | 6 +- doc/manpages/gnutls_privkey_export_dsa_raw.3 | 4 +- doc/manpages/gnutls_privkey_export_ecc_raw.3 | 4 +- doc/manpages/gnutls_privkey_export_pkcs11.3 | 43 - doc/manpages/gnutls_privkey_export_rsa_raw.3 | 4 +- doc/manpages/gnutls_privkey_export_x509.3 | 42 - doc/manpages/gnutls_privkey_generate.3 | 4 +- doc/manpages/gnutls_privkey_get_pk_algorithm.3 | 6 +- doc/manpages/gnutls_privkey_get_type.3 | 6 +- doc/manpages/gnutls_privkey_import_dsa_raw.3 | 4 +- doc/manpages/gnutls_privkey_import_ecc_raw.3 | 6 +- doc/manpages/gnutls_privkey_import_ext.3 | 8 +- doc/manpages/gnutls_privkey_import_ext2.3 | 16 +- doc/manpages/gnutls_privkey_import_ext3.3 | 62 - doc/manpages/gnutls_privkey_import_openpgp.3 | 6 +- doc/manpages/gnutls_privkey_import_openpgp_raw.3 | 6 +- doc/manpages/gnutls_privkey_import_pkcs11.3 | 6 +- doc/manpages/gnutls_privkey_import_pkcs11_url.3 | 6 +- doc/manpages/gnutls_privkey_import_rsa_raw.3 | 4 +- doc/manpages/gnutls_privkey_import_tpm_raw.3 | 6 +- doc/manpages/gnutls_privkey_import_tpm_url.3 | 6 +- doc/manpages/gnutls_privkey_import_url.3 | 4 +- doc/manpages/gnutls_privkey_import_x509.3 | 6 +- doc/manpages/gnutls_privkey_import_x509_raw.3 | 6 +- doc/manpages/gnutls_privkey_init.3 | 8 +- doc/manpages/gnutls_privkey_set_pin_function.3 | 4 +- doc/manpages/gnutls_privkey_sign_data.3 | 6 +- doc/manpages/gnutls_privkey_sign_hash.3 | 4 +- doc/manpages/gnutls_privkey_sign_raw_data.3 | 51 + doc/manpages/gnutls_privkey_status.3 | 4 +- doc/manpages/gnutls_privkey_verify_params.3 | 6 +- doc/manpages/gnutls_protocol_get_id.3 | 4 +- doc/manpages/gnutls_protocol_get_name.3 | 4 +- doc/manpages/gnutls_protocol_get_version.3 | 6 +- doc/manpages/gnutls_protocol_list.3 | 4 +- ...ret_status.3 => gnutls_protocol_set_priority.3} | 21 +- .../gnutls_psk_allocate_client_credentials.3 | 6 +- .../gnutls_psk_allocate_server_credentials.3 | 6 +- doc/manpages/gnutls_psk_client_get_hint.3 | 4 +- doc/manpages/gnutls_psk_free_client_credentials.3 | 6 +- doc/manpages/gnutls_psk_free_server_credentials.3 | 6 +- doc/manpages/gnutls_psk_server_get_username.3 | 4 +- doc/manpages/gnutls_psk_set_client_credentials.3 | 8 +- .../gnutls_psk_set_client_credentials_function.3 | 6 +- doc/manpages/gnutls_psk_set_params_function.3 | 6 +- .../gnutls_psk_set_server_credentials_file.3 | 8 +- .../gnutls_psk_set_server_credentials_function.3 | 6 +- .../gnutls_psk_set_server_credentials_hint.3 | 8 +- doc/manpages/gnutls_psk_set_server_dh_params.3 | 6 +- .../gnutls_psk_set_server_params_function.3 | 6 +- doc/manpages/gnutls_pubkey_deinit.3 | 6 +- doc/manpages/gnutls_pubkey_encrypt_data.3 | 6 +- doc/manpages/gnutls_pubkey_export.3 | 4 +- doc/manpages/gnutls_pubkey_export2.3 | 4 +- doc/manpages/gnutls_pubkey_export_dsa_raw.3 | 14 +- doc/manpages/gnutls_pubkey_export_ecc_raw.3 | 14 +- doc/manpages/gnutls_pubkey_export_ecc_x962.3 | 4 +- doc/manpages/gnutls_pubkey_export_rsa_raw.3 | 10 +- doc/manpages/gnutls_pubkey_get_key_id.3 | 6 +- doc/manpages/gnutls_pubkey_get_key_usage.3 | 6 +- doc/manpages/gnutls_pubkey_get_openpgp_key_id.3 | 4 +- doc/manpages/gnutls_pubkey_get_pk_algorithm.3 | 6 +- .../gnutls_pubkey_get_preferred_hash_algorithm.3 | 6 +- ...npgp.3 => gnutls_pubkey_get_verify_algorithm.3} | 26 +- doc/manpages/gnutls_pubkey_import.3 | 8 +- doc/manpages/gnutls_pubkey_import_dsa_raw.3 | 4 +- doc/manpages/gnutls_pubkey_import_ecc_raw.3 | 4 +- doc/manpages/gnutls_pubkey_import_ecc_x962.3 | 4 +- doc/manpages/gnutls_pubkey_import_openpgp.3 | 6 +- doc/manpages/gnutls_pubkey_import_openpgp_raw.3 | 6 +- doc/manpages/gnutls_pubkey_import_pkcs11.3 | 6 +- ...key_cpy.3 => gnutls_pubkey_import_pkcs11_url.3} | 26 +- doc/manpages/gnutls_pubkey_import_privkey.3 | 6 +- doc/manpages/gnutls_pubkey_import_rsa_raw.3 | 6 +- doc/manpages/gnutls_pubkey_import_tpm_raw.3 | 4 +- doc/manpages/gnutls_pubkey_import_tpm_url.3 | 6 +- doc/manpages/gnutls_pubkey_import_url.3 | 7 +- doc/manpages/gnutls_pubkey_import_x509.3 | 6 +- doc/manpages/gnutls_pubkey_import_x509_crq.3 | 6 +- doc/manpages/gnutls_pubkey_import_x509_raw.3 | 6 +- doc/manpages/gnutls_pubkey_init.3 | 8 +- doc/manpages/gnutls_pubkey_print.3 | 8 +- doc/manpages/gnutls_pubkey_set_key_usage.3 | 4 +- doc/manpages/gnutls_pubkey_set_pin_function.3 | 4 +- doc/manpages/gnutls_pubkey_verify_data.3 | 48 + doc/manpages/gnutls_pubkey_verify_data2.3 | 10 +- doc/manpages/gnutls_pubkey_verify_hash.3 | 48 + doc/manpages/gnutls_pubkey_verify_hash2.3 | 6 +- doc/manpages/gnutls_pubkey_verify_params.3 | 6 +- doc/manpages/gnutls_random_art.3 | 8 +- doc/manpages/gnutls_range_split.3 | 6 +- doc/manpages/gnutls_record_can_use_length_hiding.3 | 6 +- doc/manpages/gnutls_record_check_corked.3 | 8 +- doc/manpages/gnutls_record_check_pending.3 | 6 +- doc/manpages/gnutls_record_cork.3 | 11 +- doc/manpages/gnutls_record_disable_padding.3 | 6 +- doc/manpages/gnutls_record_get_direction.3 | 23 +- doc/manpages/gnutls_record_get_discarded.3 | 6 +- doc/manpages/gnutls_record_get_max_size.3 | 6 +- doc/manpages/gnutls_record_get_state.3 | 51 - doc/manpages/gnutls_record_overhead_size.3 | 4 +- doc/manpages/gnutls_record_recv.3 | 19 +- doc/manpages/gnutls_record_recv_packet.3 | 10 +- doc/manpages/gnutls_record_recv_seq.3 | 6 +- doc/manpages/gnutls_record_send.3 | 6 +- doc/manpages/gnutls_record_send_range.3 | 6 +- doc/manpages/gnutls_record_set_max_empty_records.3 | 41 + doc/manpages/gnutls_record_set_max_size.3 | 6 +- doc/manpages/gnutls_record_set_state.3 | 43 - doc/manpages/gnutls_record_set_timeout.3 | 9 +- doc/manpages/gnutls_record_uncork.3 | 8 +- doc/manpages/gnutls_register_custom_url.3 | 47 - doc/manpages/gnutls_rehandshake.3 | 10 +- doc/manpages/gnutls_rnd.3 | 8 +- doc/manpages/gnutls_rnd_refresh.3 | 7 +- ...atus.3 => gnutls_rsa_export_get_modulus_bits.3} | 18 +- doc/manpages/gnutls_rsa_export_get_pubkey.3 | 42 + .../{gnutls_memset.3 => gnutls_rsa_params_cpy.3} | 28 +- ...509_ext_deinit.3 => gnutls_rsa_params_deinit.3} | 18 +- doc/manpages/gnutls_rsa_params_export_pkcs1.3 | 46 + doc/manpages/gnutls_rsa_params_export_raw.3 | 51 + doc/manpages/gnutls_rsa_params_generate2.3 | 44 + doc/manpages/gnutls_rsa_params_import_pkcs1.3 | 43 + doc/manpages/gnutls_rsa_params_import_raw.3 | 49 + ...cc_curve_get_oid.3 => gnutls_rsa_params_init.3} | 21 +- doc/manpages/gnutls_safe_renegotiation_status.3 | 6 +- doc/manpages/gnutls_sec_param_get_name.3 | 4 +- doc/manpages/gnutls_sec_param_to_pk_bits.3 | 4 +- doc/manpages/gnutls_sec_param_to_symmetric_bits.3 | 4 +- doc/manpages/gnutls_server_name_get.3 | 8 +- doc/manpages/gnutls_server_name_set.3 | 13 +- doc/manpages/gnutls_session_channel_binding.3 | 6 +- .../gnutls_session_enable_compatibility_mode.3 | 6 +- doc/manpages/gnutls_session_force_valid.3 | 6 +- doc/manpages/gnutls_session_get_data.3 | 9 +- doc/manpages/gnutls_session_get_data2.3 | 10 +- doc/manpages/gnutls_session_get_desc.3 | 7 +- doc/manpages/gnutls_session_get_id.3 | 10 +- doc/manpages/gnutls_session_get_id2.3 | 6 +- doc/manpages/gnutls_session_get_ptr.3 | 6 +- doc/manpages/gnutls_session_get_random.3 | 6 +- .../gnutls_session_get_verify_cert_status.3 | 42 - doc/manpages/gnutls_session_is_resumed.3 | 6 +- doc/manpages/gnutls_session_resumption_requested.3 | 6 +- doc/manpages/gnutls_session_set_data.3 | 6 +- doc/manpages/gnutls_session_set_id.3 | 6 +- doc/manpages/gnutls_session_set_premaster.3 | 6 +- doc/manpages/gnutls_session_set_ptr.3 | 6 +- doc/manpages/gnutls_session_set_verify_cert.3 | 51 - doc/manpages/gnutls_session_set_verify_cert2.3 | 48 - doc/manpages/gnutls_session_set_verify_function.3 | 52 - doc/manpages/gnutls_session_ticket_enable_client.3 | 6 +- doc/manpages/gnutls_session_ticket_enable_server.3 | 9 +- doc/manpages/gnutls_session_ticket_key_generate.3 | 4 +- doc/manpages/gnutls_set_default_export_priority.3 | 46 + doc/manpages/gnutls_set_default_priority.3 | 20 +- doc/manpages/gnutls_sign_algorithm_get.3 | 6 +- doc/manpages/gnutls_sign_algorithm_get_client.3 | 6 +- doc/manpages/gnutls_sign_algorithm_get_requested.3 | 6 +- ...discard_queued.3 => gnutls_sign_callback_get.3} | 24 +- doc/manpages/gnutls_sign_callback_set.3 | 50 + doc/manpages/gnutls_sign_get_hash_algorithm.3 | 4 +- doc/manpages/gnutls_sign_get_id.3 | 4 +- doc/manpages/gnutls_sign_get_name.3 | 4 +- doc/manpages/gnutls_sign_get_oid.3 | 38 - doc/manpages/gnutls_sign_get_pk_algorithm.3 | 4 +- doc/manpages/gnutls_sign_is_secure.3 | 4 +- doc/manpages/gnutls_sign_list.3 | 4 +- .../gnutls_srp_allocate_client_credentials.3 | 6 +- .../gnutls_srp_allocate_server_credentials.3 | 6 +- doc/manpages/gnutls_srp_base64_decode.3 | 4 +- ..._decode2.3 => gnutls_srp_base64_decode_alloc.3} | 8 +- doc/manpages/gnutls_srp_base64_encode.3 | 4 +- ..._encode2.3 => gnutls_srp_base64_encode_alloc.3} | 8 +- doc/manpages/gnutls_srp_free_client_credentials.3 | 6 +- doc/manpages/gnutls_srp_free_server_credentials.3 | 6 +- doc/manpages/gnutls_srp_server_get_username.3 | 4 +- doc/manpages/gnutls_srp_set_client_credentials.3 | 8 +- .../gnutls_srp_set_client_credentials_function.3 | 6 +- doc/manpages/gnutls_srp_set_prime_bits.3 | 6 +- .../gnutls_srp_set_server_credentials_file.3 | 8 +- .../gnutls_srp_set_server_credentials_function.3 | 15 +- .../gnutls_srp_set_server_fake_salt_seed.3 | 6 +- doc/manpages/gnutls_srp_verifier.3 | 4 +- doc/manpages/gnutls_srtp_get_keys.3 | 6 +- doc/manpages/gnutls_srtp_get_mki.3 | 6 +- doc/manpages/gnutls_srtp_get_profile_id.3 | 4 +- doc/manpages/gnutls_srtp_get_profile_name.3 | 4 +- doc/manpages/gnutls_srtp_get_selected_profile.3 | 6 +- doc/manpages/gnutls_srtp_set_mki.3 | 6 +- doc/manpages/gnutls_srtp_set_profile.3 | 6 +- doc/manpages/gnutls_srtp_set_profile_direct.3 | 8 +- doc/manpages/gnutls_store_commitment.3 | 4 +- doc/manpages/gnutls_store_pubkey.3 | 4 +- doc/manpages/gnutls_strerror.3 | 4 +- doc/manpages/gnutls_strerror_name.3 | 4 +- doc/manpages/gnutls_subject_alt_names_deinit.3 | 6 +- doc/manpages/gnutls_subject_alt_names_get.3 | 8 +- doc/manpages/gnutls_subject_alt_names_init.3 | 6 +- doc/manpages/gnutls_subject_alt_names_set.3 | 8 +- doc/manpages/gnutls_supplemental_get_name.3 | 4 +- doc/manpages/gnutls_supplemental_recv.3 | 39 - doc/manpages/gnutls_supplemental_register.3 | 50 - doc/manpages/gnutls_supplemental_send.3 | 38 - doc/manpages/gnutls_system_key_add_x509.3 | 47 - doc/manpages/gnutls_system_key_delete.3 | 40 - doc/manpages/gnutls_system_key_iter_deinit.3 | 35 - doc/manpages/gnutls_system_key_iter_get_info.3 | 57 - doc/manpages/gnutls_system_recv_timeout.3 | 44 - doc/manpages/gnutls_tdb_deinit.3 | 4 +- doc/manpages/gnutls_tdb_init.3 | 6 +- .../gnutls_tdb_set_store_commitment_func.3 | 8 +- doc/manpages/gnutls_tdb_set_store_func.3 | 8 +- doc/manpages/gnutls_tdb_set_verify_func.3 | 11 +- doc/manpages/gnutls_tpm_get_registered.3 | 4 +- doc/manpages/gnutls_tpm_key_list_deinit.3 | 4 +- doc/manpages/gnutls_tpm_key_list_get_url.3 | 4 +- doc/manpages/gnutls_tpm_privkey_delete.3 | 4 +- doc/manpages/gnutls_tpm_privkey_generate.3 | 4 +- doc/manpages/gnutls_transport_get_int.3 | 6 +- doc/manpages/gnutls_transport_get_int2.3 | 6 +- doc/manpages/gnutls_transport_get_ptr.3 | 6 +- doc/manpages/gnutls_transport_get_ptr2.3 | 6 +- doc/manpages/gnutls_transport_set_errno.3 | 8 +- doc/manpages/gnutls_transport_set_errno_function.3 | 6 +- doc/manpages/gnutls_transport_set_int.3 | 6 +- doc/manpages/gnutls_transport_set_int2.3 | 6 +- doc/manpages/gnutls_transport_set_ptr.3 | 6 +- doc/manpages/gnutls_transport_set_ptr2.3 | 6 +- doc/manpages/gnutls_transport_set_pull_function.3 | 6 +- .../gnutls_transport_set_pull_timeout_function.3 | 16 +- doc/manpages/gnutls_transport_set_push_function.3 | 6 +- .../gnutls_transport_set_vec_push_function.3 | 6 +- doc/manpages/gnutls_url_is_supported.3 | 4 +- doc/manpages/gnutls_verify_stored_pubkey.3 | 4 +- doc/manpages/gnutls_x509_aia_deinit.3 | 8 +- doc/manpages/gnutls_x509_aia_get.3 | 8 +- doc/manpages/gnutls_x509_aia_init.3 | 8 +- doc/manpages/gnutls_x509_aia_set.3 | 8 +- doc/manpages/gnutls_x509_aki_deinit.3 | 8 +- doc/manpages/gnutls_x509_aki_get_cert_issuer.3 | 17 +- doc/manpages/gnutls_x509_aki_get_id.3 | 8 +- doc/manpages/gnutls_x509_aki_init.3 | 8 +- doc/manpages/gnutls_x509_aki_set_cert_issuer.3 | 8 +- doc/manpages/gnutls_x509_aki_set_id.3 | 8 +- doc/manpages/gnutls_x509_crl_check_issuer.3 | 4 +- doc/manpages/gnutls_x509_crl_deinit.3 | 6 +- doc/manpages/gnutls_x509_crl_dist_points_deinit.3 | 8 +- doc/manpages/gnutls_x509_crl_dist_points_get.3 | 8 +- doc/manpages/gnutls_x509_crl_dist_points_init.3 | 8 +- doc/manpages/gnutls_x509_crl_dist_points_set.3 | 10 +- doc/manpages/gnutls_x509_crl_export.3 | 6 +- doc/manpages/gnutls_x509_crl_export2.3 | 6 +- .../gnutls_x509_crl_get_authority_key_gn_serial.3 | 6 +- .../gnutls_x509_crl_get_authority_key_id.3 | 6 +- doc/manpages/gnutls_x509_crl_get_crt_count.3 | 6 +- doc/manpages/gnutls_x509_crl_get_crt_serial.3 | 8 +- doc/manpages/gnutls_x509_crl_get_dn_oid.3 | 8 +- doc/manpages/gnutls_x509_crl_get_extension_data.3 | 6 +- doc/manpages/gnutls_x509_crl_get_extension_data2.3 | 6 +- doc/manpages/gnutls_x509_crl_get_extension_info.3 | 8 +- doc/manpages/gnutls_x509_crl_get_extension_oid.3 | 8 +- doc/manpages/gnutls_x509_crl_get_issuer_dn.3 | 6 +- doc/manpages/gnutls_x509_crl_get_issuer_dn2.3 | 8 +- .../gnutls_x509_crl_get_issuer_dn_by_oid.3 | 6 +- doc/manpages/gnutls_x509_crl_get_next_update.3 | 6 +- doc/manpages/gnutls_x509_crl_get_number.3 | 6 +- doc/manpages/gnutls_x509_crl_get_raw_issuer_dn.3 | 6 +- doc/manpages/gnutls_x509_crl_get_signature.3 | 8 +- .../gnutls_x509_crl_get_signature_algorithm.3 | 6 +- doc/manpages/gnutls_x509_crl_get_this_update.3 | 6 +- doc/manpages/gnutls_x509_crl_get_version.3 | 6 +- doc/manpages/gnutls_x509_crl_import.3 | 6 +- doc/manpages/gnutls_x509_crl_init.3 | 6 +- doc/manpages/gnutls_x509_crl_iter_crt_serial.3 | 8 +- doc/manpages/gnutls_x509_crl_iter_deinit.3 | 8 +- doc/manpages/gnutls_x509_crl_list_import.3 | 6 +- doc/manpages/gnutls_x509_crl_list_import2.3 | 6 +- doc/manpages/gnutls_x509_crl_print.3 | 8 +- doc/manpages/gnutls_x509_crl_privkey_sign.3 | 6 +- .../gnutls_x509_crl_set_authority_key_id.3 | 4 +- doc/manpages/gnutls_x509_crl_set_crt.3 | 6 +- doc/manpages/gnutls_x509_crl_set_crt_serial.3 | 6 +- doc/manpages/gnutls_x509_crl_set_next_update.3 | 6 +- doc/manpages/gnutls_x509_crl_set_number.3 | 4 +- doc/manpages/gnutls_x509_crl_set_this_update.3 | 6 +- doc/manpages/gnutls_x509_crl_set_version.3 | 6 +- doc/manpages/gnutls_x509_crl_sign.3 | 6 +- doc/manpages/gnutls_x509_crl_sign2.3 | 6 +- doc/manpages/gnutls_x509_crl_verify.3 | 4 +- doc/manpages/gnutls_x509_crq_deinit.3 | 6 +- doc/manpages/gnutls_x509_crq_export.3 | 6 +- doc/manpages/gnutls_x509_crq_export2.3 | 6 +- .../gnutls_x509_crq_get_attribute_by_oid.3 | 6 +- doc/manpages/gnutls_x509_crq_get_attribute_data.3 | 6 +- doc/manpages/gnutls_x509_crq_get_attribute_info.3 | 6 +- .../gnutls_x509_crq_get_basic_constraints.3 | 6 +- .../gnutls_x509_crq_get_challenge_password.3 | 6 +- doc/manpages/gnutls_x509_crq_get_dn.3 | 6 +- doc/manpages/gnutls_x509_crq_get_dn2.3 | 6 +- doc/manpages/gnutls_x509_crq_get_dn_by_oid.3 | 6 +- doc/manpages/gnutls_x509_crq_get_dn_oid.3 | 6 +- .../gnutls_x509_crq_get_extension_by_oid.3 | 6 +- .../gnutls_x509_crq_get_extension_by_oid2.3 | 51 - doc/manpages/gnutls_x509_crq_get_extension_data.3 | 6 +- doc/manpages/gnutls_x509_crq_get_extension_data2.3 | 6 +- doc/manpages/gnutls_x509_crq_get_extension_info.3 | 8 +- doc/manpages/gnutls_x509_crq_get_key_id.3 | 6 +- doc/manpages/gnutls_x509_crq_get_key_purpose_oid.3 | 8 +- doc/manpages/gnutls_x509_crq_get_key_rsa_raw.3 | 4 +- doc/manpages/gnutls_x509_crq_get_key_usage.3 | 6 +- doc/manpages/gnutls_x509_crq_get_pk_algorithm.3 | 6 +- .../gnutls_x509_crq_get_private_key_usage_period.3 | 6 +- .../gnutls_x509_crq_get_signature_algorithm.3 | 40 - .../gnutls_x509_crq_get_subject_alt_name.3 | 6 +- ...gnutls_x509_crq_get_subject_alt_othername_oid.3 | 6 +- doc/manpages/gnutls_x509_crq_get_version.3 | 6 +- doc/manpages/gnutls_x509_crq_import.3 | 8 +- doc/manpages/gnutls_x509_crq_init.3 | 6 +- doc/manpages/gnutls_x509_crq_print.3 | 8 +- doc/manpages/gnutls_x509_crq_privkey_sign.3 | 6 +- .../gnutls_x509_crq_set_attribute_by_oid.3 | 6 +- .../gnutls_x509_crq_set_basic_constraints.3 | 4 +- .../gnutls_x509_crq_set_challenge_password.3 | 6 +- doc/manpages/gnutls_x509_crq_set_dn.3 | 4 +- doc/manpages/gnutls_x509_crq_set_dn_by_oid.3 | 6 +- doc/manpages/gnutls_x509_crq_set_key.3 | 6 +- doc/manpages/gnutls_x509_crq_set_key_purpose_oid.3 | 6 +- doc/manpages/gnutls_x509_crq_set_key_rsa_raw.3 | 6 +- doc/manpages/gnutls_x509_crq_set_key_usage.3 | 4 +- .../gnutls_x509_crq_set_private_key_usage_period.3 | 4 +- doc/manpages/gnutls_x509_crq_set_pubkey.3 | 8 +- .../gnutls_x509_crq_set_subject_alt_name.3 | 4 +- doc/manpages/gnutls_x509_crq_set_version.3 | 6 +- doc/manpages/gnutls_x509_crq_sign.3 | 6 +- doc/manpages/gnutls_x509_crq_sign2.3 | 6 +- doc/manpages/gnutls_x509_crq_verify.3 | 4 +- doc/manpages/gnutls_x509_crt_check_email.3 | 40 - doc/manpages/gnutls_x509_crt_check_hostname.3 | 14 +- doc/manpages/gnutls_x509_crt_check_hostname2.3 | 16 +- doc/manpages/gnutls_x509_crt_check_issuer.3 | 7 +- doc/manpages/gnutls_x509_crt_check_revocation.3 | 8 +- doc/manpages/gnutls_x509_crt_cpy_crl_dist_points.3 | 4 +- doc/manpages/gnutls_x509_crt_deinit.3 | 6 +- doc/manpages/gnutls_x509_crt_export.3 | 4 +- doc/manpages/gnutls_x509_crt_export2.3 | 4 +- doc/manpages/gnutls_x509_crt_get_activation_time.3 | 6 +- .../gnutls_x509_crt_get_authority_info_access.3 | 13 +- .../gnutls_x509_crt_get_authority_key_gn_serial.3 | 6 +- .../gnutls_x509_crt_get_authority_key_id.3 | 6 +- .../gnutls_x509_crt_get_basic_constraints.3 | 6 +- doc/manpages/gnutls_x509_crt_get_ca_status.3 | 14 +- doc/manpages/gnutls_x509_crt_get_crl_dist_points.3 | 6 +- doc/manpages/gnutls_x509_crt_get_dn.3 | 6 +- doc/manpages/gnutls_x509_crt_get_dn2.3 | 8 +- doc/manpages/gnutls_x509_crt_get_dn_by_oid.3 | 6 +- doc/manpages/gnutls_x509_crt_get_dn_oid.3 | 6 +- doc/manpages/gnutls_x509_crt_get_expiration_time.3 | 6 +- .../gnutls_x509_crt_get_extension_by_oid.3 | 6 +- .../gnutls_x509_crt_get_extension_by_oid2.3 | 50 - doc/manpages/gnutls_x509_crt_get_extension_data.3 | 6 +- doc/manpages/gnutls_x509_crt_get_extension_data2.3 | 6 +- doc/manpages/gnutls_x509_crt_get_extension_info.3 | 6 +- doc/manpages/gnutls_x509_crt_get_extension_oid.3 | 6 +- doc/manpages/gnutls_x509_crt_get_fingerprint.3 | 6 +- doc/manpages/gnutls_x509_crt_get_issuer.3 | 6 +- doc/manpages/gnutls_x509_crt_get_issuer_alt_name.3 | 6 +- .../gnutls_x509_crt_get_issuer_alt_name2.3 | 6 +- .../gnutls_x509_crt_get_issuer_alt_othername_oid.3 | 6 +- doc/manpages/gnutls_x509_crt_get_issuer_dn.3 | 6 +- doc/manpages/gnutls_x509_crt_get_issuer_dn2.3 | 8 +- .../gnutls_x509_crt_get_issuer_dn_by_oid.3 | 6 +- doc/manpages/gnutls_x509_crt_get_issuer_dn_oid.3 | 6 +- .../gnutls_x509_crt_get_issuer_unique_id.3 | 9 +- doc/manpages/gnutls_x509_crt_get_key_id.3 | 6 +- doc/manpages/gnutls_x509_crt_get_key_purpose_oid.3 | 6 +- doc/manpages/gnutls_x509_crt_get_key_usage.3 | 6 +- .../gnutls_x509_crt_get_name_constraints.3 | 10 +- doc/manpages/gnutls_x509_crt_get_pk_algorithm.3 | 6 +- doc/manpages/gnutls_x509_crt_get_pk_dsa_raw.3 | 4 +- doc/manpages/gnutls_x509_crt_get_pk_ecc_raw.3 | 45 - doc/manpages/gnutls_x509_crt_get_pk_rsa_raw.3 | 4 +- doc/manpages/gnutls_x509_crt_get_policy.3 | 6 +- .../gnutls_x509_crt_get_preferred_hash_algorithm.3 | 6 +- .../gnutls_x509_crt_get_private_key_usage_period.3 | 6 +- doc/manpages/gnutls_x509_crt_get_proxy.3 | 6 +- doc/manpages/gnutls_x509_crt_get_raw_dn.3 | 6 +- doc/manpages/gnutls_x509_crt_get_raw_issuer_dn.3 | 6 +- doc/manpages/gnutls_x509_crt_get_serial.3 | 6 +- doc/manpages/gnutls_x509_crt_get_signature.3 | 8 +- .../gnutls_x509_crt_get_signature_algorithm.3 | 6 +- doc/manpages/gnutls_x509_crt_get_subject.3 | 6 +- .../gnutls_x509_crt_get_subject_alt_name.3 | 6 +- .../gnutls_x509_crt_get_subject_alt_name2.3 | 6 +- ...gnutls_x509_crt_get_subject_alt_othername_oid.3 | 6 +- doc/manpages/gnutls_x509_crt_get_subject_key_id.3 | 6 +- .../gnutls_x509_crt_get_subject_unique_id.3 | 9 +- .../gnutls_x509_crt_get_verify_algorithm.3 | 45 + doc/manpages/gnutls_x509_crt_get_version.3 | 6 +- doc/manpages/gnutls_x509_crt_import.3 | 6 +- doc/manpages/gnutls_x509_crt_import_pkcs11.3 | 4 +- ...t_url.3 => gnutls_x509_crt_import_pkcs11_url.3} | 19 +- doc/manpages/gnutls_x509_crt_init.3 | 6 +- doc/manpages/gnutls_x509_crt_list_import.3 | 6 +- doc/manpages/gnutls_x509_crt_list_import2.3 | 6 +- doc/manpages/gnutls_x509_crt_list_import_pkcs11.3 | 6 +- doc/manpages/gnutls_x509_crt_list_verify.3 | 13 +- doc/manpages/gnutls_x509_crt_print.3 | 8 +- doc/manpages/gnutls_x509_crt_privkey_sign.3 | 4 +- doc/manpages/gnutls_x509_crt_set_activation_time.3 | 4 +- .../gnutls_x509_crt_set_authority_info_access.3 | 4 +- .../gnutls_x509_crt_set_authority_key_id.3 | 4 +- .../gnutls_x509_crt_set_basic_constraints.3 | 4 +- doc/manpages/gnutls_x509_crt_set_ca_status.3 | 4 +- doc/manpages/gnutls_x509_crt_set_crl_dist_points.3 | 4 +- .../gnutls_x509_crt_set_crl_dist_points2.3 | 4 +- doc/manpages/gnutls_x509_crt_set_crq.3 | 7 +- doc/manpages/gnutls_x509_crt_set_crq_extensions.3 | 4 +- doc/manpages/gnutls_x509_crt_set_dn.3 | 4 +- doc/manpages/gnutls_x509_crt_set_dn_by_oid.3 | 4 +- doc/manpages/gnutls_x509_crt_set_expiration_time.3 | 4 +- .../gnutls_x509_crt_set_extension_by_oid.3 | 4 +- doc/manpages/gnutls_x509_crt_set_issuer_alt_name.3 | 4 +- doc/manpages/gnutls_x509_crt_set_issuer_dn.3 | 4 +- .../gnutls_x509_crt_set_issuer_dn_by_oid.3 | 4 +- .../gnutls_x509_crt_set_issuer_unique_id.3 | 42 - doc/manpages/gnutls_x509_crt_set_key.3 | 10 +- doc/manpages/gnutls_x509_crt_set_key_purpose_oid.3 | 4 +- doc/manpages/gnutls_x509_crt_set_key_usage.3 | 4 +- .../gnutls_x509_crt_set_name_constraints.3 | 6 +- doc/manpages/gnutls_x509_crt_set_pin_function.3 | 6 +- doc/manpages/gnutls_x509_crt_set_policy.3 | 8 +- .../gnutls_x509_crt_set_private_key_usage_period.3 | 4 +- doc/manpages/gnutls_x509_crt_set_proxy.3 | 4 +- doc/manpages/gnutls_x509_crt_set_proxy_dn.3 | 6 +- doc/manpages/gnutls_x509_crt_set_pubkey.3 | 8 +- doc/manpages/gnutls_x509_crt_set_serial.3 | 4 +- .../gnutls_x509_crt_set_subject_alt_name.3 | 4 +- .../gnutls_x509_crt_set_subject_alternative_name.3 | 4 +- doc/manpages/gnutls_x509_crt_set_subject_key_id.3 | 4 +- .../gnutls_x509_crt_set_subject_unique_id.3 | 42 - doc/manpages/gnutls_x509_crt_set_version.3 | 4 +- doc/manpages/gnutls_x509_crt_sign.3 | 4 +- doc/manpages/gnutls_x509_crt_sign2.3 | 4 +- doc/manpages/gnutls_x509_crt_verify.3 | 7 +- ...erify_data2.3 => gnutls_x509_crt_verify_data.3} | 23 +- doc/manpages/gnutls_x509_crt_verify_hash.3 | 46 + doc/manpages/gnutls_x509_dn_deinit.3 | 4 +- doc/manpages/gnutls_x509_dn_export.3 | 4 +- doc/manpages/gnutls_x509_dn_export2.3 | 4 +- doc/manpages/gnutls_x509_dn_get_rdn_ava.3 | 4 +- doc/manpages/gnutls_x509_dn_get_str.3 | 43 - doc/manpages/gnutls_x509_dn_import.3 | 6 +- doc/manpages/gnutls_x509_dn_init.3 | 6 +- doc/manpages/gnutls_x509_dn_oid_known.3 | 4 +- doc/manpages/gnutls_x509_dn_oid_name.3 | 4 +- doc/manpages/gnutls_x509_ext_export_aia.3 | 6 +- .../gnutls_x509_ext_export_authority_key_id.3 | 6 +- .../gnutls_x509_ext_export_basic_constraints.3 | 4 +- .../gnutls_x509_ext_export_crl_dist_points.3 | 6 +- doc/manpages/gnutls_x509_ext_export_key_purposes.3 | 8 +- doc/manpages/gnutls_x509_ext_export_key_usage.3 | 4 +- .../gnutls_x509_ext_export_name_constraints.3 | 8 +- doc/manpages/gnutls_x509_ext_export_policies.3 | 6 +- ...utls_x509_ext_export_private_key_usage_period.3 | 4 +- doc/manpages/gnutls_x509_ext_export_proxy.3 | 4 +- .../gnutls_x509_ext_export_subject_alt_names.3 | 6 +- .../gnutls_x509_ext_export_subject_key_id.3 | 4 +- doc/manpages/gnutls_x509_ext_import_aia.3 | 6 +- .../gnutls_x509_ext_import_authority_key_id.3 | 6 +- .../gnutls_x509_ext_import_basic_constraints.3 | 4 +- .../gnutls_x509_ext_import_crl_dist_points.3 | 8 +- doc/manpages/gnutls_x509_ext_import_key_purposes.3 | 10 +- doc/manpages/gnutls_x509_ext_import_key_usage.3 | 4 +- .../gnutls_x509_ext_import_name_constraints.3 | 15 +- doc/manpages/gnutls_x509_ext_import_policies.3 | 8 +- ...utls_x509_ext_import_private_key_usage_period.3 | 4 +- doc/manpages/gnutls_x509_ext_import_proxy.3 | 5 +- .../gnutls_x509_ext_import_subject_alt_names.3 | 9 +- .../gnutls_x509_ext_import_subject_key_id.3 | 4 +- doc/manpages/gnutls_x509_ext_print.3 | 45 - doc/manpages/gnutls_x509_key_purpose_deinit.3 | 8 +- doc/manpages/gnutls_x509_key_purpose_get.3 | 8 +- doc/manpages/gnutls_x509_key_purpose_init.3 | 8 +- doc/manpages/gnutls_x509_key_purpose_set.3 | 8 +- .../gnutls_x509_name_constraints_add_excluded.3 | 12 +- .../gnutls_x509_name_constraints_add_permitted.3 | 11 +- doc/manpages/gnutls_x509_name_constraints_check.3 | 6 +- .../gnutls_x509_name_constraints_check_crt.3 | 6 +- doc/manpages/gnutls_x509_name_constraints_deinit.3 | 8 +- .../gnutls_x509_name_constraints_get_excluded.3 | 8 +- .../gnutls_x509_name_constraints_get_permitted.3 | 8 +- doc/manpages/gnutls_x509_name_constraints_init.3 | 8 +- doc/manpages/gnutls_x509_othername_to_virtual.3 | 44 - doc/manpages/gnutls_x509_policies_deinit.3 | 8 +- doc/manpages/gnutls_x509_policies_get.3 | 8 +- doc/manpages/gnutls_x509_policies_init.3 | 8 +- doc/manpages/gnutls_x509_policies_set.3 | 8 +- doc/manpages/gnutls_x509_policy_release.3 | 4 +- doc/manpages/gnutls_x509_privkey_cpy.3 | 4 +- doc/manpages/gnutls_x509_privkey_deinit.3 | 6 +- doc/manpages/gnutls_x509_privkey_export.3 | 4 +- doc/manpages/gnutls_x509_privkey_export2.3 | 4 +- doc/manpages/gnutls_x509_privkey_export2_pkcs8.3 | 4 +- doc/manpages/gnutls_x509_privkey_export_dsa_raw.3 | 6 +- doc/manpages/gnutls_x509_privkey_export_ecc_raw.3 | 6 +- doc/manpages/gnutls_x509_privkey_export_pkcs8.3 | 4 +- doc/manpages/gnutls_x509_privkey_export_rsa_raw.3 | 6 +- doc/manpages/gnutls_x509_privkey_export_rsa_raw2.3 | 6 +- doc/manpages/gnutls_x509_privkey_fix.3 | 6 +- doc/manpages/gnutls_x509_privkey_generate.3 | 6 +- doc/manpages/gnutls_x509_privkey_get_key_id.3 | 8 +- .../gnutls_x509_privkey_get_pk_algorithm.3 | 6 +- .../gnutls_x509_privkey_get_pk_algorithm2.3 | 6 +- doc/manpages/gnutls_x509_privkey_import.3 | 6 +- doc/manpages/gnutls_x509_privkey_import2.3 | 9 +- doc/manpages/gnutls_x509_privkey_import_dsa_raw.3 | 6 +- doc/manpages/gnutls_x509_privkey_import_ecc_raw.3 | 6 +- doc/manpages/gnutls_x509_privkey_import_openssl.3 | 6 +- doc/manpages/gnutls_x509_privkey_import_pkcs8.3 | 6 +- doc/manpages/gnutls_x509_privkey_import_rsa_raw.3 | 6 +- doc/manpages/gnutls_x509_privkey_import_rsa_raw2.3 | 6 +- doc/manpages/gnutls_x509_privkey_init.3 | 8 +- doc/manpages/gnutls_x509_privkey_sec_param.3 | 6 +- .../gnutls_x509_privkey_set_pin_function.3 | 43 - doc/manpages/gnutls_x509_privkey_sign_data.3 | 10 +- doc/manpages/gnutls_x509_privkey_sign_hash.3 | 6 +- doc/manpages/gnutls_x509_privkey_verify_params.3 | 6 +- doc/manpages/gnutls_x509_rdn_get.3 | 4 +- doc/manpages/gnutls_x509_rdn_get_by_oid.3 | 4 +- doc/manpages/gnutls_x509_rdn_get_oid.3 | 4 +- doc/manpages/gnutls_x509_trust_list_add_cas.3 | 6 +- doc/manpages/gnutls_x509_trust_list_add_crls.3 | 11 +- .../gnutls_x509_trust_list_add_named_crt.3 | 10 +- .../gnutls_x509_trust_list_add_system_trust.3 | 8 +- .../gnutls_x509_trust_list_add_trust_dir.3 | 49 - .../gnutls_x509_trust_list_add_trust_file.3 | 13 +- .../gnutls_x509_trust_list_add_trust_mem.3 | 6 +- doc/manpages/gnutls_x509_trust_list_deinit.3 | 6 +- doc/manpages/gnutls_x509_trust_list_get_issuer.3 | 15 +- .../gnutls_x509_trust_list_get_issuer_by_dn.3 | 45 - ..._x509_trust_list_get_issuer_by_subject_key_id.3 | 47 - doc/manpages/gnutls_x509_trust_list_init.3 | 6 +- doc/manpages/gnutls_x509_trust_list_iter_deinit.3 | 35 - doc/manpages/gnutls_x509_trust_list_iter_get_ca.3 | 50 - doc/manpages/gnutls_x509_trust_list_remove_cas.3 | 6 +- .../gnutls_x509_trust_list_remove_trust_file.3 | 6 +- .../gnutls_x509_trust_list_remove_trust_mem.3 | 6 +- doc/manpages/gnutls_x509_trust_list_verify_crt.3 | 13 +- doc/manpages/gnutls_x509_trust_list_verify_crt2.3 | 77 - .../gnutls_x509_trust_list_verify_named_crt.3 | 13 +- doc/manpages/ocsptool.1 | 98 +- doc/manpages/p11tool.1 | 336 +- doc/manpages/psktool.1 | 72 +- doc/manpages/srptool.1 | 80 +- doc/manpages/systemkey-tool.1 | 120 - doc/manpages/tpmtool.1 | 100 +- doc/ocsp-api.texi | 91 +- doc/pgp-api.texi | 109 +- doc/pkcs11-api.texi | 409 +- doc/pkcs12-api.texi | 156 +- doc/pkcs7-api.texi | 515 - doc/reference/Makefile.in | 43 +- doc/reference/html/api-index-full.html | 7094 ------------ doc/reference/html/gnutls-abstract.html | 1315 ++- doc/reference/html/gnutls-crypto.html | 556 +- doc/reference/html/gnutls-dtls.html | 172 +- doc/reference/html/gnutls-gnutls.html | 4509 ++++---- doc/reference/html/gnutls-ocsp.html | 563 +- doc/reference/html/gnutls-openpgp.html | 1042 +- doc/reference/html/gnutls-pkcs11.html | 993 +- doc/reference/html/gnutls-pkcs12.html | 357 +- doc/reference/html/gnutls-tpm.html | 97 +- doc/reference/html/gnutls-x509.html | 3754 ++++--- doc/reference/html/gnutls.devhelp2 | 1533 --- doc/reference/html/home.png | Bin 256 -> 0 bytes doc/reference/html/index.html | 66 - doc/reference/html/index.sgml | 1574 --- doc/reference/html/intro.html | 9 +- doc/reference/html/left-insensitive.png | Bin 395 -> 0 bytes doc/reference/html/left.png | Bin 262 -> 0 bytes doc/reference/html/right-insensitive.png | Bin 373 -> 0 bytes doc/reference/html/right.png | Bin 261 -> 0 bytes doc/reference/html/style.css | 479 - doc/reference/html/up-insensitive.png | Bin 374 -> 0 bytes doc/reference/html/up.png | Bin 260 -> 0 bytes doc/reference/tmpl/abstract.sgml | 36 +- doc/reference/tmpl/algorithms.sgml | 7 +- doc/reference/tmpl/common.sgml | 27 + doc/reference/tmpl/compat.sgml | 29 + doc/reference/tmpl/context.sgml | 10 + doc/reference/tmpl/crypto-backend.sgml | 41 +- doc/reference/tmpl/gnutls-unused.sgml | 2586 +---- doc/reference/tmpl/gnutls.sgml | 173 +- doc/reference/tmpl/gnutls_compress.sgml | 8 +- doc/reference/tmpl/gnutls_dtls.sgml | 6 + doc/reference/tmpl/gnutls_errors.sgml | 5 +- doc/reference/tmpl/gnutls_handshake.sgml | 11 +- doc/reference/tmpl/gnutls_hash_int.sgml | 8 + doc/reference/tmpl/gnutls_int.sgml | 35 +- doc/reference/tmpl/gnutls_str_array.sgml | 5 +- doc/reference/tmpl/libtasn1.sgml | 731 ++ doc/reference/tmpl/opencdk.sgml | 1623 ++- doc/reference/tmpl/pkcs11.sgml | 72 +- doc/reference/tmpl/pkcs11_int.sgml | 9 +- doc/reference/tmpl/system.sgml | 27 + doc/reference/tmpl/x509.sgml | 18 +- doc/reference/tmpl/x509_int.sgml | 1 - doc/scripts/Makefile.in | 39 +- doc/scripts/cleanup-autogen.pl | 4 +- doc/scripts/gdoc | 4 +- doc/scripts/getfuncs.pl | 6 +- doc/scripts/sort2.pl | 4 +- doc/scripts/split-texi.pl | 4 +- doc/sec-tls-app.texi | 37 +- doc/stamp-1 | 8 +- doc/stamp-vti | 8 +- doc/texinfo.css | 1 - doc/version-guile.texi | 8 +- doc/version.texi | 8 +- doc/x509-api.texi | 1397 +-- extra/Makefile.in | 41 +- extra/includes/Makefile.in | 41 +- gl/Makefile.am | 37 +- gl/Makefile.in | 84 +- gl/alloca.in.h | 2 +- gl/asnprintf.c | 2 +- gl/asprintf.c | 2 +- gl/base64.c | 2 +- gl/base64.h | 2 +- gl/byteswap.in.h | 2 +- gl/c-ctype.c | 2 +- gl/c-ctype.h | 2 +- gl/errno.in.h | 2 +- gl/float+.h | 2 +- gl/float.c | 2 +- gl/float.in.h | 2 +- gl/fstat.c | 2 +- gl/ftell.c | 2 +- gl/ftello.c | 2 +- gl/getdelim.c | 2 +- gl/getline.c | 2 +- gl/gettext.h | 2 +- gl/gettimeofday.c | 2 +- gl/hash-pjw-bare.c | 2 +- gl/hash-pjw-bare.h | 2 +- gl/intprops.h | 2 +- gl/itold.c | 2 +- gl/lseek.c | 2 +- gl/m4/00gnulib.m4 | 2 +- gl/m4/absolute-header.m4 | 2 +- gl/m4/alloca.m4 | 2 +- gl/m4/base64.m4 | 2 +- gl/m4/byteswap.m4 | 2 +- gl/m4/errno_h.m4 | 2 +- gl/m4/exponentd.m4 | 2 +- gl/m4/extensions.m4 | 7 +- gl/m4/extern-inline.m4 | 45 +- gl/m4/fcntl_h.m4 | 2 +- gl/m4/fdopen.m4 | 2 +- gl/m4/float_h.m4 | 2 +- gl/m4/fpieee.m4 | 2 +- gl/m4/fseeko.m4 | 2 +- gl/m4/fstat.m4 | 2 +- gl/m4/ftell.m4 | 2 +- gl/m4/ftello.m4 | 2 +- gl/m4/func.m4 | 2 +- gl/m4/getdelim.m4 | 2 +- gl/m4/getline.m4 | 2 +- gl/m4/getpagesize.m4 | 2 +- gl/m4/gettimeofday.m4 | 2 +- gl/m4/gnulib-cache.m4 | 7 +- gl/m4/gnulib-common.m4 | 64 +- gl/m4/gnulib-comp.m4 | 31 +- gl/m4/include_next.m4 | 2 +- gl/m4/intmax_t.m4 | 2 +- gl/m4/inttypes.m4 | 2 +- gl/m4/largefile.m4 | 2 +- gl/m4/ld-output-def.m4 | 2 +- gl/m4/ld-version-script.m4 | 47 +- gl/m4/lseek.m4 | 2 +- gl/m4/malloc.m4 | 2 +- gl/m4/manywarnings.m4 | 51 +- gl/m4/memchr.m4 | 2 +- gl/m4/memmem.m4 | 2 +- gl/m4/minmax.m4 | 2 +- gl/m4/mmap-anon.m4 | 2 +- gl/m4/msvc-inval.m4 | 2 +- gl/m4/msvc-nothrow.m4 | 2 +- gl/m4/multiarch.m4 | 2 +- gl/m4/netdb_h.m4 | 2 +- gl/m4/netinet_in_h.m4 | 2 +- gl/m4/off_t.m4 | 2 +- gl/m4/printf.m4 | 67 +- gl/m4/read-file.m4 | 2 +- gl/m4/realloc.m4 | 2 +- gl/m4/snprintf.m4 | 2 +- gl/m4/socklen.m4 | 2 +- gl/m4/sockpfaf.m4 | 2 +- gl/m4/ssize_t.m4 | 2 +- gl/m4/stdalign.m4 | 10 +- gl/m4/stdbool.m4 | 2 +- gl/m4/stddef_h.m4 | 10 +- gl/m4/stdint.m4 | 2 +- gl/m4/stdio_h.m4 | 31 +- gl/m4/stdlib_h.m4 | 4 +- gl/m4/strcase.m4 | 2 +- gl/m4/string_h.m4 | 2 +- gl/m4/strings_h.m4 | 2 +- gl/m4/strndup.m4 | 2 +- gl/m4/strnlen.m4 | 2 +- gl/m4/strtok_r.m4 | 2 +- gl/m4/strverscmp.m4 | 2 +- gl/m4/sys_socket_h.m4 | 2 +- gl/m4/sys_stat_h.m4 | 2 +- gl/m4/sys_time_h.m4 | 3 +- gl/m4/sys_types_h.m4 | 2 +- gl/m4/sys_uio_h.m4 | 2 +- gl/m4/time_h.m4 | 22 +- gl/m4/time_r.m4 | 2 +- gl/m4/ungetc.m4 | 7 +- gl/m4/unistd_h.m4 | 6 +- gl/m4/valgrind-tests.m4 | 6 +- gl/m4/vasnprintf.m4 | 2 +- gl/m4/vasprintf.m4 | 2 +- gl/m4/vsnprintf.m4 | 2 +- gl/m4/warn-on-use.m4 | 2 +- gl/m4/warnings.m4 | 2 +- gl/m4/wchar_h.m4 | 2 +- gl/malloc.c | 2 +- gl/memchr.c | 2 +- gl/memmem.c | 2 +- gl/minmax.h | 2 +- gl/msvc-inval.c | 2 +- gl/msvc-inval.h | 2 +- gl/msvc-nothrow.c | 2 +- gl/msvc-nothrow.h | 2 +- gl/netdb.in.h | 2 +- gl/netinet_in.in.h | 2 +- gl/printf-args.c | 2 +- gl/printf-args.h | 2 +- gl/printf-parse.c | 2 +- gl/printf-parse.h | 2 +- gl/read-file.c | 2 +- gl/read-file.h | 2 +- gl/realloc.c | 2 +- gl/size_max.h | 2 +- gl/snprintf.c | 2 +- gl/stdalign.in.h | 7 +- gl/stdbool.in.h | 2 +- gl/stddef.in.h | 54 +- gl/stdint.in.h | 2 +- gl/stdio-impl.h | 7 +- gl/stdio.in.h | 12 +- gl/stdlib.in.h | 25 +- gl/str-two-way.h | 2 +- gl/strcasecmp.c | 2 +- gl/string.in.h | 23 +- gl/strings.in.h | 2 +- gl/strncasecmp.c | 2 +- gl/strndup.c | 2 +- gl/strnlen.c | 2 +- gl/strtok_r.c | 2 +- gl/strverscmp.c | 2 +- gl/sys_socket.in.h | 2 +- gl/sys_stat.in.h | 2 +- gl/sys_time.in.h | 2 +- gl/sys_types.in.h | 2 +- gl/sys_uio.in.h | 2 +- gl/tests/Makefile.am | 10 +- gl/tests/Makefile.in | 89 +- gl/tests/binary-io.h | 2 +- gl/tests/fcntl.in.h | 22 +- gl/tests/fdopen.c | 2 +- gl/tests/fpucw.h | 2 +- gl/tests/getpagesize.c | 2 +- gl/tests/init.sh | 24 +- gl/tests/inttypes.in.h | 6 +- gl/tests/macros.h | 2 +- gl/tests/signature.h | 2 +- gl/tests/test-alloca-opt.c | 2 +- gl/tests/test-base64.c | 2 +- gl/tests/test-binary-io.c | 2 +- gl/tests/test-byteswap.c | 2 +- gl/tests/test-c-ctype.c | 2 +- gl/tests/test-errno.c | 2 +- gl/tests/test-fcntl-h.c | 4 +- gl/tests/test-fdopen.c | 2 +- gl/tests/test-fgetc.c | 2 +- gl/tests/test-float.c | 2 +- gl/tests/test-fputc.c | 2 +- gl/tests/test-fread.c | 2 +- gl/tests/test-fstat.c | 2 +- gl/tests/test-ftell.c | 2 +- gl/tests/test-ftell3.c | 2 +- gl/tests/test-ftello.c | 2 +- gl/tests/test-ftello3.c | 2 +- gl/tests/test-ftello4.c | 2 +- gl/tests/test-func.c | 2 +- gl/tests/test-fwrite.c | 2 +- gl/tests/test-getdelim.c | 2 +- gl/tests/test-getline.c | 2 +- gl/tests/test-gettimeofday.c | 2 +- gl/tests/test-iconv.c | 2 +- gl/tests/test-init.sh | 2 +- gl/tests/test-intprops.c | 2 +- gl/tests/test-inttypes.c | 2 +- gl/tests/test-memchr.c | 2 +- gl/tests/test-netdb.c | 2 +- gl/tests/test-netinet_in.c | 2 +- gl/tests/test-read-file.c | 8 +- gl/tests/test-snprintf.c | 2 +- gl/tests/test-stdalign.c | 2 +- gl/tests/test-stdbool.c | 2 +- gl/tests/test-stddef.c | 25 +- gl/tests/test-stdint.c | 2 +- gl/tests/test-stdio.c | 2 +- gl/tests/test-stdlib.c | 2 +- gl/tests/test-string.c | 2 +- gl/tests/test-strings.c | 2 +- gl/tests/test-strnlen.c | 2 +- gl/tests/test-strverscmp.c | 2 +- gl/tests/test-sys_socket.c | 2 +- gl/tests/test-sys_stat.c | 2 +- gl/tests/test-sys_time.c | 2 +- gl/tests/test-sys_types.c | 2 +- gl/tests/test-sys_uio.c | 2 +- gl/tests/test-sys_wait.h | 2 +- gl/tests/test-time.c | 2 +- src/gl/ftell.c => gl/tests/test-u64.c | 46 +- gl/tests/test-unistd.c | 2 +- gl/tests/test-vasnprintf.c | 2 +- gl/tests/test-vasprintf.c | 2 +- gl/tests/test-vc-list-files-cvs.sh | 2 +- gl/tests/test-vc-list-files-git.sh | 2 +- gl/tests/test-verify.c | 2 +- gl/tests/test-vsnprintf.c | 2 +- gl/tests/test-wchar.c | 2 +- gl/tests/zerosize-ptr.h | 2 +- gl/time.in.h | 31 +- gl/time_r.c | 2 +- gl/u64.c | 3 + gl/u64.h | 179 + gl/unistd.in.h | 39 +- gl/vasnprintf.c | 199 +- gl/vasnprintf.h | 2 +- gl/vasprintf.c | 2 +- gl/verify.h | 2 +- gl/vsnprintf.c | 2 +- gl/wchar.in.h | 11 +- gl/xsize.h | 2 +- guile/Makefile.in | 40 +- guile/modules/Makefile.am | 4 +- guile/modules/Makefile.in | 45 +- guile/modules/gnutls.in | 30 +- guile/modules/gnutls/build/enums.scm | 9 +- guile/modules/gnutls/build/priorities.scm | 104 + guile/modules/gnutls/build/smobs.scm | 7 +- guile/src/Makefile.am | 26 +- guile/src/Makefile.in | 66 +- guile/src/core.c | 184 +- guile/src/make-session-priorities.scm | 43 + guile/tests/Makefile.in | 43 +- guile/tests/anonymous-auth.scm | 3 +- guile/tests/openpgp-auth.scm | 8 +- guile/tests/openpgp-keyring.scm | 4 +- guile/tests/session-record-port.scm | 25 +- guile/tests/x509-auth.scm | 34 +- lib/Makefile.am | 31 +- lib/Makefile.in | 213 +- lib/abstract_int.h | 5 - lib/accelerated/Makefile.in | 41 +- lib/accelerated/cryptodev-gcm.c | 6 +- lib/accelerated/cryptodev.c | 6 +- lib/accelerated/x86/Makefile.am | 29 +- lib/accelerated/x86/Makefile.in | 241 +- lib/accelerated/x86/aes-ccm-x86-aesni.c | 150 - lib/accelerated/x86/aes-gcm-aead.h | 48 - lib/accelerated/x86/aes-gcm-padlock.c | 38 +- lib/accelerated/x86/aes-gcm-x86-aesni.c | 34 +- lib/accelerated/x86/aes-gcm-x86-pclmul.c | 11 +- lib/accelerated/x86/aes-gcm-x86-ssse3.c | 36 +- lib/accelerated/x86/aes-padlock.c | 11 +- lib/accelerated/x86/aes-padlock.h | 1 - lib/accelerated/x86/aes-x86.h | 5 +- lib/accelerated/x86/coff/aes-ssse3-x86_64.s | 36 +- lib/accelerated/x86/coff/aesni-x86.s | 881 +- lib/accelerated/x86/coff/aesni-x86_64.s | 1291 ++- lib/accelerated/x86/coff/e_padlock-x86_64.s | 68 +- lib/accelerated/x86/coff/ghash-x86_64.s | 383 +- lib/accelerated/x86/coff/sha1-ssse3-x86_64.s | 1789 ++- lib/accelerated/x86/coff/sha256-ssse3-x86.s | 53 +- lib/accelerated/x86/coff/sha512-ssse3-x86.s | 2 + lib/accelerated/x86/coff/sha512-ssse3-x86_64.s | 1051 +- lib/accelerated/x86/elf/aes-ssse3-x86.s | 3 - lib/accelerated/x86/elf/aes-ssse3-x86_64.s | 25 +- lib/accelerated/x86/elf/aesni-x86.s | 886 +- lib/accelerated/x86/elf/aesni-x86_64.s | 1274 ++- lib/accelerated/x86/elf/cpuid-x86.s | 3 - lib/accelerated/x86/elf/cpuid-x86_64.s | 3 - lib/accelerated/x86/elf/e_padlock-x86.s | 3 - lib/accelerated/x86/elf/e_padlock-x86_64.s | 71 +- lib/accelerated/x86/elf/ghash-x86_64.s | 328 +- lib/accelerated/x86/elf/sha1-ssse3-x86.s | 3 - lib/accelerated/x86/elf/sha1-ssse3-x86_64.s | 1752 ++- lib/accelerated/x86/elf/sha256-ssse3-x86.s | 56 +- lib/accelerated/x86/elf/sha512-ssse3-x86.s | 5 +- lib/accelerated/x86/elf/sha512-ssse3-x86_64.s | 1044 +- lib/accelerated/x86/files.mk | 18 +- lib/accelerated/x86/hmac-padlock.c | 33 +- lib/accelerated/x86/hmac-x86-ssse3.c | 32 +- lib/accelerated/x86/macosx/aes-ssse3-x86_64.s | 22 +- lib/accelerated/x86/macosx/aesni-x86.s | 877 +- lib/accelerated/x86/macosx/aesni-x86_64.s | 1271 ++- lib/accelerated/x86/macosx/e_padlock-x86_64.s | 68 +- lib/accelerated/x86/macosx/ghash-x86_64.s | 325 +- lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s | 1749 ++- lib/accelerated/x86/macosx/sha256-ssse3-x86.s | 57 +- lib/accelerated/x86/macosx/sha512-ssse3-x86.s | 2 + lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s | 1041 +- lib/accelerated/x86/sha-padlock.c | 39 +- lib/accelerated/x86/sha-padlock.h | 6 +- lib/accelerated/x86/sha-x86-ssse3.c | 12 +- lib/accelerated/x86/x86-common.c | 582 +- lib/accelerated/x86/x86-common.h | 2 + lib/algorithms.h | 43 +- lib/algorithms/Makefile.in | 41 +- lib/algorithms/ciphers.c | 247 +- lib/algorithms/ciphersuites.c | 716 +- lib/algorithms/ecc.c | 34 +- lib/algorithms/kx.c | 19 - lib/algorithms/mac.c | 44 +- lib/algorithms/protocols.c | 55 +- lib/algorithms/publickey.c | 26 +- lib/algorithms/secparams.c | 9 +- lib/algorithms/sign.c | 32 +- lib/atfork.c | 79 - lib/atfork.h | 64 - lib/auth/Makefile.in | 41 +- lib/auth/cert.c | 68 +- lib/auth/cert.h | 3 +- lib/auth/dh_common.c | 5 +- lib/auth/dhe.c | 2 +- lib/auth/dhe_psk.c | 84 +- lib/auth/ecdhe.c | 2 +- lib/auth/psk.c | 19 +- lib/auth/psk_passwd.c | 15 +- lib/auth/rsa.c | 57 +- lib/auth/srp.c | 6 +- lib/auth/srp_sb64.c | 8 +- lib/auto-verify.c | 147 - lib/crypto-api.c | 362 +- lib/crypto-backend.c | 375 +- lib/crypto-backend.h | 70 +- lib/crypto-selftests-pk.c | 110 +- lib/crypto-selftests.c | 257 +- lib/ext/Makefile.am | 4 +- lib/ext/Makefile.in | 52 +- lib/ext/alpn.c | 76 +- lib/ext/dumbfw.c | 7 +- lib/ext/ecc.c | 19 +- lib/ext/etm.c | 140 - lib/ext/etm.h | 30 - lib/ext/ext_master_secret.c | 128 - lib/ext/ext_master_secret.h | 30 - lib/ext/heartbeat.c | 34 +- lib/ext/max_record.c | 24 +- lib/ext/safe_renegotiation.c | 29 +- lib/ext/server_name.c | 124 +- lib/ext/session_ticket.c | 44 +- lib/ext/signature.c | 42 +- lib/ext/srp.c | 12 +- lib/ext/srtp.c | 40 +- lib/ext/status_request.c | 32 +- lib/extras/Makefile.am | 4 +- lib/extras/Makefile.in | 47 +- lib/extras/hex.c | 71 - lib/extras/hex.h | 73 - lib/extras/licenses/CC0 | 28 - lib/extras/randomart.c | 14 +- lib/fips.c | 167 +- lib/fips.h | 4 +- lib/gnutls.pc.in | 2 +- lib/gnutls_alert.c | 19 +- lib/gnutls_anon_cred.c | 14 +- lib/gnutls_auth.c | 28 +- lib/gnutls_buffers.c | 155 +- lib/gnutls_cert.c | 261 +- lib/gnutls_cipher.c | 478 +- lib/gnutls_cipher_int.c | 176 +- lib/gnutls_cipher_int.h | 81 +- lib/gnutls_constate.c | 50 +- lib/gnutls_datum.c | 21 - lib/gnutls_datum.h | 3 - lib/gnutls_db.c | 21 +- lib/gnutls_db.h | 2 +- lib/gnutls_dh.c | 45 +- lib/gnutls_dtls.c | 82 +- lib/gnutls_dtls.h | 27 +- lib/gnutls_ecc.c | 10 - lib/gnutls_errors.c | 407 +- lib/gnutls_errors.h | 1 - lib/gnutls_extensions.c | 240 +- lib/gnutls_extensions.h | 29 +- lib/gnutls_global.c | 112 +- lib/gnutls_global.h | 1 - lib/gnutls_handshake.c | 570 +- lib/gnutls_handshake.h | 2 - lib/gnutls_hash_int.h | 8 +- lib/gnutls_int.h | 151 +- lib/gnutls_kx.c | 51 +- lib/gnutls_mbuffers.c | 2 +- lib/gnutls_mem.c | 2 - lib/gnutls_mem.h | 10 +- lib/gnutls_pcert.c | 154 +- lib/gnutls_pk.c | 49 +- lib/gnutls_pk.h | 5 + lib/gnutls_priority.c | 709 +- lib/gnutls_privkey.c | 362 +- lib/gnutls_privkey_raw.c | 2 +- lib/gnutls_psk.c | 35 +- lib/gnutls_pubkey.c | 494 +- lib/gnutls_range.c | 12 +- lib/gnutls_record.c | 171 +- lib/gnutls_record.h | 5 - lib/gnutls_rsa_export.c | 223 + lib/gnutls_session.c | 23 +- lib/gnutls_session_pack.c | 22 +- lib/gnutls_sig.c | 68 +- lib/gnutls_sig.h | 7 - lib/gnutls_srp.c | 24 +- lib/gnutls_state.c | 497 +- lib/gnutls_state.h | 5 - lib/gnutls_str.c | 213 +- lib/gnutls_str.h | 35 +- lib/gnutls_supplemental.c | 161 +- lib/gnutls_supplemental.h | 2 - lib/gnutls_ui.c | 217 +- lib/gnutls_v2_compat.c | 4 +- lib/gnutls_x509.c | 588 +- lib/gnutls_x509.h | 6 +- lib/includes/Makefile.am | 3 +- lib/includes/Makefile.in | 45 +- lib/includes/gnutls/abstract.h | 101 +- lib/includes/gnutls/compat.h | 174 +- lib/includes/gnutls/crypto.h | 113 - lib/includes/gnutls/gnutls.h.in | 442 +- lib/includes/gnutls/ocsp.h | 12 +- lib/includes/gnutls/openpgp.h | 12 - lib/includes/gnutls/pkcs11.h | 230 +- lib/includes/gnutls/pkcs12.h | 13 - lib/includes/gnutls/pkcs7.h | 147 - lib/includes/gnutls/system-keys.h | 63 - lib/includes/gnutls/urls.h | 77 - lib/includes/gnutls/x509-ext.h | 7 +- lib/includes/gnutls/x509.h | 235 +- lib/inet_ntop.c | 250 - lib/inet_pton.c | 266 - lib/libgnutls.map | 1319 ++- lib/locks.c | 2 +- lib/minitasn1/Makefile.in | 41 +- lib/minitasn1/coding.c | 15 +- lib/minitasn1/decoding.c | 744 +- lib/minitasn1/element.c | 26 +- lib/minitasn1/element.h | 8 +- lib/minitasn1/int.h | 30 +- lib/minitasn1/libtasn1.h | 18 +- lib/minitasn1/parser_aux.c | 64 +- lib/minitasn1/parser_aux.h | 18 +- lib/minitasn1/structure.c | 34 +- lib/nettle/Makefile.am | 1 + lib/nettle/Makefile.in | 54 +- lib/nettle/cipher.c | 876 +- lib/nettle/int/drbg-aes-self-test.c | 107 +- lib/nettle/int/drbg-aes.c | 44 +- lib/nettle/int/drbg-aes.h | 14 +- lib/nettle/int/dsa-fips.h | 27 +- lib/nettle/int/dsa-keygen-fips186.c | 70 +- lib/nettle/int/dsa-validate.c | 22 +- lib/nettle/int/gcm-camellia.c | 78 + lib/nettle/int/gcm-camellia.h | 38 + lib/nettle/int/provable-prime.c | 25 +- lib/nettle/int/rsa-keygen-fips186.c | 47 +- lib/nettle/mac.c | 12 +- lib/nettle/mpi.c | 2 +- lib/nettle/pk.c | 560 +- lib/nettle/rnd-common.c | 108 +- lib/nettle/rnd-common.h | 7 +- lib/nettle/rnd-fips.c | 42 +- lib/nettle/rnd.c | 107 +- lib/opencdk/Makefile.am | 2 +- lib/opencdk/Makefile.in | 43 +- lib/opencdk/armor.c | 14 +- lib/opencdk/kbnode.c | 2 +- lib/opencdk/keydb.c | 217 +- lib/opencdk/literal.c | 2 +- lib/opencdk/misc.c | 2 +- lib/opencdk/read-packet.c | 1 + lib/opencdk/stream.h | 2 +- lib/openpgp/Makefile.in | 41 +- lib/openpgp/compat.c | 3 +- lib/openpgp/extras.c | 14 +- lib/openpgp/gnutls_openpgp.c | 127 +- lib/openpgp/gnutls_openpgp.h | 14 +- lib/openpgp/output.c | 22 +- lib/openpgp/pgp.c | 54 +- lib/openpgp/privkey.c | 6 +- lib/pin.c | 24 - lib/pin.h | 4 - lib/pkcs11.c | 1915 ++-- lib/pkcs11_int.c | 62 - lib/pkcs11_int.h | 107 +- lib/pkcs11_privkey.c | 640 +- lib/pkcs11_secret.c | 2 +- lib/pkcs11_write.c | 661 +- lib/pkcs11x.c | 295 - lib/pkcs11x.h | 26 - lib/pkix.asn | 27 +- lib/pkix_asn1_tab.c | 26 +- lib/priority_options.gperf | 4 - lib/priority_options.h | 204 +- lib/random.c | 6 +- lib/random.h | 12 - lib/{safe-memfuncs.c => safe-memset.c} | 36 +- lib/system-keys-dummy.c | 80 - lib/system-keys-win.c | 1123 -- lib/system-keys.h | 40 - lib/system.c | 289 +- lib/system.h | 26 +- lib/system_override.c | 24 +- lib/tpm.c | 295 +- lib/urls.c | 162 - lib/urls.h | 38 - lib/vasprintf.c | 81 +- lib/verify-tofu.c | 106 +- lib/x509/Makefile.am | 12 +- lib/x509/Makefile.in | 82 +- lib/x509/common.c | 516 +- lib/x509/common.h | 68 +- lib/x509/crl.c | 155 +- lib/x509/crl_write.c | 24 +- lib/x509/crq.c | 174 +- lib/x509/dn.c | 51 +- lib/x509/email-verify.c | 166 - lib/x509/extensions.c | 22 +- lib/x509/gnutls-idna.h | 52 - lib/x509/hostname-verify.c | 269 - lib/x509/key_decode.c | 9 +- lib/x509/key_encode.c | 14 +- lib/x509/mpi.c | 26 +- lib/x509/name_constraints.c | 181 +- lib/x509/ocsp.c | 411 +- lib/x509/ocsp_output.c | 93 +- lib/x509/output.c | 1539 +-- lib/x509/pbkdf2-sha1.c | 190 + lib/x509/pbkdf2-sha1.h | 21 + lib/x509/pkcs12.c | 333 +- lib/x509/pkcs12_bag.c | 137 +- lib/x509/pkcs12_encr.c | 26 +- lib/x509/pkcs7-attrs.c | 159 - lib/x509/pkcs7-output.c | 262 - lib/x509/pkcs7.c | 1915 +--- lib/x509/privkey.c | 331 +- lib/x509/privkey_openssl.c | 3 +- lib/x509/privkey_pkcs8.c | 882 +- lib/x509/rfc2818_hostname.c | 137 + lib/x509/sign.c | 4 +- lib/x509/verify-high.c | 785 +- lib/x509/verify-high.h | 5 - lib/x509/verify-high2.c | 239 +- lib/x509/verify.c | 696 +- lib/x509/x509.c | 976 +- lib/x509/x509_dn.c | 34 +- lib/x509/x509_ext.c | 346 +- lib/x509/x509_int.h | 64 +- lib/x509/x509_write.c | 111 +- lib/x509_b64.c | 8 +- libdane/Makefile.in | 41 +- libdane/dane.c | 246 +- libdane/errors.c | 4 +- libdane/includes/Makefile.in | 41 +- libdane/includes/gnutls/dane.h | 2 - libdane/libdane.map | 1 - ltmain.sh | 9661 ++++++++++++++++ m4/hooks.m4 | 39 +- maint.mk | 31 +- po/cs.gmo | Bin 27078 -> 27672 bytes po/cs.po | 827 +- po/de.gmo | Bin 25830 -> 26321 bytes po/de.po | 822 +- po/en@boldquot.gmo | Bin 28498 -> 27817 bytes po/en@boldquot.po | 813 +- po/en@quot.gmo | Bin 28486 -> 27797 bytes po/en@quot.po | 813 +- po/eo.gmo | Bin 26247 -> 26836 bytes po/eo.po | 829 +- po/fi.gmo | Bin 26874 -> 27518 bytes po/fi.po | 830 +- po/fr.gmo | Bin 28129 -> 20004 bytes po/fr.po | 1567 +-- po/gnutls.pot | 803 +- po/it.gmo | Bin 27752 -> 28386 bytes po/it.po | 830 +- po/ms.gmo | Bin 15528 -> 15240 bytes po/ms.po | 1059 +- po/nl.gmo | Bin 27178 -> 27785 bytes po/nl.po | 831 +- po/pl.gmo | Bin 27219 -> 27816 bytes po/pl.po | 825 +- po/sv.gmo | Bin 23082 -> 23678 bytes po/sv.po | 842 +- po/uk.gmo | Bin 34856 -> 35669 bytes po/uk.po | 832 +- po/vi.gmo | Bin 29046 -> 29786 bytes po/vi.po | 831 +- po/zh_CN.gmo | Bin 25042 -> 14923 bytes po/zh_CN.po | 1234 +-- src/Makefile.am | 51 +- src/Makefile.in | 225 +- src/args-std.def | 4 +- src/benchmark-cipher.c | 12 +- src/benchmark-tls.c | 197 +- src/certtool-args.c.bak | 1610 +-- src/certtool-args.def | 215 +- src/certtool-args.h.bak | 251 +- src/certtool-cfg.c | 207 +- src/certtool-cfg.h | 10 +- src/certtool-common.c | 219 +- src/certtool-common.h | 18 +- src/certtool.c | 1369 +-- src/cli-args.c.bak | 1081 +- src/cli-args.def | 67 +- src/cli-args.h.bak | 181 +- src/cli-debug-args.c.bak | 273 +- src/cli-debug-args.def | 104 +- src/cli-debug-args.h.bak | 41 +- src/cli-debug.c | 196 +- src/cli.c | 373 +- src/common.c | 93 +- src/common.h | 24 +- src/crywrap/Makefile.in | 41 +- src/crywrap/crywrap.c | 3 +- src/danetool-args.c.bak | 818 +- src/danetool-args.def | 90 +- src/danetool-args.h.bak | 87 +- src/danetool.c | 406 +- src/gl/Makefile.am | 44 +- src/gl/Makefile.in | 108 +- src/gl/accept.c | 2 +- src/gl/alloca.in.h | 2 +- src/gl/arpa_inet.in.h | 2 +- src/gl/asnprintf.c | 2 +- src/gl/bind.c | 2 +- src/gl/c-ctype.c | 2 +- src/gl/c-ctype.h | 2 +- src/gl/close.c | 2 +- src/gl/connect.c | 2 +- src/gl/dup2.c | 2 +- src/gl/errno.in.h | 2 +- src/gl/error.c | 25 +- src/gl/error.h | 16 +- src/gl/exitfail.c | 2 +- src/gl/exitfail.h | 2 +- src/gl/fd-hook.c | 2 +- src/gl/fd-hook.h | 2 +- src/gl/float+.h | 2 +- src/gl/float.c | 2 +- src/gl/float.in.h | 2 +- src/gl/fseek.c | 2 +- src/gl/fseeko.c | 13 +- src/gl/fstat.c | 2 +- src/gl/ftello.c | 85 - src/gl/gai_strerror.c | 2 +- src/gl/getaddrinfo.c | 2 +- src/gl/getdelim.c | 2 +- src/gl/getline.c | 2 +- src/gl/getpass.c | 4 +- src/gl/getpass.h | 2 +- src/gl/getpeername.c | 2 +- src/gl/gettext.h | 2 +- src/gl/gettime.c | 2 +- src/gl/gettimeofday.c | 2 +- src/gl/inet_ntop.c | 2 +- src/gl/inet_pton.c | 2 +- src/gl/intprops.h | 2 +- src/gl/itold.c | 2 +- src/gl/listen.c | 2 +- src/gl/lseek.c | 2 +- src/gl/m4/arpa_inet_h.m4 | 2 +- src/gl/m4/bison.m4 | 2 +- src/gl/m4/clock_time.m4 | 2 +- src/gl/m4/close.m4 | 2 +- src/gl/m4/dup2.m4 | 84 +- src/gl/m4/eealloc.m4 | 2 +- src/gl/m4/environ.m4 | 2 +- src/gl/m4/error.m4 | 2 +- src/gl/m4/fseek.m4 | 2 +- src/gl/m4/getaddrinfo.m4 | 2 +- src/gl/m4/getpass.m4 | 2 +- src/gl/m4/gettime.m4 | 2 +- src/gl/m4/gnulib-cache.m4 | 7 +- src/gl/m4/gnulib-comp.m4 | 35 +- src/gl/m4/hostent.m4 | 2 +- src/gl/m4/inet_ntop.m4 | 2 +- src/gl/m4/inet_pton.m4 | 2 +- src/gl/m4/malloca.m4 | 2 +- src/gl/m4/mktime.m4 | 2 +- src/gl/m4/parse-datetime.m4 | 2 +- src/gl/m4/select.m4 | 2 +- src/gl/m4/servent.m4 | 2 +- src/gl/m4/setenv.m4 | 2 +- src/gl/m4/signal_h.m4 | 2 +- src/gl/m4/socketlib.m4 | 2 +- src/gl/m4/sockets.m4 | 2 +- src/gl/m4/strdup.m4 | 2 +- src/gl/m4/strerror.m4 | 2 +- src/gl/m4/sys_select_h.m4 | 2 +- src/gl/m4/timespec.m4 | 2 +- src/gl/m4/tm_gmtoff.m4 | 2 +- src/gl/m4/xalloc.m4 | 2 +- src/gl/malloc.c | 2 +- src/gl/malloca.c | 2 +- src/gl/malloca.h | 2 +- src/gl/memchr.c | 2 +- src/gl/minmax.h | 60 - src/gl/mktime.c | 6 +- src/gl/msvc-inval.c | 2 +- src/gl/msvc-inval.h | 2 +- src/gl/msvc-nothrow.c | 2 +- src/gl/msvc-nothrow.h | 2 +- src/gl/netdb.in.h | 2 +- src/gl/netinet_in.in.h | 2 +- src/gl/parse-datetime.c | 6 +- src/gl/parse-datetime.h | 2 +- src/gl/parse-datetime.y | 6 +- src/gl/printf-args.c | 2 +- src/gl/printf-args.h | 2 +- src/gl/printf-parse.c | 2 +- src/gl/printf-parse.h | 2 +- src/gl/progname.c | 2 +- src/gl/progname.h | 2 +- src/gl/read-file.c | 188 - src/gl/read-file.h | 33 - src/gl/realloc.c | 2 +- src/gl/recv.c | 2 +- src/gl/recvfrom.c | 2 +- src/gl/select.c | 38 +- src/gl/send.c | 2 +- src/gl/sendto.c | 2 +- src/gl/setenv.c | 2 +- src/gl/setsockopt.c | 2 +- src/gl/shutdown.c | 2 +- src/gl/signal.in.h | 10 +- src/gl/size_max.h | 2 +- src/gl/snprintf.c | 2 +- src/gl/socket.c | 2 +- src/gl/sockets.c | 2 +- src/gl/sockets.h | 2 +- src/gl/stdalign.in.h | 7 +- src/gl/stdbool.in.h | 2 +- src/gl/stddef.in.h | 54 +- src/gl/stdint.in.h | 2 +- src/gl/stdio-impl.h | 7 +- src/gl/stdio.in.h | 12 +- src/gl/stdlib.in.h | 25 +- src/gl/strdup.c | 2 +- src/gl/strerror-override.c | 2 +- src/gl/strerror-override.h | 2 +- src/gl/strerror.c | 2 +- src/gl/string.in.h | 23 +- src/gl/sys_select.in.h | 17 +- src/gl/sys_socket.in.h | 2 +- src/gl/sys_stat.in.h | 2 +- src/gl/sys_time.in.h | 2 +- src/gl/sys_types.in.h | 2 +- src/gl/sys_uio.in.h | 2 +- src/gl/time.in.h | 31 +- src/gl/time_r.c | 2 +- src/gl/timespec.h | 6 +- src/gl/unistd.in.h | 39 +- src/gl/unsetenv.c | 2 +- src/gl/vasnprintf.c | 199 +- src/gl/vasnprintf.h | 2 +- src/gl/verify.h | 2 +- src/gl/w32sock.h | 2 +- src/gl/wchar.in.h | 11 +- src/gl/xalloc-die.c | 2 +- src/gl/xalloc-oversized.h | 2 +- src/gl/xalloc.h | 21 +- src/gl/xmalloc.c | 2 +- src/gl/xsize.h | 2 +- src/libopts/COPYING.gplv3 | 2 +- src/libopts/COPYING.lgplv3 | 2 +- src/libopts/COPYING.mbsd | 1 - src/libopts/Makefile.am | 71 +- src/libopts/Makefile.in | 111 +- src/libopts/README | 2 +- src/libopts/ag-char-map.h | 4 +- src/libopts/alias.c | 2 +- src/libopts/ao-strs.c | 141 +- src/libopts/ao-strs.h | 146 +- src/libopts/autoopts.c | 8 +- src/libopts/autoopts.h | 33 +- src/libopts/autoopts/options.h | 161 +- src/libopts/autoopts/project.h | 2 +- src/libopts/autoopts/usage-txt.h | 58 +- src/libopts/boolean.c | 37 +- src/libopts/check.c | 2 +- src/libopts/compat/_Noreturn.h | 10 - src/libopts/compat/compat.h | 2 +- src/libopts/compat/pathfind.c | 24 +- src/libopts/compat/windows-config.h | 2 +- src/libopts/configfile.c | 122 +- src/libopts/cook.c | 18 +- src/libopts/enum.c | 35 +- src/libopts/env.c | 8 +- src/libopts/file.c | 12 +- src/libopts/find.c | 16 +- src/libopts/genshell.c | 88 +- src/libopts/genshell.h | 19 +- src/libopts/gettext.h | 2 +- src/libopts/init.c | 12 +- src/libopts/intprops.h | 320 - src/libopts/libopts.c | 2 - src/libopts/load.c | 52 +- src/libopts/m4/libopts.m4 | 38 +- src/libopts/m4/liboptschk.m4 | 2 +- src/libopts/m4/stdnoreturn.m4 | 41 - src/libopts/makeshell.c | 39 +- src/libopts/nested.c | 189 +- src/libopts/numeric.c | 28 +- src/libopts/option-value-type.c | 4 +- src/libopts/option-value-type.h | 2 +- src/libopts/option-xat-attribute.c | 4 +- src/libopts/option-xat-attribute.h | 2 +- src/libopts/parse-duration.c | 11 +- src/libopts/parse-duration.h | 2 +- src/libopts/pgusage.c | 10 +- src/libopts/proto.h | 12 +- src/libopts/putshell.c | 31 +- src/libopts/reset.c | 8 +- src/libopts/restore.c | 34 +- src/libopts/save.c | 106 +- src/libopts/sort.c | 10 +- src/libopts/stack.c | 99 +- src/libopts/stdnoreturn.in.h | 50 - src/libopts/streqvcmp.c | 22 +- src/libopts/text_mmap.c | 24 +- src/libopts/time.c | 69 +- src/libopts/tokenize.c | 48 +- src/libopts/usage.c | 16 +- src/libopts/version.c | 42 +- src/ocsptool-args.c.bak | 396 +- src/ocsptool-args.def | 6 - src/ocsptool-args.h.bak | 33 +- src/ocsptool-common.c | 51 +- src/ocsptool-common.h | 3 +- src/ocsptool.c | 13 +- src/p11tool-args.c.bak | 2085 ++-- src/p11tool-args.def | 282 +- src/p11tool-args.h.bak | 229 +- src/p11tool.c | 160 +- src/p11tool.h | 36 +- src/pkcs11.c | 569 +- src/psk.c | 1 - src/psktool-args.c.bak | 204 +- src/psktool-args.h.bak | 23 +- src/serv-args.c.bak | 648 +- src/serv-args.def | 10 +- src/serv-args.h.bak | 33 +- src/serv.c | 66 +- src/socket.c | 260 +- src/socket.h | 12 +- src/srptool-args.c.bak | 250 +- src/srptool-args.h.bak | 23 +- src/systemkey-args.c.bak | 1058 -- src/systemkey-args.def | 53 - src/systemkey-args.h.bak | 225 - src/systemkey.c | 171 - src/tests.c | 498 +- src/tests.h | 11 +- src/tpmtool-args.c.bak | 403 +- src/tpmtool-args.def | 11 +- src/tpmtool-args.h.bak | 49 +- src/tpmtool.c | 116 +- src/udp-serv.c | 10 +- tests/Makefile.am | 68 +- tests/Makefile.in | 1520 +-- tests/anonself.c | 8 +- tests/atfork.c | 121 - tests/auto-verify.c | 561 - tests/cert-common.h | 168 - tests/cert-tests/Makefile.am | 31 +- tests/cert-tests/Makefile.in | 156 +- tests/cert-tests/aki | 26 +- tests/cert-tests/cert-invalid-utf8.der | Bin 2442 -> 0 bytes tests/cert-tests/certtool | 100 - tests/cert-tests/certtool-long-cn | 55 - tests/cert-tests/certtool-utf8 | 41 - tests/cert-tests/crl | 120 - tests/cert-tests/crq | 50 - tests/cert-tests/csr-invalid.der | Bin 303 -> 0 bytes tests/cert-tests/dane | 16 +- tests/cert-tests/detached.p7b | Bin 2579 -> 0 bytes tests/cert-tests/email | 95 - .../email-certs/chain.exclude.test.example.com | 39 - .../email-certs/chain.invalid.example.com | 39 - .../cert-tests/email-certs/chain.test.example.com | 38 - .../email-certs/chain.test.example.com-2 | 39 - tests/cert-tests/full.p7b | Bin 2609 -> 0 bytes tests/cert-tests/full.p7b.out | 58 - tests/cert-tests/invalid-sig | 62 - tests/cert-tests/invalid-sig.pem | 38 - tests/cert-tests/invalid-sig2.pem | 37 - tests/cert-tests/invalid-sig3.pem | 38 - tests/cert-tests/name-constraints | 57 - tests/cert-tests/name-constraints-ip.pem | 53 - tests/cert-tests/name-constraints-ip2.pem | 100 - tests/cert-tests/p7-combined.out | 82 - tests/cert-tests/pathlen | 40 +- tests/cert-tests/pem-decoding | 73 +- tests/cert-tests/pkcs7 | 222 - tests/cert-tests/pkcs7-detached.txt | 1 - tests/cert-tests/privkey-import | 41 - tests/cert-tests/privkey1.pem | 144 - tests/cert-tests/privkey2.pem | 69 - tests/cert-tests/privkey3.pem | 5 - tests/cert-tests/single-ca.p7b | Bin 1524 -> 0 bytes tests/cert-tests/single-ca.p7b.out | 33 - tests/cert-tests/suppressions.valgrind | 16 - tests/cert-tests/template-date.pem | 36 +- tests/cert-tests/template-date.tmpl | 2 +- tests/cert-tests/template-dn.pem | 32 +- tests/cert-tests/template-generalized.pem | 23 - tests/cert-tests/template-generalized.tmpl | 97 - tests/cert-tests/template-nc.pem | 36 +- tests/cert-tests/template-overflow.pem | 36 +- tests/cert-tests/template-overflow2.pem | 36 +- tests/cert-tests/template-test | 283 +- tests/cert-tests/template-test.pem | 40 +- tests/cert-tests/template-unique.pem | 20 - tests/cert-tests/template-unique.tmpl | 70 - tests/cert-tests/template-utf8.pem | 40 +- tests/cert-tests/very-long-dn.pem | 350 - tests/certificate_set_x509_crl.c | 4 +- tests/chainverify.c | 163 +- tests/crlverify.c | 385 - tests/crq_apis.c | 39 - tests/crq_key_id.c | 35 +- tests/custom-urls.c | 342 - tests/cve-2009-1415.c | 2 +- tests/dane.c | 114 - tests/dn.c | 10 - tests/dsa/Makefile.am | 3 +- tests/dsa/Makefile.in | 48 +- tests/dsa/dsa-pubkey-1018.pem | 19 - tests/dsa/testdsa | 129 +- tests/dtls/Makefile.in | 46 +- tests/dtls/dtls | 7 +- tests/dtls/dtls-nb | 4 +- tests/dtls/dtls-stress.c | 265 +- tests/eagain-common.h | 6 +- tests/ecdsa/Makefile.in | 44 +- tests/ecdsa/ecdsa | 60 +- tests/fallback-scsv.c | 358 - tests/gc.c | 18 + tests/global-init-override.c | 68 - tests/global-init.c | 4 +- tests/hostname-check.c | 263 - tests/init_fds.c | 80 - tests/key-import-export.c | 381 - tests/key-openssl.c | 45 - tests/key-tests/Makefile.am | 7 +- tests/key-tests/Makefile.in | 49 +- tests/key-tests/key-id | 28 +- tests/key-tests/pkcs8 | 118 +- tests/key-tests/suppressions.valgrind | 16 - tests/long-session-id.c | 13 +- tests/mini-alignment.c | 514 - tests/mini-alpn.c | 34 +- tests/mini-cert-status.c | 1 - tests/mini-chain-unsorted.c | 370 - tests/mini-dtls-discard.c | 306 - tests/mini-dtls-fork.c | 386 - tests/mini-dtls-lowmtu.c | 347 - tests/mini-dtls-mtu.c | 322 - tests/mini-dtls-pthread.c | 395 - tests/mini-dtls-record-asym.c | 355 - tests/mini-dtls-record.c | 24 +- tests/mini-dtls-rehandshake.c | 41 +- tests/mini-dtls0-9.c | 314 - tests/mini-etm.c | 377 - tests/mini-extension.c | 326 - tests/mini-global-load.c | 4 + tests/mini-handshake-timeout.c | 10 +- tests/mini-key-material.c | 366 - tests/mini-loss-time.c | 138 +- tests/mini-overhead.c | 8 +- tests/mini-record-2.c | 6 - tests/mini-record-failure.c | 424 - tests/mini-record-range.c | 2 +- tests/mini-record-retvals.c | 475 - tests/mini-record.c | 24 +- tests/mini-rehandshake-2.c | 458 - tests/mini-server-name.c | 340 - tests/mini-session-verify-function.c | 313 - tests/mini-supplementaldata.c | 324 - tests/mini-termination.c | 1 - tests/mini-tls-nonblock.c | 352 - tests/mini-x509-2.c | 105 - tests/mini-x509-callbacks.c | 47 +- tests/mini-x509-cert-callback.c | 496 - tests/mini-x509-default-prio.c | 281 - tests/mini-x509.c | 27 +- tests/name-constraints.c | 16 +- tests/no-signal.c | 246 - tests/ocsp.c | 321 +- tests/oids.c | 73 - tests/openpgp-auth.c | 58 +- tests/openpgp-auth2.c | 19 +- tests/openpgp-callback.c | 488 - tests/openpgp-certs/Makefile.am | 4 +- tests/openpgp-certs/Makefile.in | 48 +- tests/openpgp-certs/suppressions.valgrind | 16 - tests/openpgp-certs/testcerts | 63 +- tests/openpgp-certs/testselfsigs | 30 +- tests/openpgp-keyring.c | 35 - tests/openpgpself.c | 4 +- tests/pcert-list.c | 368 - tests/pkcs1-padding/Makefile.in | 44 +- tests/pkcs1-padding/pkcs1-pad | 52 +- tests/pkcs12-decode/Makefile.am | 7 +- tests/pkcs12-decode/Makefile.in | 48 +- tests/pkcs12-decode/pkcs12 | 102 +- tests/pkcs12-decode/sha256.p12 | Bin 1411 -> 0 bytes tests/pkcs12-decode/suppressions.valgrind | 270 - tests/pkcs12_encode.c | 48 +- tests/pkcs12_s2k.c | 4 +- tests/pkcs12_simple.c | 12 +- tests/pkcs7-gen.c | 240 - tests/pkcs8-decode/Makefile.am | 6 +- tests/pkcs8-decode/Makefile.in | 51 +- tests/pkcs8-decode/openssl-3des.p8 | 17 - tests/pkcs8-decode/openssl-3des.p8.txt | 7 - tests/pkcs8-decode/openssl-aes128.p8 | 18 - tests/pkcs8-decode/openssl-aes128.p8.txt | 7 - tests/pkcs8-decode/openssl-aes256.p8 | 18 - tests/pkcs8-decode/openssl-aes256.p8.txt | 7 - tests/pkcs8-decode/pkcs8 | 58 +- tests/pkcs8-decode/suppressions.valgrind | 0 tests/pkcs8-key-decode.c | 74 - tests/prf.c | 460 - tests/priorities.c | 37 +- tests/pskself.c | 89 +- tests/record-sizes-range.c | 14 +- tests/record-sizes.c | 2 +- tests/resume-dtls.c | 124 +- tests/resume.c | 209 +- tests/rfc2253-escape-test | 16 +- tests/rng-fork.c | 15 - tests/rsa-encrypt-decrypt.c | 4 +- tests/rsa-md5-collision/Makefile.in | 45 +- tests/rsa-md5-collision/rsa-md5-collision | 26 +- tests/safe-renegotiation/Makefile.am | 2 +- tests/safe-renegotiation/Makefile.in | 47 +- tests/scripts/Makefile.in | 39 +- tests/scripts/common.sh | 43 +- tests/sec-params.c | 8 +- tests/set_pkcs12_cred.c | 2 - tests/set_x509_key_file.c | 52 - tests/set_x509_key_mem.c | 134 - tests/sha2/Makefile.in | 44 +- tests/sha2/sha2 | 70 +- tests/sha2/sha2-dsa | 50 +- tests/sign-md5-rep.c | 345 - tests/slow/Makefile.am | 26 +- tests/slow/Makefile.in | 181 +- tests/slow/cipher-override.c | 250 - tests/slow/cipher-override2.c | 161 - tests/slow/cipher-test.c | 7 - tests/slow/gendh.c | 2 +- tests/slow/hash-large.c | 134 - tests/{ => slow}/keygen.c | 0 tests/slow/mac-override.c | 223 - tests/slow/override-ciphers | 68 - tests/slow/test-ciphers | 85 - tests/slow/test-hash-large | 64 - tests/srp/Makefile.in | 45 +- tests/status-request-ok.c | 347 - tests/status-request.c | 349 - tests/strict-der.c | 115 - tests/suite/Makefile.am | 36 +- tests/suite/Makefile.in | 270 +- tests/suite/pkcs11-chainverify.c | 101 +- tests/suite/pkcs11-combo.c | 478 - tests/suite/pkcs11-get-issuer.c | 109 +- tests/suite/pkcs11-is-known.c | 469 - tests/suite/pkcs11-privkey.c | 266 - tests/suite/pkcs11-pubkey-import-ecdsa.c | 47 - tests/suite/pkcs11-pubkey-import-rsa.c | 42 - tests/suite/testcompat-common | 58 - tests/suite/testcompat-main-openssl | 675 -- tests/suite/testcompat-main-polarssl | 444 - tests/suite/testpkcs11.pkcs15 | 45 - tests/suite/testpkcs11.sc-hsm | 50 - tests/suite/testpkcs11.softhsm | 76 - tests/suppressions.valgrind | 43 - tests/test-chains.h | 1131 +- tests/userid/Makefile.in | 44 +- tests/userid/userid | 8 +- tests/utils.c | 48 - tests/utils.h | 5 - tests/x509-extensions.c | 33 +- tests/x509-verify-with-crl.c | 233 - tests/x509cert-dir/ca.pem | 13 - tests/x509cert-invalid.c | 137 - tests/x509cert-tl.c | 74 +- tests/x509cert.c | 131 +- tests/x509dn.c | 8 +- tests/x509self.c | 9 - tests/x509sign-verify.c | 44 +- tests/x509sign-verify2.c | 211 - 3290 files changed, 85558 insertions(+), 169226 deletions(-) delete mode 100644 doc/enums/gnutls_certificate_flags delete mode 100644 doc/enums/gnutls_ext_parse_type_t delete mode 100644 doc/enums/gnutls_keyid_flags_t create mode 100644 doc/enums/gnutls_pkcs11_obj_attr_t delete mode 100644 doc/enums/gnutls_pkcs11_obj_flags delete mode 100644 doc/enums/gnutls_pkcs7_sign_flags delete mode 100644 doc/functions/dane_query_to_raw_tlsa delete mode 100644 doc/functions/dane_query_to_raw_tlsa.short delete mode 100644 doc/functions/gnutls_aead_cipher_decrypt delete mode 100644 doc/functions/gnutls_aead_cipher_decrypt.short delete mode 100644 doc/functions/gnutls_aead_cipher_deinit delete mode 100644 doc/functions/gnutls_aead_cipher_deinit.short delete mode 100644 doc/functions/gnutls_aead_cipher_encrypt delete mode 100644 doc/functions/gnutls_aead_cipher_encrypt.short delete mode 100644 doc/functions/gnutls_aead_cipher_init delete mode 100644 doc/functions/gnutls_aead_cipher_init.short delete mode 100644 doc/functions/gnutls_buffer_append_data delete mode 100644 doc/functions/gnutls_buffer_append_data.short create mode 100644 doc/functions/gnutls_certificate_client_set_retrieve_function create mode 100644 doc/functions/gnutls_certificate_client_set_retrieve_function.short delete mode 100644 doc/functions/gnutls_certificate_get_openpgp_crt delete mode 100644 doc/functions/gnutls_certificate_get_openpgp_crt.short delete mode 100644 doc/functions/gnutls_certificate_get_openpgp_key delete mode 100644 doc/functions/gnutls_certificate_get_openpgp_key.short delete mode 100644 doc/functions/gnutls_certificate_get_trust_list delete mode 100644 doc/functions/gnutls_certificate_get_trust_list.short delete mode 100644 doc/functions/gnutls_certificate_get_verify_flags delete mode 100644 doc/functions/gnutls_certificate_get_verify_flags.short delete mode 100644 doc/functions/gnutls_certificate_get_x509_crt delete mode 100644 doc/functions/gnutls_certificate_get_x509_crt.short delete mode 100644 doc/functions/gnutls_certificate_get_x509_key delete mode 100644 doc/functions/gnutls_certificate_get_x509_key.short create mode 100644 doc/functions/gnutls_certificate_server_set_retrieve_function create mode 100644 doc/functions/gnutls_certificate_server_set_retrieve_function.short delete mode 100644 doc/functions/gnutls_certificate_set_flags delete mode 100644 doc/functions/gnutls_certificate_set_flags.short create mode 100644 doc/functions/gnutls_certificate_set_rsa_export_params create mode 100644 doc/functions/gnutls_certificate_set_rsa_export_params.short delete mode 100644 doc/functions/gnutls_certificate_set_x509_trust_dir delete mode 100644 doc/functions/gnutls_certificate_set_x509_trust_dir.short create mode 100644 doc/functions/gnutls_certificate_type_set_priority create mode 100644 doc/functions/gnutls_certificate_type_set_priority.short create mode 100644 doc/functions/gnutls_cipher_set_priority create mode 100644 doc/functions/gnutls_cipher_set_priority.short create mode 100644 doc/functions/gnutls_compression_set_priority create mode 100644 doc/functions/gnutls_compression_set_priority.short delete mode 100644 doc/functions/gnutls_crypto_register_aead_cipher delete mode 100644 doc/functions/gnutls_crypto_register_aead_cipher.short delete mode 100644 doc/functions/gnutls_crypto_register_cipher delete mode 100644 doc/functions/gnutls_crypto_register_cipher.short delete mode 100644 doc/functions/gnutls_crypto_register_digest delete mode 100644 doc/functions/gnutls_crypto_register_digest.short delete mode 100644 doc/functions/gnutls_crypto_register_mac delete mode 100644 doc/functions/gnutls_crypto_register_mac.short delete mode 100644 doc/functions/gnutls_dh_params_import_raw2 delete mode 100644 doc/functions/gnutls_dh_params_import_raw2.short delete mode 100644 doc/functions/gnutls_digest_get_oid delete mode 100644 doc/functions/gnutls_digest_get_oid.short delete mode 100644 doc/functions/gnutls_ecc_curve_get_id delete mode 100644 doc/functions/gnutls_ecc_curve_get_id.short delete mode 100644 doc/functions/gnutls_ecc_curve_get_oid delete mode 100644 doc/functions/gnutls_ecc_curve_get_oid.short delete mode 100644 doc/functions/gnutls_ext_get_data delete mode 100644 doc/functions/gnutls_ext_get_data.short delete mode 100644 doc/functions/gnutls_ext_register delete mode 100644 doc/functions/gnutls_ext_register.short delete mode 100644 doc/functions/gnutls_ext_set_data delete mode 100644 doc/functions/gnutls_ext_set_data.short delete mode 100644 doc/functions/gnutls_hex_decode2 delete mode 100644 doc/functions/gnutls_hex_decode2.short delete mode 100644 doc/functions/gnutls_hex_encode2 delete mode 100644 doc/functions/gnutls_hex_encode2.short create mode 100644 doc/functions/gnutls_kx_set_priority create mode 100644 doc/functions/gnutls_kx_set_priority.short create mode 100644 doc/functions/gnutls_mac_set_priority create mode 100644 doc/functions/gnutls_mac_set_priority.short delete mode 100644 doc/functions/gnutls_memcmp delete mode 100644 doc/functions/gnutls_memcmp.short delete mode 100644 doc/functions/gnutls_memset delete mode 100644 doc/functions/gnutls_memset.short delete mode 100644 doc/functions/gnutls_ocsp_resp_get_responder_raw_id delete mode 100644 doc/functions/gnutls_ocsp_resp_get_responder_raw_id.short delete mode 100644 doc/functions/gnutls_oid_to_digest delete mode 100644 doc/functions/gnutls_oid_to_digest.short delete mode 100644 doc/functions/gnutls_oid_to_ecc_curve delete mode 100644 doc/functions/gnutls_oid_to_ecc_curve.short delete mode 100644 doc/functions/gnutls_oid_to_pk delete mode 100644 doc/functions/gnutls_oid_to_pk.short delete mode 100644 doc/functions/gnutls_oid_to_sign delete mode 100644 doc/functions/gnutls_oid_to_sign.short delete mode 100644 doc/functions/gnutls_openpgp_crt_check_email delete mode 100644 doc/functions/gnutls_openpgp_crt_check_email.short delete mode 100644 doc/functions/gnutls_pcert_export_openpgp delete mode 100644 doc/functions/gnutls_pcert_export_openpgp.short delete mode 100644 doc/functions/gnutls_pcert_export_x509 delete mode 100644 doc/functions/gnutls_pcert_export_x509.short delete mode 100644 doc/functions/gnutls_pcert_import_x509_list delete mode 100644 doc/functions/gnutls_pcert_import_x509_list.short delete mode 100644 doc/functions/gnutls_pem_base64_decode2.short rename doc/functions/{gnutls_pem_base64_decode2 => gnutls_pem_base64_decode_alloc} (80%) create mode 100644 doc/functions/gnutls_pem_base64_decode_alloc.short delete mode 100644 doc/functions/gnutls_pem_base64_encode2.short rename doc/functions/{gnutls_pem_base64_encode2 => gnutls_pem_base64_encode_alloc} (79%) create mode 100644 doc/functions/gnutls_pem_base64_encode_alloc.short delete mode 100644 doc/functions/gnutls_pk_get_oid delete mode 100644 doc/functions/gnutls_pk_get_oid.short delete mode 100644 doc/functions/gnutls_pkcs11_copy_attached_extension delete mode 100644 doc/functions/gnutls_pkcs11_copy_attached_extension.short delete mode 100644 doc/functions/gnutls_pkcs11_copy_pubkey delete mode 100644 doc/functions/gnutls_pkcs11_copy_pubkey.short delete mode 100644 doc/functions/gnutls_pkcs11_copy_x509_crt2 delete mode 100644 doc/functions/gnutls_pkcs11_copy_x509_crt2.short delete mode 100644 doc/functions/gnutls_pkcs11_copy_x509_privkey2 delete mode 100644 doc/functions/gnutls_pkcs11_copy_x509_privkey2.short delete mode 100644 doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn delete mode 100644 doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn.short delete mode 100644 doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id delete mode 100644 doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.short delete mode 100644 doc/functions/gnutls_pkcs11_obj_flags_get_str delete mode 100644 doc/functions/gnutls_pkcs11_obj_flags_get_str.short delete mode 100644 doc/functions/gnutls_pkcs11_obj_get_exts delete mode 100644 doc/functions/gnutls_pkcs11_obj_get_exts.short delete mode 100644 doc/functions/gnutls_pkcs11_obj_get_flags delete mode 100644 doc/functions/gnutls_pkcs11_obj_get_flags.short create mode 100644 doc/functions/gnutls_pkcs11_obj_list_import_url create mode 100644 doc/functions/gnutls_pkcs11_obj_list_import_url.short create mode 100644 doc/functions/gnutls_pkcs11_obj_list_import_url2 create mode 100644 doc/functions/gnutls_pkcs11_obj_list_import_url2.short delete mode 100644 doc/functions/gnutls_pkcs11_obj_list_import_url3 delete mode 100644 doc/functions/gnutls_pkcs11_obj_list_import_url3.short delete mode 100644 doc/functions/gnutls_pkcs11_obj_list_import_url4 delete mode 100644 doc/functions/gnutls_pkcs11_obj_list_import_url4.short delete mode 100644 doc/functions/gnutls_pkcs11_obj_set_info delete mode 100644 doc/functions/gnutls_pkcs11_obj_set_info.short delete mode 100644 doc/functions/gnutls_pkcs11_privkey_cpy delete mode 100644 doc/functions/gnutls_pkcs11_privkey_cpy.short delete mode 100644 doc/functions/gnutls_pkcs11_privkey_export_pubkey delete mode 100644 doc/functions/gnutls_pkcs11_privkey_export_pubkey.short delete mode 100644 doc/functions/gnutls_pkcs11_privkey_generate3 delete mode 100644 doc/functions/gnutls_pkcs11_privkey_generate3.short delete mode 100644 doc/functions/gnutls_pkcs12_bag_enc_info delete mode 100644 doc/functions/gnutls_pkcs12_bag_enc_info.short delete mode 100644 doc/functions/gnutls_pkcs12_bag_set_privkey delete mode 100644 doc/functions/gnutls_pkcs12_bag_set_privkey.short delete mode 100644 doc/functions/gnutls_pkcs12_generate_mac2 delete mode 100644 doc/functions/gnutls_pkcs12_generate_mac2.short delete mode 100644 doc/functions/gnutls_pkcs12_mac_info delete mode 100644 doc/functions/gnutls_pkcs12_mac_info.short delete mode 100644 doc/functions/gnutls_pkcs7_add_attr delete mode 100644 doc/functions/gnutls_pkcs7_add_attr.short delete mode 100644 doc/functions/gnutls_pkcs7_attrs_deinit delete mode 100644 doc/functions/gnutls_pkcs7_attrs_deinit.short delete mode 100644 doc/functions/gnutls_pkcs7_get_attr delete mode 100644 doc/functions/gnutls_pkcs7_get_attr.short delete mode 100644 doc/functions/gnutls_pkcs7_get_crl_raw2 delete mode 100644 doc/functions/gnutls_pkcs7_get_crl_raw2.short delete mode 100644 doc/functions/gnutls_pkcs7_get_crt_raw2 delete mode 100644 doc/functions/gnutls_pkcs7_get_crt_raw2.short delete mode 100644 doc/functions/gnutls_pkcs7_get_embedded_data delete mode 100644 doc/functions/gnutls_pkcs7_get_embedded_data.short delete mode 100644 doc/functions/gnutls_pkcs7_get_signature_count delete mode 100644 doc/functions/gnutls_pkcs7_get_signature_count.short delete mode 100644 doc/functions/gnutls_pkcs7_get_signature_info delete mode 100644 doc/functions/gnutls_pkcs7_get_signature_info.short delete mode 100644 doc/functions/gnutls_pkcs7_print delete mode 100644 doc/functions/gnutls_pkcs7_print.short delete mode 100644 doc/functions/gnutls_pkcs7_sign delete mode 100644 doc/functions/gnutls_pkcs7_sign.short delete mode 100644 doc/functions/gnutls_pkcs7_signature_info_deinit delete mode 100644 doc/functions/gnutls_pkcs7_signature_info_deinit.short delete mode 100644 doc/functions/gnutls_pkcs7_verify delete mode 100644 doc/functions/gnutls_pkcs7_verify.short delete mode 100644 doc/functions/gnutls_pkcs7_verify_direct delete mode 100644 doc/functions/gnutls_pkcs7_verify_direct.short delete mode 100644 doc/functions/gnutls_pkcs8_info delete mode 100644 doc/functions/gnutls_pkcs8_info.short delete mode 100644 doc/functions/gnutls_pkcs_schema_get_name delete mode 100644 doc/functions/gnutls_pkcs_schema_get_name.short delete mode 100644 doc/functions/gnutls_pkcs_schema_get_oid delete mode 100644 doc/functions/gnutls_pkcs_schema_get_oid.short delete mode 100644 doc/functions/gnutls_prf_rfc5705 delete mode 100644 doc/functions/gnutls_prf_rfc5705.short delete mode 100644 doc/functions/gnutls_priority_string_list delete mode 100644 doc/functions/gnutls_priority_string_list.short delete mode 100644 doc/functions/gnutls_privkey_export_openpgp delete mode 100644 doc/functions/gnutls_privkey_export_openpgp.short delete mode 100644 doc/functions/gnutls_privkey_export_pkcs11 delete mode 100644 doc/functions/gnutls_privkey_export_pkcs11.short delete mode 100644 doc/functions/gnutls_privkey_export_x509 delete mode 100644 doc/functions/gnutls_privkey_export_x509.short delete mode 100644 doc/functions/gnutls_privkey_import_ext3 delete mode 100644 doc/functions/gnutls_privkey_import_ext3.short create mode 100644 doc/functions/gnutls_privkey_sign_raw_data create mode 100644 doc/functions/gnutls_privkey_sign_raw_data.short create mode 100644 doc/functions/gnutls_protocol_set_priority create mode 100644 doc/functions/gnutls_protocol_set_priority.short create mode 100644 doc/functions/gnutls_pubkey_get_verify_algorithm create mode 100644 doc/functions/gnutls_pubkey_get_verify_algorithm.short create mode 100644 doc/functions/gnutls_pubkey_import_pkcs11_url create mode 100644 doc/functions/gnutls_pubkey_import_pkcs11_url.short create mode 100644 doc/functions/gnutls_pubkey_verify_data create mode 100644 doc/functions/gnutls_pubkey_verify_data.short create mode 100644 doc/functions/gnutls_pubkey_verify_hash create mode 100644 doc/functions/gnutls_pubkey_verify_hash.short delete mode 100644 doc/functions/gnutls_record_discard_queued delete mode 100644 doc/functions/gnutls_record_discard_queued.short delete mode 100644 doc/functions/gnutls_record_get_state delete mode 100644 doc/functions/gnutls_record_get_state.short create mode 100644 doc/functions/gnutls_record_set_max_empty_records create mode 100644 doc/functions/gnutls_record_set_max_empty_records.short delete mode 100644 doc/functions/gnutls_record_set_state delete mode 100644 doc/functions/gnutls_record_set_state.short delete mode 100644 doc/functions/gnutls_register_custom_url delete mode 100644 doc/functions/gnutls_register_custom_url.short create mode 100644 doc/functions/gnutls_rsa_export_get_modulus_bits create mode 100644 doc/functions/gnutls_rsa_export_get_modulus_bits.short create mode 100644 doc/functions/gnutls_rsa_export_get_pubkey create mode 100644 doc/functions/gnutls_rsa_export_get_pubkey.short create mode 100644 doc/functions/gnutls_rsa_params_cpy create mode 100644 doc/functions/gnutls_rsa_params_cpy.short create mode 100644 doc/functions/gnutls_rsa_params_deinit create mode 100644 doc/functions/gnutls_rsa_params_deinit.short create mode 100644 doc/functions/gnutls_rsa_params_export_pkcs1 create mode 100644 doc/functions/gnutls_rsa_params_export_pkcs1.short create mode 100644 doc/functions/gnutls_rsa_params_export_raw create mode 100644 doc/functions/gnutls_rsa_params_export_raw.short create mode 100644 doc/functions/gnutls_rsa_params_generate2 create mode 100644 doc/functions/gnutls_rsa_params_generate2.short create mode 100644 doc/functions/gnutls_rsa_params_import_pkcs1 create mode 100644 doc/functions/gnutls_rsa_params_import_pkcs1.short create mode 100644 doc/functions/gnutls_rsa_params_import_raw create mode 100644 doc/functions/gnutls_rsa_params_import_raw.short create mode 100644 doc/functions/gnutls_rsa_params_init create mode 100644 doc/functions/gnutls_rsa_params_init.short delete mode 100644 doc/functions/gnutls_session_etm_status delete mode 100644 doc/functions/gnutls_session_etm_status.short delete mode 100644 doc/functions/gnutls_session_ext_master_secret_status delete mode 100644 doc/functions/gnutls_session_ext_master_secret_status.short delete mode 100644 doc/functions/gnutls_session_get_verify_cert_status delete mode 100644 doc/functions/gnutls_session_get_verify_cert_status.short delete mode 100644 doc/functions/gnutls_session_set_verify_cert delete mode 100644 doc/functions/gnutls_session_set_verify_cert.short delete mode 100644 doc/functions/gnutls_session_set_verify_cert2 delete mode 100644 doc/functions/gnutls_session_set_verify_cert2.short delete mode 100644 doc/functions/gnutls_session_set_verify_function delete mode 100644 doc/functions/gnutls_session_set_verify_function.short create mode 100644 doc/functions/gnutls_set_default_export_priority create mode 100644 doc/functions/gnutls_set_default_export_priority.short create mode 100644 doc/functions/gnutls_sign_callback_get create mode 100644 doc/functions/gnutls_sign_callback_get.short create mode 100644 doc/functions/gnutls_sign_callback_set create mode 100644 doc/functions/gnutls_sign_callback_set.short delete mode 100644 doc/functions/gnutls_sign_get_oid delete mode 100644 doc/functions/gnutls_sign_get_oid.short delete mode 100644 doc/functions/gnutls_srp_base64_decode2.short rename doc/functions/{gnutls_srp_base64_decode2 => gnutls_srp_base64_decode_alloc} (80%) create mode 100644 doc/functions/gnutls_srp_base64_decode_alloc.short delete mode 100644 doc/functions/gnutls_srp_base64_encode2.short rename doc/functions/{gnutls_srp_base64_encode2 => gnutls_srp_base64_encode_alloc} (82%) create mode 100644 doc/functions/gnutls_srp_base64_encode_alloc.short delete mode 100644 doc/functions/gnutls_supplemental_recv delete mode 100644 doc/functions/gnutls_supplemental_recv.short delete mode 100644 doc/functions/gnutls_supplemental_register delete mode 100644 doc/functions/gnutls_supplemental_register.short delete mode 100644 doc/functions/gnutls_supplemental_send delete mode 100644 doc/functions/gnutls_supplemental_send.short delete mode 100644 doc/functions/gnutls_system_key_add_x509 delete mode 100644 doc/functions/gnutls_system_key_add_x509.short delete mode 100644 doc/functions/gnutls_system_key_delete delete mode 100644 doc/functions/gnutls_system_key_delete.short delete mode 100644 doc/functions/gnutls_system_key_iter_deinit delete mode 100644 doc/functions/gnutls_system_key_iter_deinit.short delete mode 100644 doc/functions/gnutls_system_key_iter_get_info delete mode 100644 doc/functions/gnutls_system_key_iter_get_info.short delete mode 100644 doc/functions/gnutls_system_recv_timeout delete mode 100644 doc/functions/gnutls_system_recv_timeout.short delete mode 100644 doc/functions/gnutls_x509_crq_get_extension_by_oid2 delete mode 100644 doc/functions/gnutls_x509_crq_get_extension_by_oid2.short delete mode 100644 doc/functions/gnutls_x509_crq_get_signature_algorithm delete mode 100644 doc/functions/gnutls_x509_crq_get_signature_algorithm.short delete mode 100644 doc/functions/gnutls_x509_crt_check_email delete mode 100644 doc/functions/gnutls_x509_crt_check_email.short delete mode 100644 doc/functions/gnutls_x509_crt_get_extension_by_oid2 delete mode 100644 doc/functions/gnutls_x509_crt_get_extension_by_oid2.short delete mode 100644 doc/functions/gnutls_x509_crt_get_pk_ecc_raw delete mode 100644 doc/functions/gnutls_x509_crt_get_pk_ecc_raw.short create mode 100644 doc/functions/gnutls_x509_crt_get_verify_algorithm create mode 100644 doc/functions/gnutls_x509_crt_get_verify_algorithm.short create mode 100644 doc/functions/gnutls_x509_crt_import_pkcs11_url create mode 100644 doc/functions/gnutls_x509_crt_import_pkcs11_url.short delete mode 100644 doc/functions/gnutls_x509_crt_import_url delete mode 100644 doc/functions/gnutls_x509_crt_import_url.short delete mode 100644 doc/functions/gnutls_x509_crt_set_issuer_unique_id delete mode 100644 doc/functions/gnutls_x509_crt_set_issuer_unique_id.short delete mode 100644 doc/functions/gnutls_x509_crt_set_subject_unique_id delete mode 100644 doc/functions/gnutls_x509_crt_set_subject_unique_id.short create mode 100644 doc/functions/gnutls_x509_crt_verify_data create mode 100644 doc/functions/gnutls_x509_crt_verify_data.short delete mode 100644 doc/functions/gnutls_x509_crt_verify_data2 delete mode 100644 doc/functions/gnutls_x509_crt_verify_data2.short create mode 100644 doc/functions/gnutls_x509_crt_verify_hash create mode 100644 doc/functions/gnutls_x509_crt_verify_hash.short delete mode 100644 doc/functions/gnutls_x509_dn_get_str delete mode 100644 doc/functions/gnutls_x509_dn_get_str.short delete mode 100644 doc/functions/gnutls_x509_ext_deinit delete mode 100644 doc/functions/gnutls_x509_ext_deinit.short delete mode 100644 doc/functions/gnutls_x509_ext_print delete mode 100644 doc/functions/gnutls_x509_ext_print.short delete mode 100644 doc/functions/gnutls_x509_othername_to_virtual delete mode 100644 doc/functions/gnutls_x509_othername_to_virtual.short delete mode 100644 doc/functions/gnutls_x509_privkey_set_pin_function delete mode 100644 doc/functions/gnutls_x509_privkey_set_pin_function.short delete mode 100644 doc/functions/gnutls_x509_trust_list_add_trust_dir delete mode 100644 doc/functions/gnutls_x509_trust_list_add_trust_dir.short delete mode 100644 doc/functions/gnutls_x509_trust_list_get_issuer_by_dn delete mode 100644 doc/functions/gnutls_x509_trust_list_get_issuer_by_dn.short delete mode 100644 doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id delete mode 100644 doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id.short delete mode 100644 doc/functions/gnutls_x509_trust_list_iter_deinit delete mode 100644 doc/functions/gnutls_x509_trust_list_iter_deinit.short delete mode 100644 doc/functions/gnutls_x509_trust_list_iter_get_ca delete mode 100644 doc/functions/gnutls_x509_trust_list_iter_get_ca.short delete mode 100644 doc/functions/gnutls_x509_trust_list_verify_crt2 delete mode 100644 doc/functions/gnutls_x509_trust_list_verify_crt2.short delete mode 100644 doc/gnutls.info-6 delete mode 100644 doc/manpages/gnutls_aead_cipher_decrypt.3 delete mode 100644 doc/manpages/gnutls_aead_cipher_deinit.3 delete mode 100644 doc/manpages/gnutls_aead_cipher_encrypt.3 delete mode 100644 doc/manpages/gnutls_aead_cipher_init.3 delete mode 100644 doc/manpages/gnutls_buffer_append_data.3 create mode 100644 doc/manpages/gnutls_certificate_client_set_retrieve_function.3 delete mode 100644 doc/manpages/gnutls_certificate_get_openpgp_crt.3 delete mode 100644 doc/manpages/gnutls_certificate_get_openpgp_key.3 delete mode 100644 doc/manpages/gnutls_certificate_get_trust_list.3 delete mode 100644 doc/manpages/gnutls_certificate_get_verify_flags.3 delete mode 100644 doc/manpages/gnutls_certificate_get_x509_crt.3 delete mode 100644 doc/manpages/gnutls_certificate_get_x509_key.3 create mode 100644 doc/manpages/gnutls_certificate_server_set_retrieve_function.3 delete mode 100644 doc/manpages/gnutls_certificate_set_flags.3 create mode 100644 doc/manpages/gnutls_certificate_set_rsa_export_params.3 delete mode 100644 doc/manpages/gnutls_certificate_set_x509_trust_dir.3 create mode 100644 doc/manpages/gnutls_certificate_type_set_priority.3 create mode 100644 doc/manpages/gnutls_cipher_set_priority.3 create mode 100644 doc/manpages/gnutls_compression_set_priority.3 delete mode 100644 doc/manpages/gnutls_crypto_register_aead_cipher.3 delete mode 100644 doc/manpages/gnutls_crypto_register_cipher.3 delete mode 100644 doc/manpages/gnutls_crypto_register_digest.3 delete mode 100644 doc/manpages/gnutls_crypto_register_mac.3 delete mode 100644 doc/manpages/gnutls_dh_params_import_raw2.3 delete mode 100644 doc/manpages/gnutls_digest_get_oid.3 delete mode 100644 doc/manpages/gnutls_ecc_curve_get_id.3 delete mode 100644 doc/manpages/gnutls_ext_get_data.3 delete mode 100644 doc/manpages/gnutls_ext_register.3 delete mode 100644 doc/manpages/gnutls_ext_set_data.3 delete mode 100644 doc/manpages/gnutls_hex_decode2.3 delete mode 100644 doc/manpages/gnutls_hex_encode2.3 create mode 100644 doc/manpages/gnutls_kx_set_priority.3 create mode 100644 doc/manpages/gnutls_mac_set_priority.3 delete mode 100644 doc/manpages/gnutls_memcmp.3 delete mode 100644 doc/manpages/gnutls_ocsp_resp_get_responder_raw_id.3 delete mode 100644 doc/manpages/gnutls_oid_to_digest.3 delete mode 100644 doc/manpages/gnutls_oid_to_ecc_curve.3 delete mode 100644 doc/manpages/gnutls_oid_to_pk.3 delete mode 100644 doc/manpages/gnutls_oid_to_sign.3 delete mode 100644 doc/manpages/gnutls_openpgp_crt_check_email.3 delete mode 100644 doc/manpages/gnutls_pcert_export_openpgp.3 delete mode 100644 doc/manpages/gnutls_pcert_export_x509.3 delete mode 100644 doc/manpages/gnutls_pcert_import_x509_list.3 rename doc/manpages/{gnutls_pem_base64_decode2.3 => gnutls_pem_base64_decode_alloc.3} (80%) rename doc/manpages/{gnutls_pem_base64_encode2.3 => gnutls_pem_base64_encode_alloc.3} (80%) delete mode 100644 doc/manpages/gnutls_pk_get_oid.3 delete mode 100644 doc/manpages/gnutls_pkcs11_copy_attached_extension.3 delete mode 100644 doc/manpages/gnutls_pkcs11_copy_pubkey.3 delete mode 100644 doc/manpages/gnutls_pkcs11_copy_x509_crt2.3 delete mode 100644 doc/manpages/gnutls_pkcs11_copy_x509_privkey2.3 delete mode 100644 doc/manpages/gnutls_pkcs11_get_raw_issuer_by_dn.3 delete mode 100644 doc/manpages/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.3 delete mode 100644 doc/manpages/gnutls_pkcs11_obj_flags_get_str.3 delete mode 100644 doc/manpages/gnutls_pkcs11_obj_get_exts.3 delete mode 100644 doc/manpages/gnutls_pkcs11_obj_get_flags.3 rename doc/manpages/{gnutls_pkcs11_obj_list_import_url3.3 => gnutls_pkcs11_obj_list_import_url.3} (58%) rename doc/manpages/{gnutls_pkcs11_obj_list_import_url4.3 => gnutls_pkcs11_obj_list_import_url2.3} (58%) delete mode 100644 doc/manpages/gnutls_pkcs11_obj_set_info.3 delete mode 100644 doc/manpages/gnutls_pkcs11_privkey_export_pubkey.3 delete mode 100644 doc/manpages/gnutls_pkcs11_privkey_generate3.3 delete mode 100644 doc/manpages/gnutls_pkcs12_bag_enc_info.3 delete mode 100644 doc/manpages/gnutls_pkcs12_bag_set_privkey.3 delete mode 100644 doc/manpages/gnutls_pkcs12_generate_mac2.3 delete mode 100644 doc/manpages/gnutls_pkcs12_mac_info.3 delete mode 100644 doc/manpages/gnutls_pkcs7_add_attr.3 delete mode 100644 doc/manpages/gnutls_pkcs7_attrs_deinit.3 delete mode 100644 doc/manpages/gnutls_pkcs7_get_attr.3 delete mode 100644 doc/manpages/gnutls_pkcs7_get_crl_raw2.3 delete mode 100644 doc/manpages/gnutls_pkcs7_get_crt_raw2.3 delete mode 100644 doc/manpages/gnutls_pkcs7_get_embedded_data.3 delete mode 100644 doc/manpages/gnutls_pkcs7_get_signature_count.3 delete mode 100644 doc/manpages/gnutls_pkcs7_get_signature_info.3 delete mode 100644 doc/manpages/gnutls_pkcs7_print.3 delete mode 100644 doc/manpages/gnutls_pkcs7_sign.3 delete mode 100644 doc/manpages/gnutls_pkcs7_signature_info_deinit.3 delete mode 100644 doc/manpages/gnutls_pkcs7_verify.3 delete mode 100644 doc/manpages/gnutls_pkcs7_verify_direct.3 delete mode 100644 doc/manpages/gnutls_pkcs8_info.3 delete mode 100644 doc/manpages/gnutls_pkcs_schema_get_name.3 delete mode 100644 doc/manpages/gnutls_pkcs_schema_get_oid.3 delete mode 100644 doc/manpages/gnutls_prf_rfc5705.3 delete mode 100644 doc/manpages/gnutls_priority_string_list.3 delete mode 100644 doc/manpages/gnutls_privkey_export_pkcs11.3 delete mode 100644 doc/manpages/gnutls_privkey_export_x509.3 delete mode 100644 doc/manpages/gnutls_privkey_import_ext3.3 create mode 100644 doc/manpages/gnutls_privkey_sign_raw_data.3 rename doc/manpages/{gnutls_session_ext_master_secret_status.3 => gnutls_protocol_set_priority.3} (50%) rename doc/manpages/{gnutls_privkey_export_openpgp.3 => gnutls_pubkey_get_verify_algorithm.3} (52%) rename doc/manpages/{gnutls_pkcs11_privkey_cpy.3 => gnutls_pubkey_import_pkcs11_url.3} (55%) create mode 100644 doc/manpages/gnutls_pubkey_verify_data.3 create mode 100644 doc/manpages/gnutls_pubkey_verify_hash.3 delete mode 100644 doc/manpages/gnutls_record_get_state.3 create mode 100644 doc/manpages/gnutls_record_set_max_empty_records.3 delete mode 100644 doc/manpages/gnutls_record_set_state.3 delete mode 100644 doc/manpages/gnutls_register_custom_url.3 rename doc/manpages/{gnutls_session_etm_status.3 => gnutls_rsa_export_get_modulus_bits.3} (58%) create mode 100644 doc/manpages/gnutls_rsa_export_get_pubkey.3 rename doc/manpages/{gnutls_memset.3 => gnutls_rsa_params_cpy.3} (52%) rename doc/manpages/{gnutls_x509_ext_deinit.3 => gnutls_rsa_params_deinit.3} (59%) create mode 100644 doc/manpages/gnutls_rsa_params_export_pkcs1.3 create mode 100644 doc/manpages/gnutls_rsa_params_export_raw.3 create mode 100644 doc/manpages/gnutls_rsa_params_generate2.3 create mode 100644 doc/manpages/gnutls_rsa_params_import_pkcs1.3 create mode 100644 doc/manpages/gnutls_rsa_params_import_raw.3 rename doc/manpages/{gnutls_ecc_curve_get_oid.3 => gnutls_rsa_params_init.3} (56%) delete mode 100644 doc/manpages/gnutls_session_get_verify_cert_status.3 delete mode 100644 doc/manpages/gnutls_session_set_verify_cert.3 delete mode 100644 doc/manpages/gnutls_session_set_verify_cert2.3 delete mode 100644 doc/manpages/gnutls_session_set_verify_function.3 create mode 100644 doc/manpages/gnutls_set_default_export_priority.3 rename doc/manpages/{gnutls_record_discard_queued.3 => gnutls_sign_callback_get.3} (52%) create mode 100644 doc/manpages/gnutls_sign_callback_set.3 delete mode 100644 doc/manpages/gnutls_sign_get_oid.3 rename doc/manpages/{gnutls_srp_base64_decode2.3 => gnutls_srp_base64_decode_alloc.3} (80%) rename doc/manpages/{gnutls_srp_base64_encode2.3 => gnutls_srp_base64_encode_alloc.3} (81%) delete mode 100644 doc/manpages/gnutls_supplemental_recv.3 delete mode 100644 doc/manpages/gnutls_supplemental_register.3 delete mode 100644 doc/manpages/gnutls_supplemental_send.3 delete mode 100644 doc/manpages/gnutls_system_key_add_x509.3 delete mode 100644 doc/manpages/gnutls_system_key_delete.3 delete mode 100644 doc/manpages/gnutls_system_key_iter_deinit.3 delete mode 100644 doc/manpages/gnutls_system_key_iter_get_info.3 delete mode 100644 doc/manpages/gnutls_system_recv_timeout.3 delete mode 100644 doc/manpages/gnutls_x509_crq_get_extension_by_oid2.3 delete mode 100644 doc/manpages/gnutls_x509_crq_get_signature_algorithm.3 delete mode 100644 doc/manpages/gnutls_x509_crt_check_email.3 delete mode 100644 doc/manpages/gnutls_x509_crt_get_extension_by_oid2.3 delete mode 100644 doc/manpages/gnutls_x509_crt_get_pk_ecc_raw.3 create mode 100644 doc/manpages/gnutls_x509_crt_get_verify_algorithm.3 rename doc/manpages/{gnutls_x509_crt_import_url.3 => gnutls_x509_crt_import_pkcs11_url.3} (62%) delete mode 100644 doc/manpages/gnutls_x509_crt_set_issuer_unique_id.3 delete mode 100644 doc/manpages/gnutls_x509_crt_set_subject_unique_id.3 rename doc/manpages/{gnutls_x509_crt_verify_data2.3 => gnutls_x509_crt_verify_data.3} (62%) create mode 100644 doc/manpages/gnutls_x509_crt_verify_hash.3 delete mode 100644 doc/manpages/gnutls_x509_dn_get_str.3 delete mode 100644 doc/manpages/gnutls_x509_ext_print.3 delete mode 100644 doc/manpages/gnutls_x509_othername_to_virtual.3 delete mode 100644 doc/manpages/gnutls_x509_privkey_set_pin_function.3 delete mode 100644 doc/manpages/gnutls_x509_trust_list_add_trust_dir.3 delete mode 100644 doc/manpages/gnutls_x509_trust_list_get_issuer_by_dn.3 delete mode 100644 doc/manpages/gnutls_x509_trust_list_get_issuer_by_subject_key_id.3 delete mode 100644 doc/manpages/gnutls_x509_trust_list_iter_deinit.3 delete mode 100644 doc/manpages/gnutls_x509_trust_list_iter_get_ca.3 delete mode 100644 doc/manpages/gnutls_x509_trust_list_verify_crt2.3 delete mode 100644 doc/manpages/systemkey-tool.1 delete mode 100644 doc/pkcs7-api.texi delete mode 100644 doc/reference/html/api-index-full.html delete mode 100644 doc/reference/html/gnutls.devhelp2 delete mode 100644 doc/reference/html/home.png delete mode 100644 doc/reference/html/index.html delete mode 100644 doc/reference/html/index.sgml delete mode 100644 doc/reference/html/left-insensitive.png delete mode 100644 doc/reference/html/left.png delete mode 100644 doc/reference/html/right-insensitive.png delete mode 100644 doc/reference/html/right.png delete mode 100644 doc/reference/html/style.css delete mode 100644 doc/reference/html/up-insensitive.png delete mode 100644 doc/reference/html/up.png rename src/gl/ftell.c => gl/tests/test-u64.c (57%) create mode 100644 gl/u64.c create mode 100644 gl/u64.h create mode 100644 guile/modules/gnutls/build/priorities.scm create mode 100644 guile/src/make-session-priorities.scm delete mode 100644 lib/accelerated/x86/aes-ccm-x86-aesni.c delete mode 100644 lib/accelerated/x86/aes-gcm-aead.h delete mode 100644 lib/atfork.c delete mode 100644 lib/atfork.h delete mode 100644 lib/auto-verify.c delete mode 100644 lib/ext/etm.c delete mode 100644 lib/ext/etm.h delete mode 100644 lib/ext/ext_master_secret.c delete mode 100644 lib/ext/ext_master_secret.h delete mode 100644 lib/extras/hex.c delete mode 100644 lib/extras/hex.h delete mode 100644 lib/extras/licenses/CC0 create mode 100644 lib/gnutls_rsa_export.c delete mode 100644 lib/includes/gnutls/pkcs7.h delete mode 100644 lib/includes/gnutls/system-keys.h delete mode 100644 lib/includes/gnutls/urls.h delete mode 100644 lib/inet_ntop.c delete mode 100644 lib/inet_pton.c create mode 100644 lib/nettle/int/gcm-camellia.c create mode 100644 lib/nettle/int/gcm-camellia.h delete mode 100644 lib/pkcs11x.c delete mode 100644 lib/pkcs11x.h rename lib/{safe-memfuncs.c => safe-memset.c} (67%) delete mode 100644 lib/system-keys-dummy.c delete mode 100644 lib/system-keys-win.c delete mode 100644 lib/system-keys.h delete mode 100644 lib/urls.c delete mode 100644 lib/urls.h delete mode 100644 lib/x509/email-verify.c delete mode 100644 lib/x509/gnutls-idna.h delete mode 100644 lib/x509/hostname-verify.c create mode 100644 lib/x509/pbkdf2-sha1.c create mode 100644 lib/x509/pbkdf2-sha1.h delete mode 100644 lib/x509/pkcs7-attrs.c delete mode 100644 lib/x509/pkcs7-output.c create mode 100644 lib/x509/rfc2818_hostname.c create mode 100644 ltmain.sh delete mode 100644 src/gl/ftello.c delete mode 100644 src/gl/minmax.h delete mode 100644 src/gl/read-file.c delete mode 100644 src/gl/read-file.h delete mode 100644 src/libopts/compat/_Noreturn.h delete mode 100644 src/libopts/intprops.h delete mode 100644 src/libopts/m4/stdnoreturn.m4 delete mode 100644 src/libopts/stdnoreturn.in.h delete mode 100644 src/systemkey-args.c.bak delete mode 100644 src/systemkey-args.def delete mode 100644 src/systemkey-args.h.bak delete mode 100644 src/systemkey.c delete mode 100644 tests/atfork.c delete mode 100644 tests/auto-verify.c delete mode 100644 tests/cert-common.h delete mode 100644 tests/cert-tests/cert-invalid-utf8.der delete mode 100755 tests/cert-tests/certtool delete mode 100755 tests/cert-tests/certtool-long-cn delete mode 100755 tests/cert-tests/certtool-utf8 delete mode 100755 tests/cert-tests/crl delete mode 100755 tests/cert-tests/crq delete mode 100644 tests/cert-tests/csr-invalid.der delete mode 100644 tests/cert-tests/detached.p7b delete mode 100755 tests/cert-tests/email delete mode 100644 tests/cert-tests/email-certs/chain.exclude.test.example.com delete mode 100644 tests/cert-tests/email-certs/chain.invalid.example.com delete mode 100644 tests/cert-tests/email-certs/chain.test.example.com delete mode 100644 tests/cert-tests/email-certs/chain.test.example.com-2 delete mode 100644 tests/cert-tests/full.p7b delete mode 100644 tests/cert-tests/full.p7b.out delete mode 100755 tests/cert-tests/invalid-sig delete mode 100644 tests/cert-tests/invalid-sig.pem delete mode 100644 tests/cert-tests/invalid-sig2.pem delete mode 100644 tests/cert-tests/invalid-sig3.pem delete mode 100755 tests/cert-tests/name-constraints delete mode 100644 tests/cert-tests/name-constraints-ip.pem delete mode 100644 tests/cert-tests/name-constraints-ip2.pem delete mode 100644 tests/cert-tests/p7-combined.out delete mode 100755 tests/cert-tests/pkcs7 delete mode 100644 tests/cert-tests/pkcs7-detached.txt delete mode 100755 tests/cert-tests/privkey-import delete mode 100644 tests/cert-tests/privkey1.pem delete mode 100644 tests/cert-tests/privkey2.pem delete mode 100644 tests/cert-tests/privkey3.pem delete mode 100644 tests/cert-tests/single-ca.p7b delete mode 100644 tests/cert-tests/single-ca.p7b.out delete mode 100644 tests/cert-tests/template-generalized.pem delete mode 100644 tests/cert-tests/template-generalized.tmpl delete mode 100644 tests/cert-tests/template-unique.pem delete mode 100644 tests/cert-tests/template-unique.tmpl delete mode 100644 tests/cert-tests/very-long-dn.pem delete mode 100644 tests/crlverify.c delete mode 100644 tests/custom-urls.c delete mode 100644 tests/dane.c delete mode 100644 tests/dsa/dsa-pubkey-1018.pem delete mode 100644 tests/fallback-scsv.c delete mode 100644 tests/global-init-override.c delete mode 100644 tests/init_fds.c delete mode 100644 tests/key-import-export.c delete mode 100644 tests/key-tests/suppressions.valgrind delete mode 100644 tests/mini-alignment.c delete mode 100644 tests/mini-chain-unsorted.c delete mode 100644 tests/mini-dtls-discard.c delete mode 100644 tests/mini-dtls-fork.c delete mode 100644 tests/mini-dtls-lowmtu.c delete mode 100644 tests/mini-dtls-mtu.c delete mode 100644 tests/mini-dtls-pthread.c delete mode 100644 tests/mini-dtls-record-asym.c delete mode 100644 tests/mini-dtls0-9.c delete mode 100644 tests/mini-etm.c delete mode 100644 tests/mini-extension.c delete mode 100644 tests/mini-key-material.c delete mode 100644 tests/mini-record-failure.c delete mode 100644 tests/mini-record-retvals.c delete mode 100644 tests/mini-rehandshake-2.c delete mode 100644 tests/mini-server-name.c delete mode 100644 tests/mini-session-verify-function.c delete mode 100644 tests/mini-supplementaldata.c delete mode 100644 tests/mini-tls-nonblock.c delete mode 100644 tests/mini-x509-cert-callback.c delete mode 100644 tests/mini-x509-default-prio.c delete mode 100644 tests/no-signal.c delete mode 100644 tests/oids.c delete mode 100644 tests/openpgp-callback.c delete mode 100644 tests/openpgp-certs/suppressions.valgrind delete mode 100644 tests/pcert-list.c delete mode 100644 tests/pkcs12-decode/sha256.p12 delete mode 100644 tests/pkcs12-decode/suppressions.valgrind delete mode 100644 tests/pkcs7-gen.c delete mode 100644 tests/pkcs8-decode/openssl-3des.p8 delete mode 100644 tests/pkcs8-decode/openssl-3des.p8.txt delete mode 100644 tests/pkcs8-decode/openssl-aes128.p8 delete mode 100644 tests/pkcs8-decode/openssl-aes128.p8.txt delete mode 100644 tests/pkcs8-decode/openssl-aes256.p8 delete mode 100644 tests/pkcs8-decode/openssl-aes256.p8.txt delete mode 100644 tests/pkcs8-decode/suppressions.valgrind delete mode 100644 tests/pkcs8-key-decode.c delete mode 100644 tests/prf.c delete mode 100644 tests/set_x509_key_file.c delete mode 100644 tests/set_x509_key_mem.c delete mode 100644 tests/sign-md5-rep.c delete mode 100644 tests/slow/cipher-override.c delete mode 100644 tests/slow/cipher-override2.c delete mode 100644 tests/slow/hash-large.c rename tests/{ => slow}/keygen.c (100%) delete mode 100644 tests/slow/mac-override.c delete mode 100755 tests/slow/override-ciphers delete mode 100755 tests/slow/test-ciphers delete mode 100755 tests/slow/test-hash-large delete mode 100644 tests/status-request-ok.c delete mode 100644 tests/status-request.c delete mode 100644 tests/strict-der.c delete mode 100644 tests/suite/pkcs11-combo.c delete mode 100644 tests/suite/pkcs11-is-known.c delete mode 100644 tests/suite/pkcs11-privkey.c delete mode 100644 tests/suite/pkcs11-pubkey-import-ecdsa.c delete mode 100644 tests/suite/pkcs11-pubkey-import-rsa.c delete mode 100644 tests/suite/testcompat-common delete mode 100755 tests/suite/testcompat-main-openssl delete mode 100755 tests/suite/testcompat-main-polarssl delete mode 100644 tests/suite/testpkcs11.pkcs15 delete mode 100644 tests/suite/testpkcs11.sc-hsm delete mode 100755 tests/suite/testpkcs11.softhsm delete mode 100644 tests/x509-verify-with-crl.c delete mode 100644 tests/x509cert-dir/ca.pem delete mode 100644 tests/x509cert-invalid.c delete mode 100644 tests/x509sign-verify2.c diff --git a/ChangeLog b/ChangeLog index 14897e9..79e9127 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,10363 +1,3 @@ -2016-04-10 Nikos Mavrogiannopoulos - - * NEWS: released 3.4.11 - -2016-04-10 Nikos Mavrogiannopoulos - - * configure.ac: tests: do not enable valgrind in non-git builds - -2016-04-09 Nikos Mavrogiannopoulos - - * lib/x509/ocsp_output.c, lib/x509/output.c: x509 output: don't warn - about insecure algorithm when unknown - -2016-04-09 Nikos Mavrogiannopoulos - - * tests/suite/Makefile.am, tests/suite/testcompat-openssl.sh: tests: - disable unsupported curves from compatibility checks This allows running make check even when compiling with - disable-suiteb-curves. - -2016-03-31 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c: dtls: added missing dtls.h to state.c - -2016-04-09 Nikos Mavrogiannopoulos - - * configure.ac, m4/hooks.m4: bumped version - -2016-04-09 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2016-04-09 Nikos Mavrogiannopoulos - - * lib/minitasn1/coding.c, lib/minitasn1/decoding.c, - lib/minitasn1/element.c, lib/minitasn1/element.h, - lib/minitasn1/int.h, lib/minitasn1/libtasn1.h, - lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h, - lib/minitasn1/structure.c: minitasn1: updated to latest git version - -2016-04-08 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: doc: Replace references to select with poll - and other fixes - -2016-04-08 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: doc: replace inaccurate sentence with - reference to gnutls_record_discard_queued [ci skip] - -2016-04-08 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c: gnutls_record_get_direction: doc update [ci - skip] - -2016-04-08 Nikos Mavrogiannopoulos - - * tests/x509sign-verify2.c: tests: reduce the number of loops in - x509sign-verify2 This enables running the test in reasonable time under valgrind. - -2016-04-08 Nikos Mavrogiannopoulos - - * lib/pkix.asn, lib/pkix_asn1_tab.c: pkix.asn: corrected byKey - definition OCSP is defined in an EXPLICIT tags module, and as such we must tag - explicitly all of its tags. - -2016-04-05 Nikos Mavrogiannopoulos - - * lib/x509/name_constraints.c: name constraints: enforce the rules - for IP constraints when adding This will prevent gnutls from generating badly formed certificates. - -2016-04-05 Nikos Mavrogiannopoulos - - * lib/x509/common.c, lib/x509/common.h, lib/x509/x509.c: - _gnutls_parse_general_name2: allow parsing empty names This allows parsing empty general names such as an empty DNSname - used in name constraints. - -2016-04-02 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2016-04-02 Nikos Mavrogiannopoulos - - * src/ocsptool-common.c: ocsptool: use HTTP/1.0 for requests This avoids issue with servers serving chunk encoding which ocsptool - doesn't support. Reported by Thomas Klute. - -2016-03-30 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2016-03-29 Nikos Mavrogiannopoulos - - * tests/cert-tests/certtool-long-cn: tests: delete outfile in - certtool-long-cn - -2016-03-29 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/name-constraints, - tests/cert-tests/name-constraints-ip2.pem: tests: verify the output - of name constraints IP decoding - -2016-03-30 Nikos Mavrogiannopoulos - - * lib/x509/output.c: x509/output: simplified cidr_to_string() - -2016-03-29 Nikos Mavrogiannopoulos - - * lib/x509/output.c: x509/output: print RFC5280 CIDRs in name - constraints - -2016-03-30 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2016-03-30 Nikos Mavrogiannopoulos - - * lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_state.c: dtls: - reset the record number sliding window on gnutls_record_set_state() This addresses issue where gnutls_record_set_state() was called with - a new state but the sliding window information was not updated, thus - blocking any incoming packets. Resolves #82 - -2016-03-29 Nikos Mavrogiannopoulos - - * lib/gnutls_record.c: DTLS: save last valid record sequence number This will allow to report a valid number to - gnutls_record_get_state() callers in case of DTLS. Reported by - Fridolin Pokorny. - -2016-03-29 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c: gnutls_record_get_state: Allow for NULL - parameters - -2016-03-24 Nikos Mavrogiannopoulos - - * src/ocsptool.c: ocsptool: don't exit with error code on - verification failures when --ignore-errors is given - -2016-03-23 Nikos Mavrogiannopoulos - - * src/ocsptool.c: ocsptool: exit with error on verification failures - -2016-03-23 Nikos Mavrogiannopoulos - - * lib/x509/ocsp.c: ocsp: gnutls_ocsp_resp_verify_direct will skip - additional checks for certificates matching issuer That eliminates issue with ocsptool rejecting OCSP responses signed - by the same CA that signed the certificate. Reported by Thomas - Klute. - -2016-03-23 Nikos Mavrogiannopoulos - - * src/ocsptool-args.def, src/ocsptool.c: ocsptool: Allow saving - responses even if verification fails In addition do not enter a spurious newline to responses. - -2016-03-23 Maya Rashish - - * tests/dtls/dtls-stress.c: Avoid using strerror in dtls stress test Using it results in build failure on NetBSD: undefined reference to - `rpl_strerror' - -2016-03-23 Maya Rashish - - * tests/utils.h: Add missing header to testsuite This causes a problem for NetBSD+clang tests, because SIGTERM and - kill are undefined. Resolves #80 Signed-off-by: Maya Rashish - -2016-03-18 Nikos Mavrogiannopoulos - - * NEWS: doc update [ci skip] - -2016-03-18 Nikos Mavrogiannopoulos - - * tests/mini-x509-callbacks.c: tests: verify that the - post-client-hello callback has access to ALPN data - -2016-03-18 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c: handshake: parse the mandatory to parse - extension prior to any callback call This relates to the change of ALPN extension to mandatory to parse, - and allows applications to get ALPN data prior to handshake - completion. - -2016-03-18 Nikos Mavrogiannopoulos - - * tests/resume.c: tests: added checks for session resumption and - ALPN This checks whether the ALPN extension is re-read on resumption and - is negotiated. - -2016-02-11 Nikos Mavrogiannopoulos - - * tests/resume.c: tests: resume: simplified structure assignment - using C99 syntax - -2016-03-15 Yuriy M. Kaminskiy - - * lib/ext/alpn.c: alpn: ALPN state is per-connection, it should not - be saved with session data In addition the extension was moved to the mandatory to parse to - ensure it is always parsed when sessions are resumed. rfc7301: Unlike many other TLS extensions, this extension does not - establish properties of the session, only of the connection. - When session resumption or session tickets [RFC5077] are used, the - previous contents of this extension are irrelevant, and only the - values in the new handshake messages are considered. Signed-off-by: Yuriy M. Kaminskiy Signed-off-by: - Nikos Mavrogiannopoulos - -2016-03-16 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/x86-common.c: x86-common: CPUID override will - only work if CPU has already the capability present This resolves test suite failure on CPUs with limited capabilities. - Reported by Andreas Metzler. - -2016-03-16 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2016-03-16 Nikos Mavrogiannopoulos - - * lib/ext/server_name.c: gnutls_server_name_set: accept non-null - terminated hostnames The introduction of IDNA support introduced a regression and this - function does not operate correctly when given non-null terminated - strings. Reported by Tim Ruehsen. Relates #78 - -2016-03-16 Nikos Mavrogiannopoulos - - * tests/mini-server-name.c: tests: added check for non-null - terminated server name This checks whether a non-null terminated server name, but with - correct length is correctly accepted by gnutls_server_name_set(). Relates #78 - -2016-03-15 Nikos Mavrogiannopoulos - - * tests/cert-tests/template-nc.pem: tests: template-test was updated - for OCSP key purpose reordering - -2016-03-15 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2016-03-15 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: do not require a CA for OCSP signing This follows the recommendations in RFC6960 in 4.2.2.2 which allow a - CA to delegate OCSP signing to another certificate without requiring - it to be a CA. Reported by Thomas Klute. - -2016-03-13 Nikos Mavrogiannopoulos - - * devel/ABI-x86_64.dump, devel/abi-unchecked-symbols, - devel/abi-unchecked-symbols.txt: abi-check: corrected type of - gnutls_x509_crl_get_issuer_dn That will avoid any accidental ABI breakage on that symbol. - -2016-03-11 Nikos Mavrogiannopoulos - - * .gitlab-ci.yml: .gitlab-ci.yml: added abi-checker rule This allows to test ABI incompatibilities as soon as possible. - -2016-03-11 Nikos Mavrogiannopoulos - - * Makefile.am, devel/ABI-dane-x86_64.dump, devel/ABI-x86_64.dump, - devel/abi-unchecked-symbols, devel/abi-unchecked-symbols.txt, - devel/abi.xml, devel/abi3.2.xml, devel/abi3.4.xml: Makefile: made - abi-checks self-contained That is, they no longer assume a given directory structure to exist - outside git. It now includes a static dump of the symbols in 3.4.0 - for x86_64 and we compare with it. - -2016-03-11 Nikos Mavrogiannopoulos - - * src/cli.c: gnutls-cli: fix invalid initialization in - cert_verify_ocsp() - -2016-03-08 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2016-03-08 Jan Vcelak - - * lib/pkcs11_privkey.c: pkcs11: implement correct DSA key pair - generating Signed-off-by: Jan Vcelak - -2016-02-25 Jan Vcelak - - * lib/pkcs11_int.c, lib/pkcs11_int.h: pkcs11: add interface for - C_GenerateKey Signed-off-by: Jan Vcelak - -2016-03-08 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11.sh: tests: testpkcs11: the test will always - fail in code path failures - -2016-03-07 Nikos Mavrogiannopoulos - - * tests/mini-loss-time.c: tests: mini-loss-time: improved timeout - detection - -2016-02-15 Nikos Mavrogiannopoulos - - * tests/mini-loss-time.c: tests: mini-loss-time: ensure client - timeouts after the server is This addresses issue with the server detecting the client - disconnection prior to its timeout. Reported by Steven Chamberlain, - Andreas Metzler. - -2016-03-07 Nikos Mavrogiannopoulos - - * lib/gnutls_ui.c: gnutls_ocsp_status_request_is_checked: document - the version the flag was introduced at - -2016-03-07 Nikos Mavrogiannopoulos - - * doc/doc.mk: doc: generate manpages for all functions That addresses issue where certain manpages were created empty. See - https://bugzilla.redhat.com/show_bug.cgi?id=1306800 - -2016-03-07 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: doc: mention - gnutls_certificate_set_x509_trust_dir() It was not mentioned in the "Client or server certificate - verification" section. Resolves #76 - -2016-03-03 Nikos Mavrogiannopoulos - - * tests/slow/Makefile.am: tests: include test-hash-large into dist - -2016-03-03 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2016-03-03 Nikos Mavrogiannopoulos - - * po/zh_CN.po.in: Sync with TP [ci skip] - -2016-03-01 Nikos Mavrogiannopoulos - - * lib/gnutls_global.c: Disable weak symbols for - _gnutls_global_init_skip() under windows That is to avoid an issue with running gnutls under windows; that - renders GNUTLS_SKIP_GLOBAL_INIT a no-op under windows. Relates #74 - -2016-02-29 Nikos Mavrogiannopoulos - - * configure.ac, m4/hooks.m4: bumped version [ci skip] - -2016-02-29 Nikos Mavrogiannopoulos - - * lib/ext/ecc.c: ecc: optimized extension parsing - -2016-02-29 Nikos Mavrogiannopoulos - - * NEWS: doc update [ci skip] - -2016-02-29 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c: timespec_sub_ms: fixed operation in 32-bit - systems - -2016-02-29 Nikos Mavrogiannopoulos - - * lib/pkcs11.c, lib/pkcs11_int.h: pkcs11: Fixes to prevent undefined - behavior (found with libubsan) - -2016-02-29 Nikos Mavrogiannopoulos - - * lib/nettle/cipher.c: cipher.c: Fixes to prevent undefined behavior - (found with libubsan) - -2016-02-29 Nikos Mavrogiannopoulos - - * lib/opencdk/misc.c: opencdk: Fixes to prevent undefined behavior - (found with libubsan) - -2016-02-29 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/gnutls.h.in: gnutls.h: Fixes to prevent - undefined behavior (found with libubsan) - -2016-02-29 Nikos Mavrogiannopoulos - - * lib/gnutls_mem.h, lib/x509/x509.c: x509: Fixes to prevent - undefined behavior (found with libubsan) - -2016-02-28 Andreas Metzler - - * src/p11tool-args.def: Let p11tool --provider option accept - filenames. Drop 'file-exists = yes;' to allow specifying either an absolute - pathname or a file in P11_MODULE_PATH. - -2016-02-27 Nikos Mavrogiannopoulos - - * tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-is-known.c, - tests/suite/softhsm.h, tests/suite/testpkcs11.softhsm, - tests/utils.c, tests/utils.h: tests: enable softhsmv2 test suite by - default Also do not fatally fail with known softhsmv2 bugs. - -2016-02-27 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2016-02-26 Jan Vcelak - - * tests/suite/testpkcs11.sh: pkcs11: tests for RSA, ECC, DSA private - key import Signed-off-by: Jan Vcelak - -2016-02-26 Jan Vcelak - - * tests/suite/testpkcs11.sh: pkcs11: tests for DSA key generating Signed-off-by: Jan Vcelak - -2016-02-27 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: added getpid() to the list of system calls - used - -2016-02-25 Jan Vcelak - - * lib/x509/privkey_pkcs8.c: gnutls_x509_privkey_import: add missing - algorithm setting for DSA keys The algorithm number was set only in the private key structure, not - in the nested structure with parameters. This made certain - operations to fail (e.g., copying the key into a PKCS #11 token). Signed-off-by: Jan Vcelak - -2016-02-24 Sebastian Dröge - - * configure.ac: configure: Android is ELF too Without this, compiling Android for x86 or x86-64 fails because the - assembly optimizations are not compiled in. - -2016-02-18 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2016-02-18 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/pcert-list.c: tests: added tests for - gnutls_pcert_list_import_x509_raw() - -2016-02-18 Nikos Mavrogiannopoulos - - * lib/x509/x509.c: gnutls_x509_crt_list_import: corrected memory - leak This was triggered if GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED was - specified and a failure occurred. - -2016-02-18 Nikos Mavrogiannopoulos - - * lib/x509/common.c: _gnutls_sort_clist: fixed issues when used with - func option This function would incorrectly call func() on elements that were - included in the list, and would not call func() if the size of the - final chain was one. - -2016-02-13 Nikos Mavrogiannopoulos - - * lib/algorithms/secparams.c: DH/DSA: allow the generation of larger - than 15360 bit parameters - -2016-02-13 Nikos Mavrogiannopoulos - - * tests/slow/hash-large.c: tests: eliminated mem leak in hash-large - -2016-02-12 Nikos Mavrogiannopoulos - - * NEWS: doc update [ci skip] - -2016-02-12 Nikos Mavrogiannopoulos - - * tests/slow/Makefile.am, tests/slow/hash-large.c, - tests/slow/test-hash-large: tests: check whether large buffer hashes - and MAC work as expected - -2016-02-12 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/hmac-padlock.c, - lib/accelerated/x86/hmac-x86-ssse3.c, - lib/accelerated/x86/sha-padlock.c, - lib/accelerated/x86/sha-padlock.h, - lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/mac.c: nettle: use - the correct type for hash and MAC functions - -2016-02-11 Nikos Mavrogiannopoulos - - * src/benchmark-cipher.c: gnutls-cli: improved indentation in - benchmark output - -2016-02-10 Nikos Mavrogiannopoulos - - * tests/set_pkcs12_cred.c: tests: set_pkcs12_cred: existing tests - are disabled when in FIPS140-2 mode The tests require access to the RC4 cipher which is not available. - -2016-02-09 Andreas Metzler - - * doc/cha-gtls-app.texi: improve doc on special keywords in priority - string Special keywords in priority strings like %COMPAT may not be - prefixed with +, - or !, "NORMAL:+%COMPAT is invalid. - -2016-02-06 Attila Molnar - - * doc/cha-cert-auth.texi, doc/cha-gtls-app.texi, - doc/cha-tokens.texi, lib/gnutls_auth.c, lib/gnutls_dtls.c, - lib/gnutls_extensions.c, src/tpmtool-args.def: doc: Fix some typos - -2016-02-06 Attila Molnar - - * doc/cha-gtls-app.texi, src/certtool-cfg.c, src/serv-args.def: - Remove remaining RSA-EXPORT support leftovers from doc and messages - -2016-02-03 Nikos Mavrogiannopoulos - - * tests/suite/pkcs11-pubkey-import-ecdsa.c: tests: - pkcs11-pubkey-import-ecdsa will only work under softhsmv2 - -2016-02-03 Nikos Mavrogiannopoulos - - * NEWS, configure.ac, m4/hooks.m4: bumped version - -2016-01-31 Andreas Metzler - - * lib/gnutls_pubkey.c, lib/openpgp/gnutls_openpgp.c, - lib/x509/pkcs12_bag.c, lib/x509/x509.c, lib/x509/x509_ext.c, - src/certtool-cfg.c: Fix some more typos. certifcate, funtion, withing, missmatch - -2016-01-31 Nikos Mavrogiannopoulos - - * NEWS: doc update [ci skip] - -2016-01-30 Nikos Mavrogiannopoulos - - * tests/cert-tests/template-date.pem, - tests/cert-tests/template-dn.pem, - tests/cert-tests/template-generalized.pem, - tests/cert-tests/template-nc.pem, - tests/cert-tests/template-overflow.pem, - tests/cert-tests/template-overflow2.pem, - tests/cert-tests/template-test.pem, - tests/cert-tests/template-unique.pem: Revert "tests: updated to - account for cert generation after - 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix" This reverts commit 735dbde324be6c8785a3dea5f09c82b6a8ad298b. - -2016-01-30 Nikos Mavrogiannopoulos - - * lib/x509/x509_ext.c: Revert "Fix out-of-bounds read in - gnutls_x509_ext_export_key_usage" This was not really an out-of-bounds check. Added documentation to - make that clear. This reverts commit ffbc9aaea7dcf29c03784d128b83f0682357858d. - -2016-01-18 Nikos Mavrogiannopoulos - - * lib/gnutls_global.c: gnutls_global_init: log gnutls' version on - initialization - -2016-01-18 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: doc: corrected typo [ci skip] - -2016-01-14 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-08-26 Nikos Mavrogiannopoulos - - * lib/x509/output.c: x509: tolerate missing subject or issuer fields - -2016-01-13 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c: gnutls_pubkey_import_x509_raw: fixed memory - leak - -2016-01-11 Nikos Mavrogiannopoulos - - * lib/x509/output.c: x509: place newline when printing unsupported - othernames - -2016-01-10 Nikos Mavrogiannopoulos - - * NEWS: doc update [ci skip] - -2016-01-10 Nikos Mavrogiannopoulos - - * lib/ext/alpn.c: alpn: when parsing the list of protocols return at - the first mutually common That resolves an issue where the server wouldn't select the first - mutually supported. Resolves #63 - -2016-01-10 Nikos Mavrogiannopoulos - - * tests/mini-alpn.c: tests: mini-alpn: corrected protocol selection - order - -2016-01-10 Nikos Mavrogiannopoulos - - * tests/mini-alpn.c: tests: alpn: enhance the testing of ALPN - negotiation - -2016-01-09 Nikos Mavrogiannopoulos - - * lib/ext/alpn.c: alpn: document how the selected protocol is - selected [ci skip] - -2016-01-09 Nikos Mavrogiannopoulos - - * tests/mini-alpn.c: tests: verify that the selected ALPN protocol - is the first advertised - -2015-12-15 Nikos Mavrogiannopoulos - - * Makefile.am, src/Makefile.am: build: fix make distclean by - including src/gl only once - -2016-01-08 Nikos Mavrogiannopoulos - - * symbols.last: symbols.last: added new symbol - -2016-01-08 Nikos Mavrogiannopoulos - - * NEWS, configure.ac, m4/hooks.m4: bumped version - -2016-01-07 Nikos Mavrogiannopoulos - - * lib/x509/verify-high.c: trust_list_get_issuer_by_dn: fixed check - for DN or SPKI - -2016-01-07 Nikos Mavrogiannopoulos - - * Makefile.am: symbols.last: don't include internal symbols into - exported list - -2016-01-07 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated - auto-generated files - -2016-01-07 Nikos Mavrogiannopoulos - - * configure.ac: configure: no longer distribute lzip tarballs - -2016-01-05 Nikos Mavrogiannopoulos - - * tests/cert-tests/template-date.pem, - tests/cert-tests/template-dn.pem, - tests/cert-tests/template-generalized.pem, - tests/cert-tests/template-nc.pem, - tests/cert-tests/template-overflow.pem, - tests/cert-tests/template-overflow2.pem, - tests/cert-tests/template-test.pem, - tests/cert-tests/template-unique.pem: tests: updated to account for - cert generation after 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix - -2016-01-04 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2016-01-04 Tim Kosse - - * lib/x509/x509_ext.c: Fix out-of-bounds read in - gnutls_x509_ext_export_key_usage - -2015-12-31 Nikos Mavrogiannopoulos - - * .gitlab-ci.yml: .gitlab-ci.yml: optimized build process That is, in slow asan and valgrind builds don't check the full test - suite. - -2015-12-31 Nikos Mavrogiannopoulos - - * NEWS: doc update [ci skip] - -2015-12-31 Nikos Mavrogiannopoulos - - * NEWS: doc update [ci skip] - -2015-12-31 Nikos Mavrogiannopoulos - - * lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey2: corrected - the writing of ECC private key - -2015-12-31 Nikos Mavrogiannopoulos - - * tests/suite/Makefile.am, - tests/suite/pkcs11-pubkey-import-ecdsa.c, - tests/suite/pkcs11-pubkey-import-rsa.c, - tests/suite/pkcs11-pubkey-import.c: tests: pkcs11-pubkey-import will - check both RSA and ECDSA keys - -2015-12-31 Nikos Mavrogiannopoulos - - * lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey2: corrected - the type of the written object Previously only RSA objects were correctly written. - -2015-12-31 Nikos Mavrogiannopoulos - - * tests/cert-common.h: tests: added ECDSA key in cert-common.h - -2015-12-31 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: pkcs11: import public keys from any - available object That is, load public keys from the public key object, or the - certificate object if they are present. That affects non-RSA public - keys which do not contain all required fields on the private key - object. - -2015-12-31 Nikos Mavrogiannopoulos - - * lib/gnutls_db.h: session DB: made the magic number depending on - gnutls' version That will make sure that sessions not stored by this version of - gnutls will not be resumed by another (which may be incompatible). - -2015-12-26 Andreas Metzler - - * README, lib/ext/srtp.c, lib/gnutls_priority.c, lib/locks.c, - lib/opencdk/keydb.c, lib/x509/pkcs7.c, - tests/mini-handshake-timeout.c: Fix some typos [ci skip] - -2015-12-24 Nikos Mavrogiannopoulos - - * NEWS: NEWS: doc update [ci skip] - -2015-12-23 Nikos Mavrogiannopoulos - - * lib/ext/max_record.c: max_record: don't consider this extension on - DTLS That is because it doesn't work as expected, and does not fragment - handshake messages. Relates with #61 - -2015-12-22 Nikos Mavrogiannopoulos - - * doc/cha-crypto.texi, lib/includes/gnutls/gnutls.h.in: updated - documentation on supported algorithms [ci skip] - -2015-12-22 Nikos Mavrogiannopoulos - - * doc/cha-intro-tls.texi: Added SHA384 to the list of TLS support - MAC algorithms - -2015-12-18 Nikos Mavrogiannopoulos - - * tests/no-signal.c: tests: don't run the no-signal test in systems - which MSG_NOSIGNAL is not available - -2015-12-18 Nikos Mavrogiannopoulos - - * doc/manpages/tpmtool.1: doc: manpages: remove generated tpmtool.1 - page - -2015-12-17 Alon Bar-Lev - - * .gitignore: .gitignore: add m4/extern-inline.m4 - -2015-12-17 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-12-17 Nikos Mavrogiannopoulos - - * tests/cert-tests/pkcs7: tests: added check to verify that the - PKCS#7 embedded data are recovered as expected - -2015-12-17 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool.c: certtool: introduced the - --p7-show-data option This option allows printing the embedded data in a PKCS#7 signed - structure. - -2015-12-17 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c: - gnutls_pkcs7_get_embedded_data: added function This function allows extracting the embedded data from a PKCS#7 - signed structure. - -2015-12-16 Nikos Mavrogiannopoulos - - * tests/pkcs7-gen.c: tests: updated pkcs7-gen to account for - content-type attribute - -2015-12-16 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-12-16 Nikos Mavrogiannopoulos - - * tests/cert-tests/pkcs7: tests: check whether the content-type - attribute is set if we sign using time - -2015-12-16 Nikos Mavrogiannopoulos - - * lib/x509/pkcs7.c: pkcs7: set by default the content type attribute That is a requirement of rfc5652. Relates #59 - -2015-12-16 Nikos Mavrogiannopoulos - - * lib/x509/crq.c, lib/x509/mpi.c, lib/x509/pkcs7.c, - lib/x509/sign.c, lib/x509/x509_int.h: pkcs7: use the - PK_PKIX1_RSA_OID when writing RSA signature OIDs for PKCS#7 - structures That is because there are implementations which cannot cope with the - normal RSA signature OIDs. Relates #59 - -2015-12-16 Nikos Mavrogiannopoulos - - * lib/x509/pkcs7.c, tests/cert-tests/p7-combined.out: pkcs7: Disable - the optional fields prior to generating the PKCS#7 structure This resolves issue with our PKCS#7 structures not being parsed by - MacOSX' tools. Relates #59 - -2015-12-15 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: warn if an ECDSA key is marked for - encryption - -2015-12-15 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: corrected invalid free - -2015-12-15 Nikos Mavrogiannopoulos - - * lib/gnutls_session_pack.c, lib/gnutls_state.c, lib/gnutls_ui.c: - make sure gnutls_assert is present at the cases where - GNUTLS_E_INTERNAL_ERROR is returned - -2015-12-14 Gustavo Zacarias - - * configure.ac: configure: really make --disable-crywrap work The crywrap variable is set regardless of the state of - enable_crywrap, hence --disable-crywrap never works. Just put the - tests for crywrap deps inside the enable_crywrap conditional. Signed-off-by: Gustavo Zacarias - -2015-12-14 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-11-12 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c: updated chacha20 ciphers to conform - to latest draft - -2015-11-07 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c, - lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c, - lib/gnutls_int.h: Modified the CHACHA20 cipher to conform to - draft-ietf-tls-chacha20-poly1305-02 - -2015-12-10 Nikos Mavrogiannopoulos - - * src/cli-debug.c: gnutls-cli-debug: rephrased inappropriate - fallback test description to match the rest - -2015-12-13 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-12-13 Nikos Mavrogiannopoulos - - * .gitlab-ci.yml: .gitlab-ci.yml: valgrind build was moved at the - end as it is the slowest build - -2015-12-13 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool.c: certtool: the - --p7-include-cert option is enabled by default This allows to generate PKCS#7 structures by default that can be - read by iOS. - -2015-12-13 sskaje - - * src/certtool-args.def, src/certtool.c: #56 Feature: certtool - --p7-sign support GNUTLS_PKCS7_INCLUDE_CERT - -2015-12-08 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: Do not allow importing public keys from PKCS - #11 private keys for DSA and ECDSA This prevents the reading of the public key when non-RSA keys are - available. This is a much cleaner approach than - 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0. - -2015-12-08 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h, - lib/pkcs11_privkey.c: Revert "Do not allow importing public keys - from PKCS #11 private keys for DSA and ECDSA" This reverts commit 9146ba63f5aa48358cb80aa7ccf9131cf2abdbe6. - -2015-12-06 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/cert-common.h: tests: cert-common.h: - backported from master branch - -2015-12-06 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-12-06 Nikos Mavrogiannopoulos - - * tests/suite/Makefile.am, tests/suite/pkcs11-pubkey-import.c: - tests: check whether gnutls_pubkey_import_privkey() operates well - for PKCS#11 RSA keys - -2015-12-06 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h, - lib/pkcs11_privkey.c: Do not allow importing public keys from PKCS - #11 private keys for DSA and ECDSA That is, because they do not contain all the required parameters for - a direct import. Reported by Jan Vcelak. - -2015-12-06 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: pkcs11: avoid setting a variable which isn't - used - -2015-12-06 Nikos Mavrogiannopoulos - - * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11: - deinitialize gnutls_pkcs11_obj_t's pubkey on deinit - -2015-12-06 Jan Vcelak - - * lib/pkcs11_privkey.c: pkcs11: fix passing of incorrect variable in - privkey_get_pubkey The code worked for RSA because the content of the variables - matched. But it doesn't match for ECC. CKM_RSA_PKCS_KEY_PAIR_GEN (0x0) == CKK_RSA (0x0) - CKM_ECDSA_KEY_PAIR_GEN (0x1040) != CKK_ECDSA (0x3) Signed-off-by: Jan Vcelak - -2015-12-02 Nikos Mavrogiannopoulos - - * src/benchmark-tls.c: gnutls-cli: don't use RSA ciphersuites to - test chacha20 as they are not defined - -2015-12-02 Nikos Mavrogiannopoulos - - * lib/x509/x509.c: documented bug in - gnutls_x509_crt_get_*_unique_id() - -2015-11-30 Nikos Mavrogiannopoulos - - * lib/x509/x509.c: allow specifying NULL buffer in - gnutls_x509_crt_get_*_unique_id() - -2015-11-25 Nikos Mavrogiannopoulos - - * tests/slow/override-ciphers, tests/slow/test-ciphers: tests: - cipher-test will forward the prog exit code as the script exit code - -2015-11-28 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am: tests: changes for running tests - under windows - -2015-11-28 Nikos Mavrogiannopoulos - - * .gitlab-ci.yml: .gitlab-ci.yml: backported from master - -2015-11-28 Nikos Mavrogiannopoulos - - * lib/x509/ocsp_output.c: ocsp_output: when next update is not - present don't print error message That is because this field is optional. Resolves #53 - -2015-11-26 Nikos Mavrogiannopoulos - - * tests/slow/Makefile.am, tests/slow/override-ciphers: tests: - override-ciphers will not run mac tests on windows There is some issue with symbols for self tests not being exported. - -2015-11-26 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/certtool: tests: - updates for certtool test to run under windows - -2015-11-25 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/aki, - tests/cert-tests/certtool, tests/cert-tests/certtool-long-cn, - tests/cert-tests/pathlen, tests/cert-tests/pem-decoding, - tests/cert-tests/pkcs7, tests/pkcs8-decode/pkcs8: tests: changes for - running tests under windows - -2015-11-25 Nikos Mavrogiannopoulos - - * lib/system.c: use consistent terms in system.c and - system-keys-win.c - -2015-11-28 Nikos Mavrogiannopoulos - - * .gitlab-ci.yml: .gitlab-ci.yml: backported from master - -2015-11-25 Nikos Mavrogiannopoulos - - * src/libopts/text_mmap.c: libopts: use the O_BINARY flag in windows - for files - -2015-11-25 Nikos Mavrogiannopoulos - - * src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3, - src/libopts/COPYING.mbsd, src/libopts/Makefile.am, - src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c, - src/libopts/ao-strs.c, src/libopts/ao-strs.h, - src/libopts/autoopts.c, src/libopts/autoopts.h, - src/libopts/autoopts/options.h, src/libopts/autoopts/project.h, - src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c, - src/libopts/check.c, src/libopts/compat/compat.h, - src/libopts/compat/pathfind.c, src/libopts/compat/windows-config.h, - src/libopts/configfile.c, src/libopts/cook.c, src/libopts/enum.c, - src/libopts/env.c, src/libopts/file.c, src/libopts/find.c, - src/libopts/genshell.c, src/libopts/genshell.h, - src/libopts/gettext.h, src/libopts/init.c, src/libopts/intprops.h, - src/libopts/libopts.c, src/libopts/load.c, - src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4, - src/libopts/m4/stdnoreturn.m4, src/libopts/makeshell.c, - src/libopts/nested.c, src/libopts/numeric.c, - src/libopts/option-value-type.c, - src/libopts/option-xat-attribute.c, src/libopts/parse-duration.c, - src/libopts/parse-duration.h, src/libopts/pgusage.c, - src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c, - src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c, - src/libopts/stack.c, src/libopts/stdnoreturn.in.h, - src/libopts/streqvcmp.c, src/libopts/text_mmap.c, - src/libopts/time.c, src/libopts/tokenize.c, src/libopts/usage.c, - src/libopts/version.c: libopts: updated to 5.18.6 - -2015-11-24 Nikos Mavrogiannopoulos - - * tests/slow/Makefile.am: tests: use gnulib where needed - -2015-11-24 Nikos Mavrogiannopoulos - - * cross.mk: cross.mk: updated windows cross compile makefile - -2015-11-24 Nikos Mavrogiannopoulos - - * tests/global-init-override.c: tests: disable global-init-override - test in windows Gcc does not support weak symbols on this platform. - -2015-11-24 Nikos Mavrogiannopoulos - - * src/socket.c: tools: don't call endservent in windows - -2015-11-22 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am: tests: included missing files - -2015-11-22 Nikos Mavrogiannopoulos - - * lib/nettle/cipher.c: added cast to silence gcc warning - -2015-11-22 Nikos Mavrogiannopoulos - - * NEWS: released 3.4.7 - -2015-11-21 Nikos Mavrogiannopoulos - - * lib/system-keys-win.c: system-keys-win: allow reinitialization of - the library after a deinitialization - -2015-11-21 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated - auto-generated files - -2015-11-21 Nikos Mavrogiannopoulos - - * doc/scripts/getfuncs.pl: getfuncs.pl: don't consider functions - with _gnutls prefix - -2015-11-21 Nikos Mavrogiannopoulos - - * lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map: gnutls_global_init_skip: prefixed with an - underscore - -2015-11-21 Nikos Mavrogiannopoulos - - * configure.ac, m4/hooks.m4: bumped version - -2015-11-20 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: check fread_file() for errors in all - situations This caused certtool to crash on invalid input on stdin. Reported - by Christoph Biedl. - -2015-11-19 Nikos Mavrogiannopoulos - - * lib/x509/x509_write.c: doc update - -2015-11-18 Nikos Mavrogiannopoulos - - * lib/gnutls_ui.c: gnutls_certificate_set_flags: Added since - -2015-11-18 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-11-18 Nikos Mavrogiannopoulos - - * tests/set_x509_key_mem.c: tests: check gnutls_certificate_flags - -2015-11-18 Nikos Mavrogiannopoulos - - * lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_ui.c, - lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added - gnutls_certificate_flags() and - GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH That allows a user of the credentials to disable the certificate - matching action. That is, to disable the calls to sign and verify on - initialization. - -2015-11-18 Nikos Mavrogiannopoulos - - * lib/Makefile.am: link with libdl when trousers is enabled; - reported by Andreas Schneider - -2015-11-18 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-11-18 Nikos Mavrogiannopoulos - - * lib/crypto-selftests.c: enhanced cipher selftests with variable - key sizes on arcfour - -2015-11-18 Nikos Mavrogiannopoulos - - * lib/nettle/cipher.c: Do not enforce a maximum key size on ARCFOUR That makes the library consistent with the behavior of previous - versions (3.3.x) - -2015-11-18 Nikos Mavrogiannopoulos - - * src/tests.c: gnutls-cli-debug: make TLS 1.6 fallback check more - reliable - -2015-11-18 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c, lib/x509/x509_write.c: doc update - -2015-11-16 Nikos Mavrogiannopoulos - - * .gitlab-ci.yml: .gitlab-ci.yml: disable non-suiteb curves in all - systems as we have multiple which are fedoras - -2015-11-16 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-11-16 Nikos Mavrogiannopoulos - - * tests/global-init-override.c, tests/global-init.c: tests: - corrected copyright info - -2015-11-16 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/global-init-override.c: tests: added - check for overriding global initialization - -2015-11-16 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: documented GNUTLS_SKIP_GLOBAL_INIT macro - -2015-11-16 Nikos Mavrogiannopoulos - - * lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow - programs skip implicit global initialization - -2015-11-15 Nikos Mavrogiannopoulos - - * .gitlab-ci.yml: .gitlab-ci.yml: backported - -2015-11-15 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: doc: document how to use gnutls with - seccomp - -2015-11-13 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-11-13 Nikos Mavrogiannopoulos - - * lib/auth/dh_common.c: deinitialize client_Y if needed to avoid - leak This is a more conservative fix comparing to - 0e370b7b34c96f7929f9070ad8287c6cf52e7901 ("deinitialize all - handshake keys when handshake is over"). - -2015-11-13 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c: Revert "deinitialize all handshake keys when - handshake is over" This reverts commit 0e370b7b34c96f7929f9070ad8287c6cf52e7901. - -2015-11-13 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-11-13 Nikos Mavrogiannopoulos - - * lib/x509/x509_write.c: - gnutls_x509_crt_set_subject/issuer_unique_id: added Since in doc - -2015-11-13 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c: doc update - -2015-11-13 Nikos Mavrogiannopoulos - - * doc/cha-crypto.texi, lib/includes/gnutls/pkcs7.h, - lib/x509/pkcs7.c: Added documentation on PKCS #7 signing - -2015-11-10 Nikos Mavrogiannopoulos - - * .gitlab-ci.yml: .gitlab-ci.yml: disable guile in asan builds - -2015-11-10 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c: deinitialize all handshake keys when handshake - is over - -2015-11-12 Nikos Mavrogiannopoulos - - * tests/suite/Makefile.am, tests/suite/eagain, - tests/suite/eagain.sh, tests/suite/invalid-cert, - tests/suite/invalid-cert.sh, tests/suite/testcompat-openssl.sh, - tests/suite/testcompat-polarssl.sh, tests/suite/testdane, - tests/suite/testdane.sh, tests/suite/testrandom, - tests/suite/testrandom.sh, tests/suite/testrng, - tests/suite/testrng.sh, tests/suite/testsrn, tests/suite/testsrn.sh: - tests: suite: more shell scripts were given the .sh suffix and - simplified makefile - -2015-11-10 Nikos Mavrogiannopoulos - - * tests/suite/Makefile.am, tests/suite/chain, tests/suite/chain.sh, - tests/suite/test-ciphersuite-names, - tests/suite/test-ciphersuite-names.sh, tests/suite/testpkcs11, - tests/suite/testpkcs11.sh: tests: suite: don't run shell scripts - with valgrind - -2015-11-10 Nikos Mavrogiannopoulos - - * tests/suite/testsrn: tests: testsrn: output errors on stderr - -2015-11-12 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-11-12 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/template-test, - tests/cert-tests/template-unique.pem, - tests/cert-tests/template-unique.tmpl: tests: verify that unique IDs - are generated as expected - -2015-11-12 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h, - src/certtool.c: certtool: Allow writing unique IDs in generated - certificates - -2015-11-12 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/x509.h, lib/libgnutls.map, - lib/x509/x509_write.c: Added gnutls_x509_crt_set_issuer_unique_id() - and gnutls_x509_crt_set_subject_unique_id() - -2015-11-12 Nikos Mavrogiannopoulos - - * lib/x509/output.c: properly indent unique IDs - -2015-11-11 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: documented the GNUTLS_NO_EXPLICIT_INIT - environment variable - -2015-11-11 Nikos Mavrogiannopoulos - - * lib/crypto-api.c: crypto-api: doc update - -2015-11-11 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-11-11 Nikos Mavrogiannopoulos - - * lib/auth/dhe.c, lib/auth/ecdhe.c: Allow switching a ciphersuite to - DHE and ECDHE on a rehandshake - -2015-11-09 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-11-09 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: eliminate leaks in _verify_x509_mem() - -2015-11-09 Nikos Mavrogiannopoulos - - * tests/suite/testdane: testdane: improved error detection in sites - -2015-11-09 Nikos Mavrogiannopoulos - - * tests/suite/Makefile.am, tests/suite/chain, - tests/suite/pkcs11-is-known.c, tests/suite/suppressions.valgrind, - tests/suite/testsrn, tests/suite/x509paths/suppressions.valgrind: - tests: suite: eliminate many leaks in the tests and run them under - valgrind - -2015-11-09 Nikos Mavrogiannopoulos - - * tests/openpgp-certs/Makefile.am, - tests/openpgp-certs/suppressions.valgrind, - tests/openpgp-certs/testcerts: tests: openpgp-certs: use valgrind - -2015-11-09 Nikos Mavrogiannopoulos - - * lib/openpgp/extras.c: openpgp: eliminate leaks in - gnutls_openpgp_keyring_import() - -2015-11-09 Nikos Mavrogiannopoulos - - * tests/suite/mini-eagain2.c: tests: eliminate leaks in - mini-eagain2.c - -2015-11-09 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: eliminate memory leaks in certificate - generation - -2015-11-09 Nikos Mavrogiannopoulos - - * tests/key-tests/Makefile.am, tests/key-tests/key-id, - tests/key-tests/pkcs8, tests/key-tests/suppressions.valgrind: tests: - key-tests: use valgrind - -2015-11-09 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c: gnutls_x509_crt_set_pubkey: clarify usage - -2015-11-09 Nikos Mavrogiannopoulos - - * tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12, - tests/pkcs12-decode/suppressions.valgrind: tests: run the PKCS #12 - tests under valgrind - -2015-11-09 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-11-09 Nikos Mavrogiannopoulos - - * lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: pkcs12: correctly set - salt size in gnutls_pkcs12_mac_info Also eliminate leaks in PKCS #12 parsing. - -2015-11-09 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: make sure that pkcs12 structures are - deinitialized - -2015-11-09 Nikos Mavrogiannopoulos - - * lib/crypto-backend.c: crypto-backend: ensure there are no leaks on - deinitialization - -2015-11-09 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c, tests/mini-etm.c, - tests/mini-record.c: Require TLS 1.2 for all the ciphersuites which - are defined for it only This solves an interoperability issue with openssl. Reported by - Viktor Dukhovni. - -2015-11-08 Nikos Mavrogiannopoulos - - * src/certtool-common.h, src/p11tool-args.def, src/p11tool.c, - src/pkcs11.c: p11tool: introduced --only-urls option This option allows printing a compact listing containing only of - URLs. - -2015-11-06 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-11-04 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-x509-default-prio.c: tests: added - check for gnutls_priority_set_default - -2015-11-06 Nikos Mavrogiannopoulos - - * .gitlab-ci.yml: .gitlab-ci.yml: use static libasan This prevents issues with tests which use LD_PRELOAD. - -2015-11-06 Nikos Mavrogiannopoulos - - * .gitlab-ci.yml: .gitlab-ci.yml: disable non-suiteb curves on build - on Fedora system - -2015-11-05 Nikos Mavrogiannopoulos - - * src/socket.c: tools: better ftp auth tls negotiation - -2015-11-03 Nikos Mavrogiannopoulos - - * src/socket.c: tools: only check for status code in FTP starttls - negotiation - -2015-11-03 Nikos Mavrogiannopoulos - - * src/socket.c: tools: print more info in starttls negotiation when - --verbose is given - -2015-11-03 Nikos Mavrogiannopoulos - - * lib/gnutls.pc.in: gnutls.pc: don't use the libtool version of the - link options Reported by Dan Kegel. Resolves #49 - -2015-10-29 Nikos Mavrogiannopoulos - - * lib/ext/heartbeat.c: removed inacurate text - -2015-10-21 Nikos Mavrogiannopoulos - - * doc/cha-bib.texi, doc/cha-intro-tls.texi, doc/latex/gnutls.bib: - doc: updated supplemental data documentation - -2015-10-21 Nikos Mavrogiannopoulos - - * tests/suite/testdane: tests: testdane will not check hosts which - are unreachable - -2015-10-20 Andreas Metzler - - * lib/auto-verify.c, lib/gnutls_state.c: Documentation update The new simple verification functions were backported to 3.4.6, - correct "Since:" to reflect this. - -2015-10-20 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated - auto-generated files - -2015-10-20 Nikos Mavrogiannopoulos - - * NEWS: released 3.4.6 - -2015-10-20 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: doc: documented future level - -2015-10-20 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-10-20 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h: pkcs11.h: relocated - gnutls_pkcs11_copy_pubkey to allow discovery by buggy doc scripts - -2015-10-20 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-10-20 Nikos Mavrogiannopoulos - - * lib/ext/ext_master_secret.c: ext master secret: extension is - marked as mandatory This forces the extension to be sent even where resuming sessions. - Resolves #45 - -2015-10-20 Nikos Mavrogiannopoulos - - * tests/resume.c: tests: Check whether a resumed session contains - the ext master secret extension Relates #45 - -2015-10-17 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-10-17 Nikos Mavrogiannopoulos - - * tests/suite/pkcs11-certs/server.pub, tests/suite/testpkcs11: - tests: adapted testpkcs11 for use with 3.4.x certtool - -2015-10-16 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11, tests/suite/testpkcs11.softhsm: tests: - verify that public keys are properly written Also disable parts of the suite that softhsm2 cannot properly work - with, to allow running parts of the suite even with broken softhsm. - -2015-10-17 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-10-16 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: Allow writing a PKCS #11 pubkey object - -2015-10-16 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, - lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11: - introduced gnutls_pkcs11_copy_pubkey That allows copying a public key to a PKCS #11 module. - -2015-10-17 Nikos Mavrogiannopoulos - - * doc/Makefile.am: doc: set a path which includes new binaries when - running autogen That makes sure that autogen will discover the binaries to obtain - the --help output. - -2015-10-17 Nikos Mavrogiannopoulos - - * src/cli-debug-args.def: gnutls-cli-debug: updated doc - -2015-10-16 Nikos Mavrogiannopoulos - - * src/cli-debug-args.def, src/cli-debug.c, src/cli.c, - src/danetool-args.def, src/danetool.c, src/socket.c, src/socket.h: - tools: when the starttls-proto is specified automatically detect the - port if not given - -2015-10-15 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-10-15 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-10-15 Nikos Mavrogiannopoulos - - * .gitlab-ci.yml: backport: .gitlab-ci.yml: combined the slow build - with the separate build dir - -2015-10-15 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphers.c, lib/gnutls_cipher_int.c, - lib/gnutls_priority.c: Disable the NULL cipher on runtime when - FIPS140 mode is enabled instead of statically That way the NULL cipher can be used when not in FIPS140 mode. - -2015-10-15 Nikos Mavrogiannopoulos - - * lib/algorithms.h, lib/algorithms/ciphers.c, lib/algorithms/kx.c, - lib/gnutls_int.h, lib/gnutls_priority.c: backport: Tolerate priority - strings with names of legacy ciphers and key exchanges That enables better backwards compatibility with old applications - which disable or enable algorithms which no longer are supported. - Relates #44 - -2015-10-15 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-10-15 Nikos Mavrogiannopoulos - - * lib/pkcs11_write.c: pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER - when writing on a certificate That allows NSS to read and use the written certificate. Relates - #43 - -2015-10-13 Nikos Mavrogiannopoulos - - * tests/sec-params.c: tests: enhanced sec-params check to account - for future sec-param - -2015-10-12 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-10-12 Nikos Mavrogiannopoulos - - * src/certtool-common.c: certtool: recognize the future sec-param - -2015-10-12 Nikos Mavrogiannopoulos - - * lib/algorithms/secparams.c, lib/includes/gnutls/gnutls.h.in: - Introduced the security parameter future (256) and switched ultra to - 192 bits For ultra, this was its documented strength, and now follows RFC3766 - recommendations for sizes. - -2015-10-12 Nikos Mavrogiannopoulos - - * src/certtool-common.c: certtool: be more specific on the help - message for --sec-param when --bits are given - -2015-10-07 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11.softhsm: tests: better detection of softhsm - library - -2015-10-07 Nikos Mavrogiannopoulos - - * configure.ac, m4/hooks.m4: bumped version - -2015-09-26 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-09-26 Nikos Mavrogiannopoulos - - * doc/cha-cert-auth.texi, doc/cha-gtls-app.texi, - doc/examples/ex-client-x509.c, lib/Makefile.am, lib/auto-verify.c, - lib/gnutls_alert.c, lib/gnutls_cert.c, lib/gnutls_errors.c, - lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c, - lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map, tests/Makefile.am, tests/auto-verify.c: - Backported new verification functions for clients from 3.5.x branch The major use-case for the TLS protocol is verification of PKIX - certificates. However, certificate verification support while is - similar for almost all projects it requires around 100 lines of code - (a callback) to be duplicated to all applications. That patch set - gets rid of the callback and simplifies certificate verification - support, by introducing a very simple API; one that would accept the - session and the hostname only. Resolves #27 - -2015-08-24 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/eagain-common.h, - tests/mini-session-verify-function.c: tests: added test for - gnutls_session_set_verify_function - -2015-08-24 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c, - lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added - gnutls_session_set_verify_function That allows to set a verification callback per session rather than - only globally on the credentials structure. - -2015-10-05 Nikos Mavrogiannopoulos - - * lib/gnutls_record.c: gnutls_record_recv: simplified text on - GNUTLS_E_REHANDSHAKE - -2015-09-22 Nikos Mavrogiannopoulos - - * src/certtool-common.c: certtool: print 16-bytes of hex values per - line Also avoid a colon on the end of the line. - -2015-09-21 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-09-19 Nikos Mavrogiannopoulos - - * src/certtool-common.c: certtool: switched the default level to - HIGH for key generation That requires 3072 bits for RSA and DSA keys. - -2015-09-19 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-09-18 Nikos Mavrogiannopoulos - - * src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def, - src/socket.c: tools: added xmpp into the starttls-proto options - -2015-09-18 Nikos Mavrogiannopoulos - - * src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def, - src/socket.c: tools: added ldap into the starttls-proto options - -2015-09-17 Nikos Mavrogiannopoulos - - * lib/system.c: system.c: simplify gnutls_system_recv_timeout - -2015-09-17 Nikos Mavrogiannopoulos - - * src/cli-debug.c: gnutls-cli-debug: use RFC7627 instead of - draft-ietf-tls-session-hash - -2015-09-17 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/gnutls.h.in: updated documentation on - gnutls_vdata_types_t based on DKG's suggestions - -2015-09-16 Daniel Kahn Gillmor - - * lib/gnutls_cert.c: improve docs for - gnutls_certificate_verify_peers*() The gnutls_certificate_verify_peers{,2,3}() functions all return - GNUTLS_E_SUCCESS (0) even in situations when the peer's certificate - was not verified. This is explained in the first paragraphs ("i.e. - failure to trust a certificate does not imply a negative return - value"), but the Returns: line isn't comparably clear. - -2015-09-14 Nikos Mavrogiannopoulos - - * lib/gnutls_str.c: _gnutls_hex2bin: avoid overrun in the provided - buffer - -2015-09-12 Nikos Mavrogiannopoulos - - * NEWS, configure.ac, m4/hooks.m4: bumped version - -2015-09-12 Nikos Mavrogiannopoulos - - * doc/manpages/tpmtool.1: tpmtool.1: updated - -2015-09-11 Nikos Mavrogiannopoulos - - * lib/x509/output.c: Don't use formatted output for fixed strings Resolves #35 - -2015-09-04 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: pkcs11: when storing public keys, make sure - they are marked as not private - -2015-08-28 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-08-28 Nikos Mavrogiannopoulos - - * src/tests.c: gnutls-cli-debug: corrected typo in inappropriate - fallback check - -2015-08-28 Nikos Mavrogiannopoulos - - * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: added - check for inappropriate fallback support - -2015-08-26 Nikos Mavrogiannopoulos - - * doc/examples/ex-serv-anon.c: corrected typo in ex-server-anon - -2015-08-23 Nikos Mavrogiannopoulos - - * lib/gnutls_str.c: hex decoding: more reasonable error codes That is, return GNUTLS_E_PARSING_ERROR instead of base64 decoding - error, and document that fact. - -2015-08-21 Nikos Mavrogiannopoulos - - * lib/ext/ext_master_secret.c, lib/gnutls_db.c: Set the extended - master secret status based on resumption data only That is, don't require a new negotiation with extensions. - -2015-08-21 Nikos Mavrogiannopoulos - - * tests/resume-dtls.c, tests/resume.c: tests: corrected resumption - tests to disable tickets when needed That is, perform the tests that require no tickets, with tickets - disabled. - -2015-08-21 Nikos Mavrogiannopoulos - - * lib/gnutls_session_pack.c: session packing: corrected issue in PSK - session unpack - -2015-08-21 Nikos Mavrogiannopoulos - - * lib/auth/psk.c: PSK: save the username in client side in the auth - structure - -2015-08-21 Nikos Mavrogiannopoulos - - * lib/gnutls_hash_int.h: _gnutls_hash() returns error code if any. Ideally we would like to eliminate any return codes from that - function. However, since that's on exported API we cannot easily do - without breaking the ABI. Reported by Benedikt Klotz. Resolves #28 - -2015-08-21 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-08-21 Nikos Mavrogiannopoulos - - * lib/x509/verify-high.c, lib/x509/verify-high2.c: x509: when - appending CRLs to a trust list ensure that we don't have duplicates That is, overwrite CRLs if they have been obsoleted. - -2015-08-21 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: allow exporting very long CRLs - -2015-08-13 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-08-13 Nikos Mavrogiannopoulos - - * tests/cert-tests/crl: tests: verify whether CRL date setting works - as expected - -2015-08-13 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h, - src/certtool.c: certtool: Allow specifying CRL dates as fixed dates - -2015-08-13 Nikos Mavrogiannopoulos - - * tests/cert-tests/crl: tests: verify CRL appending effectiveness - -2015-08-13 Nikos Mavrogiannopoulos - - * lib/x509/crl_write.c: gnutls_x509_crl_set_authority_key_id, - gnutls_x509_crl_set_number allow overwritting That allows them to overwrite values which were previously set - (e.g., on an imported CRL). - -2015-08-13 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool.c: certtool: allow appending - certificates to a CRL - -2015-08-12 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-08-12 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: removed limit on maximum imported - certificates in the -i option - -2015-08-12 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/crl: tests: check - whether the CRL generation code works as expected - -2015-08-12 Nikos Mavrogiannopoulos - - * src/certtool-common.c, src/certtool.c: certtool: eliminated memory - leaks due to new cert loading code - -2015-08-12 Nikos Mavrogiannopoulos - - * src/certtool-common.c, src/certtool-common.h: certtool: lifted - limits on file size to load - -2015-08-10 Nikos Mavrogiannopoulos - - * Makefile.am: before dist ensure that included libopts matches - autogen - -2015-08-10 Nikos Mavrogiannopoulos - - * NEWS: corrected date - -2015-08-09 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am: include all cert-tests into dist - -2015-08-09 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated - auto-generated files for new functions - -2015-08-09 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-08-06 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: test-sign will not fail if a pubkey is not - found - -2015-08-04 Nikos Mavrogiannopoulos - - * lib/x509/privkey.c: key decoding: set key to null for consistency - -2015-08-04 Nikos Mavrogiannopoulos - - * lib/x509/privkey.c: key decoding: simplify decoding logic by - removing the fallback - -2015-08-04 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-08-04 Nikos Mavrogiannopoulos - - * lib/x509/privkey.c: key decoding: corrected regression with PKCS - #8 key decoding Reported by Daniel Berrange. - -2015-08-04 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/pkcs8-key-decode.c: tests: added check - for decoding of a PKCS #8 key as fallback - -2015-08-03 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-08-03 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11: set - the CKA_TOKEN attribute on generated public keys That also introduces the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY - flag, to simulate the previous behavior. - -2015-08-01 Nikos Mavrogiannopoulos - - * cfg.mk: cfg.mk: fix order of arguments in gnulib-tool - -2015-08-01 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/fallback-scsv.c: tests: added check for - the fallback SCSV - -2015-08-01 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c: handshake: check inappropriate fallback - against the configured max version That allows to operate on a server which is explicitly configured to - utilize earlier than TLS 1.2 versions. - -2015-08-01 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/gnutls.h.in: corrected - GNUTLS_E_INAPPROPRIATE_FALLBACK error code - -2015-08-01 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-08-01 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c: copy_ciphersuites: use definition for - reserved ciphersuites - -2015-08-01 Alessandro Ghedini - - * doc/cha-gtls-app.texi, lib/gnutls_handshake.c, lib/gnutls_int.h, - lib/gnutls_priority.c, lib/priority_options.gperf: handshake: add - FALLBACK_SCSV priority option This allows clients to enable the TLS_FALLBACK_SCSV mechanism during - the handshake, as defined in RFC7507. - -2015-08-01 Alessandro Ghedini - - * lib/algorithms.h, lib/gnutls_alert.c, lib/gnutls_errors.c, - lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: handshake: - check for TLS_FALLBACK_SCSV If TLS_FALLBACK_SCSV was sent by the client during the handshake, - and the advertised protocol version is lower than - GNUTLS_TLS_VERSION_MAX, send the "Inappropriate fallback" fatal - alert and abort the handshake. This mechanism was defined in RFC7507. - -2015-08-01 Nikos Mavrogiannopoulos - - * build-aux/gendocs.sh, gl/Makefile.am, gl/m4/codeset.m4, - gl/m4/extern-inline.m4, gl/m4/gettext.m4, gl/m4/glibc2.m4, - gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4, - gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/intdiv0.m4, - gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4, - gl/m4/intmax.m4, gl/m4/lcmessage.m4, gl/m4/lock.m4, - gl/m4/manywarnings.m4, gl/m4/nls.m4, gl/m4/po.m4, - gl/m4/printf-posix.m4, gl/m4/progtest.m4, gl/m4/stdio_h.m4, - gl/m4/sys_time_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4, - gl/m4/uintmax_t.m4, gl/m4/valgrind-tests.m4, gl/m4/visibility.m4, - gl/stddef.in.h, gl/stdio.in.h, gl/string.in.h, gl/tests/init.sh, - gl/tests/inttypes.in.h, gl/tests/test-read-file.c, - gl/tests/test-stddef.c, gl/time.in.h, gl/wchar.in.h, - src/gl/Makefile.am, src/gl/error.c, src/gl/error.h, - src/gl/fseeko.c, src/gl/m4/extern-inline.m4, - src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-common.m4, - src/gl/m4/stdio_h.m4, src/gl/m4/sys_time_h.m4, src/gl/m4/time_h.m4, - src/gl/stddef.in.h, src/gl/stdio.in.h, src/gl/string.in.h, - src/gl/time.in.h, src/gl/wchar.in.h, src/gl/xalloc.h: use the - gettext-h gnulib module - -2015-08-01 Nikos Mavrogiannopoulos - - * tests/cert-tests/certtool-long-cn: tests: added missing - certtool-long-cn - -2015-07-31 Nikos Mavrogiannopoulos - - * lib/ext/safe_renegotiation.c: safe renegotiation: simulate - receiving the extension on receival of SCSV - -2015-07-31 Nikos Mavrogiannopoulos - - * lib/x509/common.c: made data2hex() safer, and eliminated mem leak - -2015-07-20 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/very-long-dn.pem: - tests: added check for proper handling of very long CNs - -2015-07-31 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/status-request-ok.c, - tests/status-request.c: tests: added check for server sending (or - not) status request messages - -2015-07-31 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-07-31 Nikos Mavrogiannopoulos - - * configure.ac: updated the required gettext version to match the - macros from gnulib - -2015-07-31 Nikos Mavrogiannopoulos - - * lib/ext/safe_renegotiation.c: safe renegotiation: handle case - where client didn't send any extension That was affected by the "don't try to send extensions we didn't - receive". - -2015-07-31 Nikos Mavrogiannopoulos - - * lib/tpm.c: tpm: avoid warning - -2015-07-31 Nikos Mavrogiannopoulos - - * lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h: - As server don't try to send extensions we didn't receive. - -2015-07-21 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-07-21 Nikos Mavrogiannopoulos - - * lib/tpm.c: tpm: use gnutls_hex_decode for uuid decoding - -2015-07-21 Nikos Mavrogiannopoulos - - * lib/auth/psk_passwd.c: psk: use gnutls_hex_decode2 for key - decoding - -2015-07-21 Nikos Mavrogiannopoulos - - * lib/system-keys-win.c: system-keys-win: use gnutls_hex_decode for - ID decoding - -2015-07-21 Nikos Mavrogiannopoulos - - * lib/openpgp/gnutls_openpgp.c: openpgp: use gnutls_hex_decode for - keyid decoding - -2015-07-21 Nikos Mavrogiannopoulos - - * lib/x509/common.c: DN decoding: use gnutls_hex_encode - -2015-07-21 Nikos Mavrogiannopoulos - - * lib/extras/Makefile.am, lib/extras/hex.c, lib/extras/hex.h, - lib/extras/licenses/CC0, lib/gnutls_str.c, - lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Introduced - gnutls_hex_encode2() and gnutls_hex_decode2() These also use safer hex decoding functions which don't skip invalid - input. - -2015-07-20 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-07-20 Nikos Mavrogiannopoulos - - * lib/x509/common.c: x509: simplified data to hex conversion in - unknown DN names - -2015-07-20 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c, tests/prf.c: gnutls_prf_rfc5705: Allow for - non-null context and zero context length - -2015-07-13 Nikos Mavrogiannopoulos - - * NEWS, configure.ac, m4/hooks.m4: bumped version - -2015-07-20 Nikos Mavrogiannopoulos - - * tests/prf.c: tests: added cross-check between gnutls_prf_rfc5705() - and gnutls_prf() - -2015-07-20 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/safe-renegotiation/Makefile.am, - tests/suite/Makefile.am: removed legacy libgcrypt flags - -2015-07-20 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c, tests/prf.c: gnutls_prf_rfc5705: optimize in - the common use case, by avoiding malloc Also don't handle specially the case of non-NULL context and - context_size of zero. - -2015-07-20 Nikos Mavrogiannopoulos - - * .gitignore: ignore more files - -2015-07-20 Nikos Mavrogiannopoulos - - * src/p11tool-args.def: p11tool: fix documentation for - --generate-ecc and generate-dsa - -2015-07-20 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c: gnutls_prf_rfc5705: mention the version it was - introduced at - -2015-07-20 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-07-20 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/prf.c: tests: added check for - gnutls_prf() and gnutls_prf_rfc5705 - -2015-07-20 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map: gnutls_prf_rfc5705: added That includes support for RFC5705 when the context field is used. - Initial patch by Rick van Rein. - -2015-07-17 Nikos Mavrogiannopoulos - - * doc/cha-tokens.texi: doc update: explain more about PKCS #11 and - fork - -2015-07-14 Nikos Mavrogiannopoulos - - * configure.ac: configure: print the trousers lib only when set - -2015-07-14 Nikos Mavrogiannopoulos - - * src/tpmtool-args.def, src/tpmtool.c: tpmtool: Added --test-sign - parameter - -2015-07-13 Nikos Mavrogiannopoulos - - * lib/gnutls_global.c, lib/tpm.c: Deinitialize the TPM subsystem - only when trousers support is enabled - -2015-07-13 Nikos Mavrogiannopoulos - - * configure.ac, lib/Makefile.am, lib/gnutls_errors.c, - lib/gnutls_global.c, lib/gnutls_global.h, - lib/includes/gnutls/gnutls.h.in, lib/tpm.c: TPM: don't link to - trousers, use dlopen() That introduces --with-trousers-lib which can be used to specify the - library to dlopen(). Resolves #18 - -2015-07-12 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated - auto-generated files - -2015-07-12 Nikos Mavrogiannopoulos - - * NEWS, configure.ac, m4/hooks.m4: bumped version - -2015-07-11 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h: pkcs11: mention the version - GNUTLS_PKCS11_TOKEN_MODNAME is available from - -2015-07-10 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-07-10 Nikos Mavrogiannopoulos - - * lib/auth/dhe_psk.c: PSK: set the hint in DHE-PSK and ECDHE-PSK - ciphersuites - -2015-07-10 Nikos Mavrogiannopoulos - - * tests/pskself.c: tests: updated pskself to check the hint in all - PSK ciphersuites - -2015-07-10 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-07-10 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: be more compact in token URL printing - -2015-07-10 Nikos Mavrogiannopoulos - - * src/p11tool-args.def: p11tool: group the provided options for - readability - -2015-07-10 Nikos Mavrogiannopoulos - - * src/p11tool-args.def, src/p11tool.c: p11tool: keep backwards - compatibility by introducing --list-token-urls That is, the output of --list-tokens remains the same. - -2015-07-10 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: print the module name of a token in verbose - mode - -2015-07-10 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h, - lib/pkcs11_write.c, lib/pkcs11x.c: Added GNUTLS_PKCS11_TOKEN_MODNAME - for gnutls_pkcs11_token_get_info That allows to obtain the shared module name of a token URL. - -2015-07-10 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h: pkcs11.h: doc update - -2015-07-10 Nikos Mavrogiannopoulos - - * src/p11tool-args.def, src/p11tool.c: p11tool: less verbose output - in --list-tokens unless --verbose is specified - -2015-07-09 Nikos Mavrogiannopoulos - - * tests/suppressions.valgrind: tests: added suppression for bash mem - leak - -2015-07-09 Nikos Mavrogiannopoulos - - * configure.ac, tests/Makefile.am, tests/cert-tests/Makefile.am: - tests: don't run certtool-utf8 when libidn is 1.30 or less This avoids test suite failures due to libidn. - -2015-07-09 Nikos Mavrogiannopoulos - - * src/cli-args.def: gnutls-cli: doc update - -2015-07-09 Nikos Mavrogiannopoulos - - * lib/ext/dumbfw.c: dumbfw: don't append a size prefix in the pad Reported by Hannes Mehnert. - -2015-07-08 Nikos Mavrogiannopoulos - - * gl/m4/valgrind-tests.m4: gl: use /bin/true to run valgrind during - configure Bash has memory leaks, which prevents the valgrind check to operate - using the SHELL variable. - -2015-07-08 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/certtool-utf8: - tests: added check for invalid UTF8 encoded string - -2015-07-08 Nikos Mavrogiannopoulos - - * configure.ac: Revert "libidn support is disabled by default" This reverts commit 5fdffb2c177cb990480fb8b93c9257ccc5dfcaad. - -2015-07-06 Nikos Mavrogiannopoulos - - * : commit d63c088edd15f20318b396f2298744cbf9e1a392 Author: Daniel - Kahn Gillmor Date: Thu Jul 2 14:28:32 2015 - -0400 - -2015-07-01 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-07-01 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c: DSA: the numeric number of bits returned from - public key should depend on P not Y That allows to do the proper evaluation to check certificate - strength. Reported by Hubert Kario. - -2015-07-01 Nikos Mavrogiannopoulos - - * tests/dsa/Makefile.am, tests/dsa/dsa-pubkey-1018.pem, - tests/dsa/testdsa: tests: check whether we print the prime size in - DSA keys - -2015-07-01 Nikos Mavrogiannopoulos - - * lib/x509/name_constraints.c: name constraints: simplified - gnutls_x509_name_constraints_check_crt() - -2015-07-01 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/name-constraints, - tests/cert-tests/name-constraints-ip.pem: tests: verify that - unsupported name constraints are properly handled - -2015-07-01 Nikos Mavrogiannopoulos - - * lib/x509/name_constraints.c: name constraints: don't reject - certificates if a CA has the URI or IPADDRESS constraints Don't reject certificates if a CA has the URI or IPADDRESS - constraints, and the end certificate doesn't have an IPaddress name - or a URI set. - -2015-06-29 Nikos Mavrogiannopoulos - - * po/ms.po.in: Sync with TP. - -2015-06-28 Nikos Mavrogiannopoulos - - * configure.ac: libidn support is disabled by default That is until the issues with libidn get resolves. Relates #10 - -2015-06-27 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-06-27 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/atfork.c: tests: added a test for the - fork detection interface - -2015-06-27 Nikos Mavrogiannopoulos - - * tests/resume-dtls.c: tests: resume-dtls: increased timeouts - -2015-06-26 Nikos Mavrogiannopoulos - - * configure.ac, lib/atfork.c, lib/atfork.h: Don't use - pthread_atfork(), it is not safe to use with dlopen() http://austingroupbugs.net/view.php?id=851 - -2015-06-26 Nikos Mavrogiannopoulos - - * lib/atfork.c, lib/atfork.h: atfork: added underscore to - gnutls_forkid - -2015-06-26 Nikos Mavrogiannopoulos - - * lib/atfork.c, lib/atfork.h, lib/nettle/rnd-fips.c, - lib/nettle/rnd.c, lib/pkcs11.c: simplified fork detection - -2015-06-26 Nikos Mavrogiannopoulos - - * lib/x509/privkey.c: enhanced header matching code for private keys - to skip unrelated data - -2015-06-26 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/privkey-import, - tests/cert-tests/privkey1.pem, tests/cert-tests/privkey2.pem, - tests/cert-tests/privkey3.pem: tests: added private key import - checks - -2015-06-25 Nikos Mavrogiannopoulos - - * lib/x509/privkey.c: gnutls_x509_privkey_import: optimized private - key loading - -2015-06-25 Nikos Mavrogiannopoulos - - * lib/x509/privkey.c: gnutls_x509_privkey_import2: better behavior - when provided with an unencrypted file That is, it will attempt to decode it first as plain file prior to - trying all encrypted options. - -2015-06-25 Nikos Mavrogiannopoulos - - * tests/key-openssl.c: tests: added check to verify that - gnutls_x509_privkey_import2 works for plain keys That is, when a password is provided and the key is non encrypted. - -2015-06-25 Nikos Mavrogiannopoulos - - * lib/x509/key_decode.c, lib/x509/mpi.c: _gnutls_get_asn_mpis() will - release any data on failure Resolves #15 - -2015-06-21 Alon Bar-Lev - - * tests/cert-tests/aki, tests/cert-tests/certtool, - tests/cert-tests/crq, tests/cert-tests/dane, - tests/cert-tests/email, tests/cert-tests/invalid-sig, - tests/cert-tests/pathlen, tests/cert-tests/pem-decoding, - tests/cert-tests/pkcs7, tests/cert-tests/template-test, - tests/dsa/testdsa, tests/dtls/dtls, tests/dtls/dtls-nb, - tests/ecdsa/ecdsa, tests/key-tests/key-id, tests/key-tests/pkcs8, - tests/nist-pkits/gnutls_test_entry, tests/nist-pkits/pkits_crl, - tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12, - tests/nist-pkits/pkits_smime, tests/nist-pkits/pkits_test, - tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs, - tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12, - tests/pkcs8-decode/pkcs8, tests/rfc2253-escape-test, - tests/rsa-md5-collision/rsa-md5-collision, tests/sha2/sha2, - tests/sha2/sha2-dsa, tests/slow/override-ciphers, - tests/slow/test-ciphers, tests/suite/certs/create-chain.sh, - tests/suite/chain, tests/suite/crl-test, tests/suite/eagain, - tests/suite/invalid-cert, tests/suite/testcompat-main-openssl, - tests/suite/testcompat-main-polarssl, - tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl, - tests/suite/testdane, tests/suite/testpkcs11, - tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm, - tests/suite/testpkcs11.softhsm, tests/suite/testrandom, - tests/suite/testrng, tests/suite/testsrn, tests/userid/userid: - tests: tab indent + minor style changes Signed-off-by: Alon Bar-Lev - -2015-06-23 Nikos Mavrogiannopoulos - - * tests/suite/ciphersuite/scan-gnutls.sh: tests: modified - test-ciphersuite-names to work with cpp 5.1.1 - -2015-06-22 Nikos Mavrogiannopoulos - - * tests/suite/test-ciphersuite-names: tests: test-ciphersuite-names: - create any needed dirs - -2015-06-22 Nikos Mavrogiannopoulos - - * tests/suite/Makefile.am, tests/suite/ciphersuite/scan-gnutls.sh, - tests/suite/ciphersuite/test-ciphersuites.sh, - tests/suite/test-ciphersuite-names: tests: moved - test-ciphersuites.sh one level up That simplifies running the script outside make check. - -2015-06-21 Alon Bar-Lev - - * tests/suite/ciphersuite/scan-gnutls.sh, - tests/suite/ciphersuite/test-ciphers.js, - tests/suite/ciphersuite/test-ciphersuites.sh: tests: suite: - ciphersuite: fixups fix separate builddir issue, without modifying locations, quite - ugly. re-indent using tab. fix shebang. Signed-off-by: Alon Bar-Lev - -2015-06-21 Alon Bar-Lev - - * tests/pkcs1-padding/pkcs1-pad, tests/suite/testcompat-openssl, - tests/suite/testcompat-polarssl: tests: enforce UTC timezone in - datefudge tests Signed-off-by: Alon Bar-Lev - -2015-06-21 Alon Bar-Lev - - * tests/cert-tests/aki, tests/cert-tests/certtool, - tests/cert-tests/crq, tests/cert-tests/dane, - tests/cert-tests/email, tests/cert-tests/invalid-sig, - tests/cert-tests/pathlen, tests/cert-tests/pem-decoding, - tests/cert-tests/pkcs7, tests/cert-tests/template-test, - tests/ecdsa/ecdsa, tests/key-tests/key-id, tests/key-tests/pkcs8, - tests/openpgp-certs/testselfsigs: tests: misc: shell cleanup leftovers minor sync. Signed-off-by: Alon Bar-Lev - -2015-06-21 Alon Bar-Lev - - * configure.ac, tests/suite/certs/create-chain.sh, - tests/suite/chain, tests/suite/crl-test, tests/suite/eagain, - tests/suite/invalid-cert, tests/suite/testcompat-common, - tests/suite/testcompat-main-openssl, - tests/suite/testcompat-main-polarssl, - tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl, - tests/suite/testdane, tests/suite/testpkcs11, - tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm, - tests/suite/testpkcs11.softhsm, tests/suite/testrandom, - tests/suite/testrng, tests/suite/testsrn: tests: suite: cleanup - shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup indentation to be consistent with other tests. Fix separate builddir issues. Signed-off-by: Alon Bar-Lev - -2015-06-21 Alon Bar-Lev - - * tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12, - tests/pkcs8-decode/pkcs8, tests/rfc2253-escape-test, - tests/rsa-md5-collision/rsa-md5-collision, tests/sha2/sha2, - tests/sha2/sha2-dsa, tests/slow/override-ciphers, - tests/slow/test-ciphers, tests/userid/userid: tests: misc: cleanup - shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup indentation to be consistent with other tests. Signed-off-by: Alon Bar-Lev - -2015-06-20 Nikos Mavrogiannopoulos - - * tests/Makefile.am: tests: fixed includes - -2015-06-20 Nikos Mavrogiannopoulos - - * lib/gnutls_alert.c, lib/gnutls_cert.c, lib/gnutls_errors.c, - lib/gnutls_global.c, lib/gnutls_str.h, lib/x509/ocsp_output.c: move - all gettext definitions in gnutls_str.h - -2015-06-20 Nikos Mavrogiannopoulos - - * cross.mk: cross.mk: updated for 3.4.2 - -2015-06-20 Nikos Mavrogiannopoulos - - * lib/gnutls_str.h: gnutls_str: include gettext.h when dgettext is - available - -2015-06-20 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-dtls-fork.c, tests/mini-dtls-mtu.c, - tests/mini-dtls-pthread.c, tests/mini-dtls-record-asym.c, - tests/openpgp-auth.c, tests/openpgp-auth2.c, tests/pkcs12_simple.c, - tests/rsa-encrypt-decrypt.c, tests/utils.c, tests/utils.h, - tests/x509sign-verify.c, tests/x509sign-verify2.c: tests: don't - depend on gnulib That dependency unfortunately causes many portability problems on - platforms where it should have worked out of the box. - -2015-06-20 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-06-20 Nikos Mavrogiannopoulos - - * devel/perlasm/cpuid-x86.pl, doc/scripts/cleanup-autogen.pl, - doc/scripts/gdoc, doc/scripts/getfuncs-map.pl, - doc/scripts/getfuncs.pl, doc/scripts/sort1.pl, - doc/scripts/sort2.pl, doc/scripts/split-texi.pl, - doc/scripts/split.pl, tests/nist-pkits/build-chain: use the same - shebang for perl - -2015-06-19 Nikos Mavrogiannopoulos - - * tests/cert-tests/certtool: tests: added a verify-chain test case - -2015-06-19 Nikos Mavrogiannopoulos - - * tests/scripts/common.sh: tests: don't quote provider in common.sh That caused testpkcs11 to fail. - -2015-06-18 Nikos Mavrogiannopoulos - - * tests/mini-alignment.c: tests: don't enforce alignment rules for - caller buffers - -2015-06-17 Alon Bar-Lev - - * tests/cert-tests/aki, tests/cert-tests/certtool, - tests/cert-tests/crq, tests/cert-tests/dane, - tests/cert-tests/email, tests/cert-tests/invalid-sig, - tests/cert-tests/pathlen, tests/cert-tests/pem-decoding, - tests/cert-tests/pkcs7, tests/cert-tests/template-test: tests: - cert-tests: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup trailing spaces. Signed-off-by: Alon Bar-Lev - -2015-06-18 Nikos Mavrogiannopoulos - - * .gitlab-ci.yml: Added gitlab-ci.yml - -2015-06-18 Nikos Mavrogiannopoulos - - * lib/libgnutls.map: reduced the exported functions to the minimum - needed - -2015-06-18 Nikos Mavrogiannopoulos - - * lib/gnutls_extensions.c: _gnutls_ext_register was made static - -2015-06-18 Nikos Mavrogiannopoulos - - * lib/libgnutls.map: libgnutls.map: use a 3.4 related name for - private functions This eliminates any collisions with functions from 3.3.x - -2015-06-18 Alon Bar-Lev - - * tests/nist-pkits/build-chain, tests/nist-pkits/gnutls_test_entry, - tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl, - tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12, - tests/nist-pkits/pkits_smime, tests/nist-pkits/pkits_test: tests: - nist-pkits: cleanup shell/perl usage Add quotes for most usages of variables. Added ${} for variables. Consistent indent. Signed-off-by: Alon Bar-Lev - -2015-06-18 Nikos Mavrogiannopoulos - - * tests/Makefile.am: tests: force link with nettle of mini-alignment - -2015-06-18 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/oids.c: tests: Check the OID functions - -2015-06-18 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-06-18 Nikos Mavrogiannopoulos - - * lib/algorithms.h, lib/algorithms/ecc.c, lib/algorithms/mac.c, - lib/algorithms/publickey.c, lib/algorithms/sign.c, lib/gnutls_pk.c, - lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map, lib/x509/common.c, lib/x509/crl.c, - lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/mpi.c, - lib/x509/ocsp.c, lib/x509/pkcs7.c, lib/x509/privkey.c, - lib/x509/privkey_pkcs8.c: Exported functions to convert from and to - OIDs - -2015-06-18 Saurav Babu - - * src/cli.c: gnutls-cli: Fixed Possible Memory Leak This patch fixes possible memory leak in psk_callback() function, - rawkey is allocated memory by gnutls_malloc() and is not freed when - gnutls_hex_decode() returns with error Signed-off-by: Saurav Babu - -2015-06-18 Nikos Mavrogiannopoulos - - * lib/x509/pkcs7.c: pkcs7: corrected write_signer_id() when - GNUTLS_PKCS7_WRITE_SPKI was used - -2015-06-18 Alon Bar-Lev - - * tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs: - tests: openpgp-certs: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Signed-off-by: Alon Bar-Lev - -2015-06-18 Alon Bar-Lev - - * tests/key-tests/key-id, tests/key-tests/pkcs8: tests: key-tests: - cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Signed-off-by: Alon Bar-Lev - -2015-06-18 Alon Bar-Lev - - * tests/ecdsa/ecdsa: tests: ecdsa: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup trailing spaces. Signed-off-by: Alon Bar-Lev - -2015-06-18 Alon Bar-Lev - - * tests/dsa/testdsa, tests/scripts/common.sh: tests: dsa: cleanup - shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup trailing spaces. Removal of unneeded ';'. Minor fix in tests/scripts/common.sh at trap to pass message and - avoid killing. Signed-off-by: Alon Bar-Lev - -2015-06-18 Nikos Mavrogiannopoulos - - * lib/gnutls_mbuffers.c: indentation fix - -2015-06-18 Nikos Mavrogiannopoulos - - * lib/gnutls_int.h: Always align in 16-byte boundary our input to - crypto That allows faster operations in almost all instruction sets. - -2015-06-18 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-alignment.c: tests: added check for - memory alignment - -2015-06-17 Nikos Mavrogiannopoulos - - * tests/cert-tests/template-test: tests: only run test with long - dates in 64-bit systems - -2015-06-17 Nikos Mavrogiannopoulos - - * tests/cert-tests/template-date.pem, - tests/cert-tests/template-dn.pem, - tests/cert-tests/template-generalized.pem, - tests/cert-tests/template-nc.pem, - tests/cert-tests/template-overflow.pem, - tests/cert-tests/template-overflow2.pem, - tests/cert-tests/template-test, tests/cert-tests/template-test.pem, - tests/cert-tests/template-utf8.pem: tests: regenerate the results in - template-test using UTC times - -2015-06-17 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c: ensure that gnutls_pubkey_verify_data2 - returns 0 on success - -2015-06-17 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c: - Added gnutls_pkcs7_get_signature_count - -2015-06-17 Alon Bar-Lev - - * tests/suite/Makefile.am: tests: suite: run testpkcs11 if PKCS#11 - is enabled Signed-off-by: Alon Bar-Lev - -2015-06-17 Alon Bar-Lev - - * tests/nist-pkits/gnutls_test_entry, - tests/suite/certs/create-chain.sh: tests: remove bash usage Signed-off-by: Alon Bar-Lev - -2015-06-17 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-06-17 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem, - tests/cert-tests/template-dn.pem, - tests/cert-tests/template-generalized.pem, - tests/cert-tests/template-generalized.tmpl, - tests/cert-tests/template-nc.pem, - tests/cert-tests/template-overflow.pem, - tests/cert-tests/template-overflow2.pem, - tests/cert-tests/template-test, tests/cert-tests/template-test.pem, - tests/cert-tests/template-utf8.pem: tests: verify that we generate - dates with UTCTime prior to 2050 Also that we generate dates with GeneralizedTime format after 2050. - -2015-06-17 Nikos Mavrogiannopoulos - - * lib/x509/common.c, lib/x509/common.h: When writing the Time ASN.1 - structure follow the RFC5280 recommendations - -2015-06-17 Nikos Mavrogiannopoulos - - * lib/x509/common.c: Set time in PKCS #7 structures properly (in - UTCTime format). - -2015-06-17 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-06-16 Alon Bar-Lev - - * tests/cert-tests/pkcs7: tests: cert-tests: pkcs7: support separate - builddir Signed-off-by: Alon Bar-Lev - -2015-06-16 Nikos Mavrogiannopoulos - - * symbols.last: account new symbols - -2015-06-16 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am: updated - makefiles for the new functions - -2015-06-16 Nikos Mavrogiannopoulos - - * lib/x509/pkcs7.c, lib/x509/x509_ext.c: doc update - -2015-06-16 Nikos Mavrogiannopoulos - - * lib/x509/Makefile.am, lib/x509/pkcs7-output.c, - lib/x509/pkcs7_output.c: use common base for pkcs7 files - -2015-06-16 Nikos Mavrogiannopoulos - - * NEWS, lib/libgnutls.map: added missing symbol - -2015-06-16 Nikos Mavrogiannopoulos - - * NEWS: released 3.4.2 - -2015-06-16 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool.c, tests/cert-tests/pkcs7: - certtool: made explicit the inclusion of time in PKCS #7 signatures - -2015-06-16 Nikos Mavrogiannopoulos - - * lib/x509/common.c, lib/x509/common.h, lib/x509/pkcs7.c: pkcs7: - write the DER encoded time - -2015-06-16 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: include the signature time in PKCS #7 - signatures - -2015-06-16 Nikos Mavrogiannopoulos - - * lib/x509/pkcs7.c: pkcs7: corrected usage of - GNUTLS_PKCS7_INCLUDE_TIME flag - -2015-06-16 Nikos Mavrogiannopoulos - - * tests/cert-tests/full.p7b.out, tests/cert-tests/single-ca.p7b.out: - tests: minor updates in pkcs7 output checks to match new certtool - -2015-06-16 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: rely on gnutls_pkcs7_print() even more - -2015-06-16 Nikos Mavrogiannopoulos - - * lib/x509/pkcs7_output.c: pkcs7: print certificates and CRLs in - FULL mode - -2015-06-16 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-06-16 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: use gnutls_pkcs7_print() - partially - -2015-06-16 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, - lib/x509/Makefile.am, lib/x509/pkcs7.c, lib/x509/pkcs7_output.c: - Added gnutls_pkcs7_print() - -2015-06-15 Nikos Mavrogiannopoulos - - * configure.ac, m4/hooks.m4: bumped version - -2015-06-11 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/x509sign-verify2.c: tests: added - signature/verification stress test - -2015-06-11 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-main-openssl, - tests/suite/testcompat-main-polarssl: tests: check also individual - ciphers for interoperability - -2015-06-08 Nikos Mavrogiannopoulos - - * lib/fips.c: fips140: better debug messages when verifying MAC - -2015-06-05 Nikos Mavrogiannopoulos - - * src/tpmtool.c: tpmtool: added newline in error messages - -2015-06-03 Nikos Mavrogiannopoulos - - * lib/nettle/int/drbg-aes-self-test.c: fips140: added check for - reseed detection - -2015-06-03 Nikos Mavrogiannopoulos - - * tests/rng-fork.c: tests: check random generator for long outputs - as well - -2015-06-03 Nikos Mavrogiannopoulos - - * lib/fips.c: fips140: when GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS is - setup do not perform integrity tests - -2015-06-03 Nikos Mavrogiannopoulos - - * lib/nettle/int/drbg-aes.c: fips140: reset the reseed counter only - on reseed - -2015-06-03 Nikos Mavrogiannopoulos - - * lib/nettle/rnd-fips.c: fips140: when reseeding only reseed the - required context not all - -2015-06-03 Nikos Mavrogiannopoulos - - * lib/nettle/int/drbg-aes-self-test.c: fips140: added more checks on - the reseed and generate function - -2015-06-03 Nikos Mavrogiannopoulos - - * lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h: fips140: - enforce the max_number_of_bits_per_request - -2015-06-03 Nikos Mavrogiannopoulos - - * tests/cert-tests/full.p7b.out, tests/cert-tests/pkcs7, - tests/cert-tests/single-ca.p7b.out: tests: do not include times in - the PKCS #7 checks as they depend on local timezone - -2015-06-03 Nikos Mavrogiannopoulos - - * lib/x509/pkcs7.c: pkcs7: addressed memory leaks - -2015-06-03 Nikos Mavrogiannopoulos - - * lib/x509/pkcs7-attrs.c: doc update - -2015-06-03 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-06-03 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/pkcs7-gen.c: tests: Added PKCS #7 - attribute generation check - -2015-06-03 Nikos Mavrogiannopoulos - - * tests/cert-tests/full.p7b.out, tests/cert-tests/single-ca.p7b.out: - tests: updated for new certtool output - -2015-06-03 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: print signed and unsigned PKCS #7 - attributes - -2015-06-03 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/pkix.asn, - lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/pkcs7-attrs.c, - lib/x509/pkcs7.c, lib/x509/x509_int.h: Added code to parse and set - PKCS #7 attributes - -2015-06-02 Nikos Mavrogiannopoulos - - * tests/cert-tests/pkcs7: tests: added PKCS #7 verification check - with MD5 - -2015-06-02 Nikos Mavrogiannopoulos - - * lib/gnutls_errors.c, lib/gnutls_pubkey.c, - lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in, - lib/includes/gnutls/x509.h, lib/x509/pkcs7.c, lib/x509/x509.c: use - the same flags in all verification functions - -2015-06-02 Nikos Mavrogiannopoulos - - * lib/x509/pkcs7.c: _decode_pkcs7_signed_data: fixed mem leaks - -2015-06-02 Nikos Mavrogiannopoulos - - * lib/x509/common.h, lib/x509/x509.c, lib/x509/x509_int.h: - Initialization of gnutls_x509_dn_t was modified to allow - deinitialization after failure Part2: made gnutls_x509_crt_get_subject() and - gnutls_x509_crt_get_issuer() return a constant value and avoid - leaks. - -2015-06-02 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/cha-functions.texi, doc/doc.mk: doc: - Separated the PKCS #7 in manual - -2015-06-02 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-06-02 Nikos Mavrogiannopoulos - - * tests/cert-tests/pkcs7: tests: check PKCS #7 structure signature - generation - -2015-06-02 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/p7-combined.out, - tests/cert-tests/pkcs7: tests: check PKCS #7 bundle generation - -2015-06-02 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool-common.c, - src/certtool-common.h, src/certtool.c: certtool: added - --p7-generate, --p7-sign and --p7-detached-sign - -2015-06-02 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, - lib/x509/common.c, lib/x509/pkcs7.c: Added gnutls_pkcs7_sign() - -2015-06-02 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c: - Added gnutls_pkcs7_get_crl_raw2 - -2015-06-02 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: print the signing time when available - -2015-06-02 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs7.h, lib/x509/common.c, lib/x509/pkcs7.c: - pkcs7 verification: parse the signing time - -2015-06-02 Nikos Mavrogiannopoulos - - * lib/x509/pkcs7.c: on PKCS #7 verification check the the content - type matches the signed data - -2015-06-02 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: print more info about the PKCS #7 struct - -2015-06-02 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool-common.c, src/certtool.c: - certtool: allow verification against a direct PKCS #7 signer - -2015-06-02 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/pkcs7, - tests/cert-tests/pkcs7-detached.txt: tests: added checks with PKCS - #7 detached data - -2015-06-02 Nikos Mavrogiannopoulos - - * lib/x509/pkcs7.c: pkcs7 verification: return - GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when no encapsulated data - exist - -2015-06-02 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool-common.h, src/certtool.c: - certtool: allow verifying PKCS #7 with detached data - -2015-06-01 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool.c: certtool: improved PKCS #7 - verification output - -2015-06-01 Nikos Mavrogiannopoulos - - * tests/cert-tests/pkcs7: tests: check the key purpose in PKCS #7 - verification - -2015-06-01 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/full.p7b.out, - tests/cert-tests/pkcs7: tests: added PKCS #7 test with more than 1 - certs - -2015-06-01 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool-common.h, src/certtool.c: - certtool: allow verification of PKCS #7 structures - -2015-06-01 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/x509.h, lib/x509/common.h, lib/x509/dn.c, - lib/x509/x509.c: Initialization of gnutls_x509_dn_t was modified to - allow deinitialization after failure - -2015-06-01 Nikos Mavrogiannopoulos - - * lib/includes/Makefile.am, lib/includes/gnutls/pkcs7.h, - lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn, - lib/pkix_asn1_tab.c, lib/x509/dn.c, lib/x509/pkcs7.c: Added PKCS #7 - signature(s) verification - -2015-06-01 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, - lib/x509/verify-high.c: Added - gnutls_pkcs11_get_raw_issuer_by_subject_key_id and - gnutls_x509_trust_list_get_issuer_by_subject_key_id - -2015-06-01 Nikos Mavrogiannopoulos - - * tests/dn.c: tests: added check for gnutls_x509_dn_get_str - -2015-06-01 Nikos Mavrogiannopoulos - - * lib/libgnutls.map, lib/x509/x509.c: added gnutls_x509_dn_get_str - -2015-06-01 Nikos Mavrogiannopoulos - - * lib/gnutls_privkey.c: doc update - -2015-06-01 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h, - lib/x509/privkey.c, lib/x509/x509.c: Added - gnutls_x509_crt_verify_data2() and kept gnutls_privkey_sign_data() - -2015-06-01 Nikos Mavrogiannopoulos - - * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/pkcs7.c: verify PKCS - #7 signed data - -2015-05-29 Nikos Mavrogiannopoulos - - * lib/x509/pkcs7.c, lib/x509/x509_int.h: updated PKCS #7 code to - cache signed_data - -2015-06-01 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: When manual PKCS #11 configuration is requested - don't initialize other providers - -2015-05-31 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: deinitialize PKCS #7 resources - -2015-05-31 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/pkcs7, - tests/cert-tests/single-ca.p7b.out: tests: Added tests for PKCS7 - cert extraction - -2015-05-29 Nikos Mavrogiannopoulos - - * gl/m4/codeset.m4, gl/m4/extern-inline.m4, gl/m4/gettext.m4, - gl/m4/iconv.m4, gl/m4/intl.m4, gl/m4/intldir.m4, - gl/m4/intlmacosx.m4, gl/m4/lcmessage.m4, gl/m4/manywarnings.m4, - gl/m4/nls.m4, gl/m4/po.m4, gl/m4/stdio_h.m4, gl/stddef.in.h, - gl/string.in.h, gl/tests/inttypes.in.h, gl/tests/test-read-file.c, - gl/tests/test-stddef.c, src/gl/error.h, src/gl/fseeko.c, - src/gl/m4/extern-inline.m4, src/gl/m4/stdio_h.m4, - src/gl/stddef.in.h, src/gl/string.in.h, src/gl/xalloc.h: Revert - "updated gnulib" This reverts commit c040ce6dd05b48b971d8dcc8fc8f23957ed15f9c. - -2015-05-29 Nikos Mavrogiannopoulos - - * configure.ac: silence format-signness warnings in gcc5 - -2015-05-29 Nikos Mavrogiannopoulos - - * gl/m4/codeset.m4, gl/m4/extern-inline.m4, gl/m4/gettext.m4, - gl/m4/iconv.m4, gl/m4/intl.m4, gl/m4/intldir.m4, - gl/m4/intlmacosx.m4, gl/m4/lcmessage.m4, gl/m4/manywarnings.m4, - gl/m4/nls.m4, gl/m4/po.m4, gl/m4/stdio_h.m4, gl/stddef.in.h, - gl/string.in.h, gl/tests/inttypes.in.h, gl/tests/test-read-file.c, - gl/tests/test-stddef.c, src/gl/error.h, src/gl/fseeko.c, - src/gl/m4/extern-inline.m4, src/gl/m4/stdio_h.m4, - src/gl/stddef.in.h, src/gl/string.in.h, src/gl/xalloc.h: updated - gnulib - -2015-05-26 Nikos Mavrogiannopoulos - - * lib/x509/ocsp_output.c: Check the OID size for match when - comparing for the OCSP nonce extension Reported by Hanno Böck. - -2015-05-23 Armin Burgmeier - - * lib/gnutls_ui.c: gnutls_dh_get_prime_bits: return 0 if DH is not - used Before, the number of bits of a zero-length number was attempted to - be extracted, resulting in an error. The changed behaviour is - consistent with the documentation which explicitly states that 0 - should be returned if no DH key exchange was performed. - -2015-05-22 Nikos Mavrogiannopoulos - - * lib/gnutls_ui.c: gnutls_dh_get_group: mention that the values may - include a leading zero - -2015-05-21 Nikos Mavrogiannopoulos - - * lib/gnutls_ui.c: gnutls_dh_set_prime_bits: warn when overriding - the DH max prime size with 1007 bits or less - -2015-05-21 Nikos Mavrogiannopoulos - - * lib/verify-tofu.c: cleanup unused variable - -2015-05-21 Nikos Mavrogiannopoulos - - * lib/verify-tofu.c: corrected allocation check - -2015-05-21 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: removed useless check - -2015-05-21 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c: document intentional fallthrough in switch - -2015-05-21 Nikos Mavrogiannopoulos - - * lib/ext/ecc.c: ecc ext: check return code of - _gnutls_buffer_append_data - -2015-05-17 Nikos Mavrogiannopoulos - - * tests/no-signal.c: tests: enhance the no-signal check to include - proper data sending - -2015-05-17 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-05-17 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/no-signal.c: tests: check the operation - of GNUTLS_NO_SIGNAL - -2015-05-17 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in, - lib/system.c, lib/system.h: Allow the usage of MSG_NOSIGNAL in send - functions That introduces the GNUTLS_NO_SIGNAL flag for gnutls_init(), which - is available in systems that support the MSG_NOSIGNAL flag to - send(). That eases the usage of the library within other libraries. - Resolves #11 - -2015-05-15 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/aes-gcm-x86-pclmul.c, - lib/accelerated/x86/hmac-padlock.c: include nettle/memxor when - needed - -2015-05-15 Nikos Mavrogiannopoulos - - * src/serv.c: gnutls-serv: send alert when wrong data have been - received from client - -2015-05-14 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-05-14 Nikos Mavrogiannopoulos - - * lib/nettle/cipher.c: camellia256-gcm: corrected regression Reported by Manuel Pegourie-Gonnard. - -2015-05-11 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c: doc update - -2015-05-06 Nikos Mavrogiannopoulos - - * doc/cha-bib.texi, doc/cha-cert-auth.texi, doc/latex/gnutls.bib: - doc: added section about subject alternative names - -2015-05-06 Nikos Mavrogiannopoulos - - * lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_handshake.c, - lib/gnutls_int.h: handshake_start_time was moved out of the - DTLS-specific variables - -2015-05-06 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c: apply default timeout for DTLS in - gnutls_handshake_set_timeout - -2015-05-06 Nikos Mavrogiannopoulos - - * tests/hostname-check.c: tests: do not perform internationalized - name checks without libidn - -2015-05-06 Nikos Mavrogiannopoulos - - * tests/sign-md5-rep.c: tests: updated sign-md5-rep to reduce false - failures - -2015-05-05 Nikos Mavrogiannopoulos - - * tests/mini-loss-time.c: tests: eliminate mem leaks in - mini-loss-time - -2015-05-05 Nikos Mavrogiannopoulos - - * tests/suite/testdane: tests: testdane: remove dane.nox.su from the - list of known to be good hosts - -2015-05-05 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-05-05 Nikos Mavrogiannopoulos - - * tests/mini-loss-time.c: tests: mini-loss-time enhanced to check - proper timeouts in both client and server - -2015-05-05 Nikos Mavrogiannopoulos - - * lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_int.h, - lib/gnutls_state.c: dtls: combined the total timeouts of DTLS and - TLS handshake That also makes the waits for packets more robust against blocking. - -2015-05-05 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/compat.h: define - GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA - -2015-05-05 Nikos Mavrogiannopoulos - - * doc/cha-tokens.texi: doc: updated text to account for pkcs11-url - standardization - -2015-05-03 Nikos Mavrogiannopoulos - - * tests/mini-dtls-mtu.c: tests: mini-dtls-mtu: compile in windows - -2015-05-04 Jaak Ristioja - - * doc/cha-intro-tls.texi: doc: Fixed typo in heartbeat - documentation. - -2015-05-03 Nikos Mavrogiannopoulos - - * cross.mk: cross.mk: updated for 3.4.1 - -2015-05-03 Nikos Mavrogiannopoulos - - * devel/abi3.4.xml: updated abi base for 3.4 - -2015-05-03 Nikos Mavrogiannopoulos - - * NEWS: NEWS: updated - -2015-05-03 Nikos Mavrogiannopoulos - - * NEWS, configure.ac, m4/hooks.m4: released 3.4.1 - -2015-04-30 Nikos Mavrogiannopoulos - - * lib/gnutls_dtls.c: doc: updated gnutls_dtls_set_timeouts - -2015-04-30 Nikos Mavrogiannopoulos - - * doc/examples/ex-client-dtls.c: doc: fixed example with DTLS - timeouts - -2015-04-30 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: use - macro for DTLS default timeout - -2015-04-30 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c: gnutls_handshake_set_timeout will properly - work with DTLS - -2015-04-30 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-04-30 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c, lib/gnutls_record.c: document the need for - gnutls_transport_set_pull_timeout_function - -2015-04-30 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: doc: updated async operation text - -2015-04-30 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c, lib/gnutls_state.c: disable default - handshake timeout It caused issues with non-blocking TLS clients and servers which may - not want to block while the pull timeout function waits. - -2015-04-30 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-tls-nonblock.c: tests: added check - to verify that pull timeout is not called on non-blocking sessions - -2015-04-30 Nikos Mavrogiannopoulos - - * lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_handshake.c, - lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c, - lib/includes/gnutls/gnutls.h.in, lib/system_override.c: - GNUTLS_NONBLOCK can be used for non-DTLS sessions as well - -2015-04-29 Nikos Mavrogiannopoulos - - * lib/system_override.c: doc update - -2015-04-29 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c: doc update - -2015-04-28 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/keygen.c, tests/slow/Makefile.am, - tests/slow/keygen.c: tests: key generation test was moved to main - checks This will allow to catch memory leaks with valgrind. - -2015-04-28 Jan Vcelak - - * lib/nettle/pk.c: fix memory leak in ECDSA key parameters - verification Signed-off-by: Jan Vcelak - -2015-04-28 Nikos Mavrogiannopoulos - - * lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated - minitasn1 - -2015-04-28 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-04-28 Nikos Mavrogiannopoulos - - * lib/x509/name_constraints.c, tests/name-constraints.c: Handle DNS - name constraints with leading dot Patch by Fotis Loukos. Resolves 3 Signed-off-by: Nikos Mavrogiannopoulos - -2015-04-28 Nikos Mavrogiannopoulos - - * doc/cha-upgrade.texi: doc update - -2015-04-27 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: updated text for gnutls_pkcs11_init - -2015-04-27 Nikos Mavrogiannopoulos - - * doc/cha-tokens.texi: updated pkcs11 loading documentation - -2015-04-26 Nikos Mavrogiannopoulos - - * tests/mini-etm.c: tests: mini-etm: use TLS as the transport layer - -2015-04-26 Nikos Mavrogiannopoulos - - * tests/sign-md5-rep.c: tests: added comment for sign-md5-rep - -2015-04-26 Nikos Mavrogiannopoulos - - * .gitignore: more files to ignore - -2015-04-26 Nikos Mavrogiannopoulos - - * po/fr.po.in: Sync with TP. - -2015-04-25 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-04-25 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/sign-md5-rep.c: tests: added reproducer - for the MD5 acceptance issue Reported by Karthikeyan Bhargavan. - - http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html - -2015-04-25 Nikos Mavrogiannopoulos - - * lib/ext/signature.c: before falling back to SHA1 as signature - algorithm in TLS 1.2 check if it is enabled - -2015-04-25 Nikos Mavrogiannopoulos - - * lib/ext/signature.c: _gnutls_session_sign_algo_enabled: do not - consider any values from the extension data to decide acceptable - algorithms - -2015-04-25 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-04-25 Nikos Mavrogiannopoulos - - * tests/mini-x509-cert-callback.c: tests: added unit tests for - gnutls_certificate_client_get_request_status - -2015-04-25 Nikos Mavrogiannopoulos - - * lib/auth/cert.c: set the value used by - gnutls_certificate_client_get_request_status prior to selecting - certificate That allows gnutls_certificate_client_get_request_status() to be - properly operating from the callback. Reported by Anton Lavrentiev. - -2015-04-25 Nikos Mavrogiannopoulos - - * lib/gnutls_cert.c: updated doc for retrieve function - -2015-04-24 Nikos Mavrogiannopoulos - - * doc/cha-bib.texi, doc/latex/gnutls.bib: updated PKCS #11 URL - references to rfc7512 - -2015-04-22 Nikos Mavrogiannopoulos - - * lib/gnutls_cert.c: doc update - -2015-04-22 Nikos Mavrogiannopoulos - - * tests/x509self.c: tests: added check for gnutls_credentials_get - -2015-04-22 Nikos Mavrogiannopoulos - - * lib/gnutls_auth.c, lib/gnutls_cert.c: doc update - -2015-04-22 Nikos Mavrogiannopoulos - - * lib/gnutls_cert.c: fixed doc: reported by Anton Lavrentiev - -2015-04-22 Nikos Mavrogiannopoulos - - * doc/cha-upgrade.texi: doc: corrected typo - -2015-04-21 Nikos Mavrogiannopoulos - - * tests/resume-dtls.c: tests: resume-dtls: remove global variables - -2015-04-21 Andreas Metzler - - * doc/cha-gtls-app.texi: List all certificate type priority strings. Signed-off-by: Nikos Mavrogiannopoulos - -2015-04-19 Nikos Mavrogiannopoulos - - * lib/auth/rsa.c: tls-rsa: keep a common code path when doing RSA - decryption Suggested by Nimrod Aviram. - -2015-04-21 Nikos Mavrogiannopoulos - - * tests/mini-dtls-rehandshake.c, tests/mini-handshake-timeout.c, - tests/mini-key-material.c, tests/mini-loss-time.c, - tests/mini-record-retvals.c, tests/mini-rehandshake-2.c: tests: - initialize status where needed - -2015-04-21 Nikos Mavrogiannopoulos - - * tests/openpgp-auth2.c: tests: cleanup openpgp-auth2 - -2015-04-21 Nikos Mavrogiannopoulos - - * tests/mini-dtls-rehandshake.c: tests: cleanup - mini-dtls-rehandshake - -2015-04-21 Nikos Mavrogiannopoulos - - * tests/resume-dtls.c, tests/resume.c: tests: resume: check for - signals - -2015-04-21 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-04-21 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-04-21 Nikos Mavrogiannopoulos - - * tests/certificate_set_x509_crl.c, tests/mini-record-range.c, - tests/mini-x509-callbacks.c, tests/openpgp-auth2.c, - tests/record-sizes-range.c, tests/resume.c: tests: reduced compiler - warnings - -2015-04-21 Nikos Mavrogiannopoulos - - * tests/mini-x509.c: tests: verify the return value of - gnutls_certificate_get_ours when no cert is sent - -2015-04-21 Nikos Mavrogiannopoulos - - * tests/resume-dtls.c, tests/resume.c: tests: close unused file - descriptors in resume checks - -2015-04-20 Nikos Mavrogiannopoulos - - * configure.ac, src/Makefile.am: libopts: fixed the reading of the - --enable-local-libopts flag - -2015-04-20 Nikos Mavrogiannopoulos - - * src/cli.c, src/common.c, src/common.h: gnutls-cli: when no - certificate is sent, notify the user - -2015-04-20 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-x509-cert-callback.c: tests: added - check with X.509 certificates and callbacks That corresponds to functionality checked in openpgp-callback.c - -2015-04-20 Nikos Mavrogiannopoulos - - * tests/openpgp-callback.c: tests: added check for - gnutls_certificate_get_ours() when used in combination with - callbacks - -2015-04-20 Nikos Mavrogiannopoulos - - * tests/x509dn.c: tests: improved x509dn check - -2015-04-20 Nikos Mavrogiannopoulos - - * lib/gnutls_ui.c: gnutls_certificate_get_ours: will return the - certificate even if a callback was used This corrects a bug where this function would not work, when - gnutls_certificate_set_retrieve_function2() was used. - -2015-04-20 Nikos Mavrogiannopoulos - - * src/cli-args.def: gnutls-cli: when a certificate is specified - require the corresponding private key - -2015-04-20 Nikos Mavrogiannopoulos - - * lib/x509/x509.c: ensure that the X.509 version number is one byte - only - -2015-04-20 Nikos Mavrogiannopoulos - - * lib/x509/x509.c: Check for invalid length in the X.509 version - field If such an invalid length is detected, reject the certificate. - Reported by Hanno Böck. - -2015-04-20 Nikos Mavrogiannopoulos - - * lib/x509/ocsp.c: ocsp: initialize certs to NULL - -2015-04-20 Nikos Mavrogiannopoulos - - * src/serv.c: gnutls-serv: print when the peer's certificate is not - verified - -2015-04-19 Nikos Mavrogiannopoulos - - * po/fr.po.in: Sync with TP. - -2015-04-18 Tim Kosse - - * lib/system-keys-win.c: ncrypt.h lacks some defines with some - versions of MinGW. Signed-off-by: Nikos Mavrogiannopoulos - -2015-04-19 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated - auto-generated files - -2015-04-18 Tim Kosse - - * lib/system-keys-win.c: Fix a preprocessor warning about mismatched - quotes. Signed-off-by: Nikos Mavrogiannopoulos - -2015-04-18 Tim Kosse - - * lib/system-keys-win.c: Set _WIN32_WINNT to 0x600, at least with - some MinGW versions ncrypt.h checks this define to be at least - 0x600. Signed-off-by: Nikos Mavrogiannopoulos - -2015-04-18 Tim Kosse - - * lib/gnutls_supplemental.c: Fix include order, include gnutls_int.h - before gnutls.h, otherwise undefined external references to - gnutls_free and gnutls_strdup are the result when statically linking - against GnuTLS built by MinGW. Signed-off-by: Nikos Mavrogiannopoulos - -2015-04-16 Nikos Mavrogiannopoulos - - * src/benchmark-cipher.c: gnutls-cli: removed CCM from the ciphers - tested with the old API That prevents a crash of the benchmark. Reported by James Cloos. - -2015-04-16 Nikos Mavrogiannopoulos - - * lib/gnutls_cipher_int.c: refuse to use the old cipher API with - AEAD-only ciphers - -2015-04-16 Nikos Mavrogiannopoulos - - * tests/mini-termination.c, tests/resume-dtls.c, tests/resume.c: - tests: ignore sigpipe in resume and termination tests - -2015-04-15 Nikos Mavrogiannopoulos - - * doc/cha-internals.texi: doc: added error check in example - -2015-04-15 Nikos Mavrogiannopoulos - - * doc/cha-internals.texi: doc update - -2015-04-15 Nikos Mavrogiannopoulos - - * doc/cha-internals.texi: doc: removed stray @end - -2015-04-15 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c: doc update - -2015-04-15 Nikos Mavrogiannopoulos - - * NEWS, lib/x509/x509.c: doc update - -2015-04-15 Nikos Mavrogiannopoulos - - * lib/x509/output.c: x509: when printing the keyid of a certificate - use the curve name for randomart - -2015-04-15 Nikos Mavrogiannopoulos - - * lib/x509/x509.c: gnutls_x509_crt_get_pk_* are based on - gnutls_pubkey_export_* - -2015-04-15 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c: gnutls_pubkey_export_* are tolerable in null - input - -2015-04-15 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c, lib/includes/gnutls/x509.h, - lib/libgnutls.map, lib/x509/x509.c: Added - gnutls_x509_crt_get_pk_ecc_raw() - -2015-04-15 Nikos Mavrogiannopoulos - - * lib/extras/randomart.c: randomart: corrected usage of snprintf - -2015-04-14 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: when generating an ECDSA key use the - curve name in random art - -2015-04-14 Nikos Mavrogiannopoulos - - * lib/extras/randomart.c: randomart: only print key size if it is - non-zero - -2015-04-14 Nikos Mavrogiannopoulos - - * cross.mk: cross.mk: updated for 3.4.0 - -2015-04-14 Nikos Mavrogiannopoulos - - * tests/utils.c: Remove SOCK_CLOEXEC from socket() call. That allows compilation in systems where this flag doesn't exist. - Resolves #7 - -2015-04-14 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: document the recommended re-handshake - process - -2015-04-09 Nikos Mavrogiannopoulos - - * doc/manpages/Makefile.am: remove duplicate entries from manpages - Makefile - -2015-04-08 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-04-08 Nikos Mavrogiannopoulos - - * tests/cert-tests/certtool: tests: enhanced cert tests with SHA256 - key IDs - -2015-04-08 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: modified to allow different key ID - algorithms - -2015-04-08 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c, lib/includes/gnutls/x509.h, - lib/x509/common.h, lib/x509/crq.c, lib/x509/privkey.c, - lib/x509/x509.c: Added flags which modify the algorithm used for key - ID calculation - -2015-04-08 Nikos Mavrogiannopoulos - - * src/certtool-args.def: doc update - -2015-04-08 Nikos Mavrogiannopoulos - - * lib/gnutls_record.c: doc update - -2015-04-08 Nikos Mavrogiannopoulos - - * lib/gnutls_record.c: gnutls_record_discard_queued() is both for - TLS and DTLS - -2015-04-08 Nikos Mavrogiannopoulos - - * doc/cha-internals.texi: document the new crypto register functions - -2015-04-08 Nikos Mavrogiannopoulos - - * src/cli-args.def: doc update - -2015-04-08 Nikos Mavrogiannopoulos - - * doc/cha-tokens.texi: doc: avoid spaces in showfunc - -2015-04-08 Nikos Mavrogiannopoulos - - * tests/slow/Makefile.am: tests: added files into dist - -2015-04-08 Nikos Mavrogiannopoulos - - * m4/hooks.m4: configure: ask for nettle 3.1 - -2015-04-08 Nikos Mavrogiannopoulos - - * NEWS: released 3.4.0 - -2015-04-07 Nikos Mavrogiannopoulos - - * src/cli-args.def: gnutls-cli: document the method to override the - detected ciphers - -2015-04-07 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/aes-ccm-x86-aesni.c: fixed AESNI CCM - encryption - -2015-04-07 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/aes-ccm-x86-aesni.c: cleanups in CCM-aesni - -2015-04-07 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-main-polarssl: tests: test CCM-8 against - polarssl - -2015-04-07 Nikos Mavrogiannopoulos - - * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: test - for AES-CCM - -2015-04-07 Nikos Mavrogiannopoulos - - * README.md: doc: added 'git submodule update' to clone steps - -2015-04-07 Nikos Mavrogiannopoulos - - * NEWS, doc/announce.txt: doc update - -2015-04-07 Nikos Mavrogiannopoulos - - * doc/announce.txt: doc update - -2015-04-07 Nikos Mavrogiannopoulos - - * lib/crypto-backend.c: removed unused functions - -2015-04-07 Nikos Mavrogiannopoulos - - * lib/crypto-backend.c, lib/gnutls_cipher_int.c: extend the fallback - to setkey in addition to init - -2015-04-07 Nikos Mavrogiannopoulos - - * lib/crypto-backend.c: doc update - -2015-04-07 Nikos Mavrogiannopoulos - - * tests/slow/Makefile.am, tests/slow/cipher-override2.c, - tests/slow/override-ciphers: tests: verify the behavior of - GNUTLS_E_NEED_FALLBACK - -2015-04-07 Nikos Mavrogiannopoulos - - * lib/crypto-backend.c, lib/gnutls_cipher_int.c, - lib/includes/gnutls/gnutls.h.in: introduced GNUTLS_E_NEED_FALLBACK - to allow falling back from registered ciphers That allows a registered cipher to indicate that it cannot operate (e.g., due to memory constraints, or internal limits), and gnutls - should proceed with the default algorithms. - -2015-04-07 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c: ciphersuites: moved CCM - ciphersuites in the appropriate ifdefs - -2015-04-07 Nikos Mavrogiannopoulos - - * tests/suite/ciphersuite/test-ciphers.js: tests: ciphersuite test - will ignore the invalid names of TLS_DHE_PSK_WITH_AES_128_CCM_8 That is because the names in rfc6655 are for some reason different - than the expected. - -2015-04-07 Nikos Mavrogiannopoulos - - * doc/cha-intro-tls.texi: document CCM and CCM-8 - -2015-04-07 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-04-07 Nikos Mavrogiannopoulos - - * tests/mini-record-2.c, tests/mini-record-failure.c, - tests/mini-record.c: tests: added CCM and CCM_8 into ciphersuite - tests - -2015-04-07 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/aes-ccm-x86-aesni.c, - lib/accelerated/x86/x86-common.c, lib/algorithms/ciphers.c, - lib/algorithms/ciphersuites.c, lib/includes/gnutls/gnutls.h.in, - lib/nettle/cipher.c: Added CCM-8 ciphersuites - -2015-04-06 Nikos Mavrogiannopoulos - - * doc/announce.txt: updated announce text - -2015-04-06 Nikos Mavrogiannopoulos - - * symbols.last: symbols: added the new supplemental functions - -2015-04-06 Nikos Mavrogiannopoulos - - * doc/cha-upgrade.texi: doc update - -2015-04-05 Nikos Mavrogiannopoulos - - * tests/cert-tests/template-test: tests: delay tests that depend on - timing when they fail That often prevents failures on busy systems. - -2015-04-04 Nikos Mavrogiannopoulos - - * lib/nettle/cipher.c: don't enforce iv_size > block_size; it is no - longer true for all ciphers - -2015-04-04 Nikos Mavrogiannopoulos - - * lib/gnutls_cipher.c: simplified calc_enc_length_stream - -2015-04-04 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-04-04 Nikos Mavrogiannopoulos - - * tests/mini-supplementaldata.c: tests: updated supplemental API - -2015-04-04 Nikos Mavrogiannopoulos - - * lib/gnutls_extensions.c: gnutls_ext_register will fail on double - registration - -2015-04-04 Nikos Mavrogiannopoulos - - * lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: - gnutls_supplemental_register will fail on double registration - -2015-04-04 Nikos Mavrogiannopoulos - - * NEWS, symbols.last: symbols: added new exported functions - -2015-04-04 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/manpages/Makefile.am, - doc/scripts/getfuncs-map.pl: doc: updated makefiles to include new - functions - -2015-04-04 Nikos Mavrogiannopoulos - - * lib/libgnutls.map: libgnutls.map: remove - gnutls_record_set_max_empty_records - -2015-04-04 Nikos Mavrogiannopoulos - - * lib/libgnutls.map: account for the renamed - gnutls_supplemental_recv/send - -2015-04-04 Nikos Mavrogiannopoulos - - * doc/cha-internals.texi: document the export supplemental data API - -2015-04-04 Nikos Mavrogiannopoulos - - * lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: - gnutls_do_recv/send_supplemental -> gnutls_supplemental_recv/send Also added the gnutls_ prefix to new types. - -2015-04-04 Nikos Mavrogiannopoulos - - * lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: Added - documentation for gnutls_do_send/recv_supplemental - -2015-04-04 Nikos Mavrogiannopoulos - - * lib/crypto-api.c, lib/gnutls_mem.c, lib/gnutls_privkey.c, - lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h, - lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c, - lib/pkcs11_write.c, lib/safe-memfuncs.c, lib/tpm.c: doc updates - -2015-04-04 Nikos Mavrogiannopoulos - - * doc/cha-shared-key.texi, lib/auth/srp_sb64.c, - lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c, - lib/tpm.c, lib/x509_b64.c: the base64 xxx_alloc functions were - renamed to xxx2 That brings them in par with the rest of the allocation functions. - -2015-04-04 Nikos Mavrogiannopoulos - - * src/certtool-common.h, src/p11tool-args.def, src/p11tool.c, - src/pkcs11.c: p11tool: use the key usage flags to set PKCS #11 - properties - -2015-04-04 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/pkcs11_int.h, - lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11: use key_usage to - set the appropriate flags - -2015-04-04 Nikos Mavrogiannopoulos - - * lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: - cleanups in supplemental data support - -2015-04-04 Nikos Mavrogiannopoulos - - * lib/auth/dh_common.c: DH: do not warn on zero q_bits - -2015-04-03 Nikos Mavrogiannopoulos - - * NEWS: NEWS: rearrange entries - -2015-04-03 Nikos Mavrogiannopoulos - - * src/certtool-common.c: certtool: certtool --generate-dh-params - will account for --outder Resolves #5 - -2015-04-02 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c: chacha20-poly1305: ciphersuite - numbers correspond to the latest draft - -2015-04-02 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: improved output message - -2015-04-02 Nikos Mavrogiannopoulos - - * src/pkcs11.c: removed unecessary warning - -2015-04-01 Nikos Mavrogiannopoulos - - * doc/cha-tokens.texi, lib/includes/gnutls/abstract.h, - lib/includes/gnutls/compat.h: doc update: account for new functions - -2015-04-01 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: better output text - -2015-04-01 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h: pkcs11: added - GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY Also enforce the expected flags despite any given flags in the URL. - -2015-04-01 Nikos Mavrogiannopoulos - - * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: - p11tool: added the --test-sign parameter That allows to check an existing key for signing/verification. - -2015-04-01 Nikos Mavrogiannopoulos - - * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, - lib/includes/gnutls/abstract.h, lib/libgnutls.map: - gnutls_priv/pubkey_import_url replace: - gnutls_privkey_import_pkcs11_url and gnutls_pubkey_import_pkcs11_url - -2015-04-01 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: corrected import of pubkey in DER format - -2015-04-01 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-etm.c: tests: added check for EtM - negotiation - -2015-04-01 Nikos Mavrogiannopoulos - - * lib/algorithms.h, lib/algorithms/ciphers.c, lib/ext/etm.c, - lib/gnutls_int.h, lib/gnutls_priority.c: only send EtM extension if - we have CBC ciphersuites - -2015-04-01 Nikos Mavrogiannopoulos - - * doc/cha-upgrade.texi: mention gnutls_privkey_sign_raw_data in - upgrade section - -2015-04-01 Nikos Mavrogiannopoulos - - * lib/gnutls_privkey.c, lib/includes/gnutls/compat.h, - lib/libgnutls.map: gnutls_privkey_sign_raw_data: converted to macro - over gnutls_privkey_sign_hash - -2015-04-01 Nikos Mavrogiannopoulos - - * tests/x509sign-verify.c: tests: added check for the legacy - gnutls_privkey_sign_raw_data - -2015-03-31 Nikos Mavrogiannopoulos - - * lib/crypto-selftests.c: avoid compilation warnings in self checks - (take 2) - -2015-03-31 Nikos Mavrogiannopoulos - - * lib/crypto-selftests.c: Revert "selftests: avoid compilatio - warnings" This reverts commit 196477d68f32b30d0de8e203a5c1c405af429603. - -2015-03-31 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-31 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11: tests: check whether PKCS #11 ID set on - copy/generation is correct - -2015-03-31 Nikos Mavrogiannopoulos - - * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: - p11tool: allow setting the CKA_ID on object - initialization/generation - -2015-03-31 Nikos Mavrogiannopoulos - - * lib/libgnutls.map: exported new functions - -2015-03-31 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11: - enhanced key generation functions to allow specifying a CKA_ID - -2015-03-31 Nikos Mavrogiannopoulos - - * lib/crypto-selftests.c: selftests: avoid compilatio warnings - -2015-03-30 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: enhanced copy - functions to allow specifying a CKA_ID - -2015-03-30 Nikos Mavrogiannopoulos - - * tests/mini-server-name.c: tests: mini-server-name: ignore sigpipe - -2015-03-30 Nikos Mavrogiannopoulos - - * tests/suppressions.valgrind: tests: added more libidn-related - valgrind suppressions - -2015-03-30 Nikos Mavrogiannopoulos - - * doc/texinfo.css: doc: increase border spacing in HTML tables - -2015-03-30 Nikos Mavrogiannopoulos - - * doc/cha-intro-tls.texi: doc: list chacha20-poly1305 to the list of - ciphers - -2015-03-30 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-30 Nikos Mavrogiannopoulos - - * doc/manpages/Makefile.am: manpages: automatically adjust the - copyright year on generated pages - -2015-03-30 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-server-name.c: tests: added check - for gnutls_server_name_get and gnutls_server_name_set - -2015-03-29 Nikos Mavrogiannopoulos - - * tests/suite/ciphersuite/test-ciphers.js: test-ciphers.js: improved - ciphersuite checks - -2015-03-29 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c: corrected - GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305 - -2015-03-29 Nikos Mavrogiannopoulos - - * tests/suite/ciphersuite/scan-gnutls.sh: updated - test-ciphersuite.sh for new types - -2015-03-28 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-28 Nikos Mavrogiannopoulos - - * lib/x509/x509_ext.c: Better fix for the double free in dist point - parsing - -2015-03-28 Nikos Mavrogiannopoulos - - * lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h: updated - minitasn1 - -2015-03-28 Nikos Mavrogiannopoulos - - * lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey: increase size - for attributes - -2015-03-28 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c: moved chacha20-poly1305 - ciphersuites to the 0xCD space - -2015-03-28 Nikos Mavrogiannopoulos - - * lib/crypto-api.c: doc update: replace cryptographic algorithm by - encryption algorithm - -2015-03-28 Nikos Mavrogiannopoulos - - * lib/gnutls_datum.c, lib/gnutls_datum.h, lib/x509/gnutls-idna.c, - lib/x509/x509_ext.c: gnutls_subject_alt_names_set and - gnutls_x509_aki_set_cert_issuer will set null-terminated strings - -2015-03-27 Jiří Klimeš - - * lib/crypto-api.c: doc: be consistent in the function descriptions Signed-off-by: Jiří Klimeš - -2015-03-27 Jiří Klimeš - - * lib/crypto-api.c: doc: correct the description of crypto API - functions Signed-off-by: Jiří Klimeš - -2015-03-27 Jiří Klimeš - - * doc/examples/ex-client-x509.c, lib/ext/server_name.c, - lib/x509/output.c: Fix a few compiler warnings about unused - variables [-Wunused-variable] Signed-off-by: Jiří Klimeš - -2015-03-28 Nikos Mavrogiannopoulos - - * lib/gnutls_cipher.c: fixed CHACHA20-POLY1305 in DTLS - -2015-03-28 Nikos Mavrogiannopoulos - - * src/benchmark-cipher.c, src/benchmark-tls.c: gnutls-cli: added - chacha-poly1305 into benchmarks - -2015-03-28 Nikos Mavrogiannopoulos - - * lib/gnutls_dtls.c: when calculating record overhead account for - chacha20 which doesn't send the nonce on the wire - -2015-03-28 Nikos Mavrogiannopoulos - - * tests/mini-record-2.c, tests/mini-record.c: tests: include - chacha20 into transfer tests - -2015-03-28 Nikos Mavrogiannopoulos - - * lib/algorithms.h, lib/algorithms/ciphersuites.c, - lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_int.h: Added - the CHACHA20-POLY1305 ciphersuites (with random IDs) - -2015-03-28 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphers.c, lib/crypto-selftests.c, - lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c: added - chacha20-poly1305 as cipher - -2015-03-28 Nikos Mavrogiannopoulos - - * tests/mini-record-retvals.c: tests: check retvals in block ciphers - -2015-03-28 Nikos Mavrogiannopoulos - - * lib/gnutls_int.h: do not penalize CBC ciphers with the maximum - send data size That reduced the maximum send size for CBC ciphers from 16384 to - 16384-(block size), which was unnecessary and was causing issues: - https://bugs.winehq.org/show_bug.cgi?id=37500 - -2015-03-28 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-28 Nikos Mavrogiannopoulos - - * lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_record.c, - lib/includes/gnutls/gnutls.h.in: - gnutls_record_set_max_empty_records: removed - -2015-03-23 Nikos Mavrogiannopoulos - - * lib/x509/x509_ext.c: eliminated double-free in the parsing of dist - points Reported by Robert Święcki. - -2015-03-23 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c: Added a tight loop around the legacy push - function That reduces the need for more expensive outer loops. Originally - suggested by Anton Lavrentiev. - -2015-03-23 Nikos Mavrogiannopoulos - - * src/gl/Makefile.am, src/gl/fseeko.c, src/gl/m4/dup2.m4, - src/gl/m4/printf.m4, src/gl/m4/stdio_h.m4, src/gl/m4/time_h.m4, - src/gl/signal.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h, - src/gl/time.in.h, src/gl/vasnprintf.c, src/gl/xalloc.h: updated - gnulib - -2015-03-27 Nikos Mavrogiannopoulos - - * src/p11tool-args.def: p11tool: more precise documentation of - --set-id parameter - -2015-03-27 Nikos Mavrogiannopoulos - - * m4/hooks.m4: depend on nettle 3.1 or later - -2015-03-27 Nikos Mavrogiannopoulos - - * tests/cert-tests/email: tests: updated email check for renamed - --verify-email option - -2015-03-27 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: increased - the size of ck_attributes - -2015-03-27 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: pkcs11: check gnutls_rnd() for error - condition - -2015-03-27 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: set a - CKA_ID on key generation - -2015-03-27 Nikos Mavrogiannopoulos - - * src/p11tool.c: p11tool: reduced debugging output - -2015-03-27 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-27 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool.c: certtool: --purpose, - --hostname were renamed to --verify-purpose, --verify-hostname - -2015-03-26 Nikos Mavrogiannopoulos - - * src/p11tool-args.def, src/p11tool.c: p11tool: added --mark-no-sign - and --mark-no-decrypt options - -2015-03-26 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c, - lib/pkcs11_write.c: pkcs11: added flags to mark keys as not-being - signable or decryptable That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and - GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN which can be set during - generation or write of keys. - -2015-03-26 Nikos Mavrogiannopoulos - - * lib/pkcs11_write.c: pkcs11: set the CKA_SIGN and CKA_DECRYPT flags - when writing a private key - -2015-03-26 Nikos Mavrogiannopoulos - - * tests/resume-dtls.c: tests: cleanups in resume-dtls - -2015-03-26 Nikos Mavrogiannopoulos - - * lib/ext/server_name.c: ext: server_name: move name length check - prior to IDN convertion - -2015-03-26 Nikos Mavrogiannopoulos - - * lib/ext/server_name.c: When an application calls - gnutls_server_name_set() with a name of zero size disable the - extension Resolves #2 - -2015-03-26 Nikos Mavrogiannopoulos - - * lib/x509/hostname-verify.c: gnutls_x509_crt_check_hostname2: check - CN for match only if certificate would have been acceptable for - GNUTLS_KP_TLS_WWW_SERVER - -2015-03-26 Nikos Mavrogiannopoulos - - * lib/x509/name_constraints.c: Apply DNS name constraints on CN - field only on certificates acceptable for TLS WWW SERVER purpose Suggested by Fotis Loukos. - -2015-03-25 Nikos Mavrogiannopoulos - - * tests/mini-loss-time.c: tests: mini-loss-time is less prone to - timeouts - -2015-03-25 Nikos Mavrogiannopoulos - - * tests/cert-tests/suppressions.valgrind: tests: added valgrind - suppressions in cert-tests for libidn - -2015-03-25 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: eliminated memory leaks on verification - -2015-03-25 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-25 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/email, - tests/cert-tests/email-certs/chain.exclude.test.example.com, - tests/cert-tests/email-certs/chain.invalid.example.com, - tests/cert-tests/email-certs/chain.test.example.com, - tests/cert-tests/email-certs/chain.test.example.com-2: tests: Added - email verification tests with certtool - -2015-03-25 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool.c: certtool: added the --email - option, to use in verification - -2015-03-25 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-25 Nikos Mavrogiannopoulos - - * lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in, - lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h, - lib/libgnutls.map, lib/openpgp/compat.c, - lib/openpgp/gnutls_openpgp.h, lib/openpgp/pgp.c, - lib/x509/Makefile.am, lib/x509/email-verify.c, - lib/x509/verify-high.c: Added gnutls_x509_crt_check_email(), - gnutls_openpgp_crt_check_email() and GNUTLS_DT_RFC822NAME - -2015-03-25 Nikos Mavrogiannopoulos - - * tests/test-chains.h: tests: verify that we accept a certificate - with no name even if its CA has nameconstraints - -2015-03-25 Nikos Mavrogiannopoulos - - * lib/x509/name_constraints.c: name constraints: when no name of the - type is found, accept the certificate This follows RFC5280 advice closely. Reported by Fotis Loukos. - -2015-03-24 Nikos Mavrogiannopoulos - - * tests/resume-dtls.c: tests: increase the timeout in resume-dtls - -2015-03-24 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: gnutls_pkcs11_obj_export3: allow operation when - raw.data is NULL and we have a public key - -2015-03-24 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: simplified export of objects That also allows to export public keys, even when a CKA_VALUE with - the public key is not present. For that we use the key parameters, - which we encode into a key. Issue reported by Frank Leavis. - -2015-03-24 Nikos Mavrogiannopoulos - - * GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh, - build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h, - build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h, - build-aux/useless-if-before-free, build-aux/vc-list-files, - doc/gendocs_template, gl/Makefile.am, gl/m4/gnulib-cache.m4, - gl/m4/gnulib-comp.m4, gl/m4/ld-version-script.m4, gl/m4/printf.m4, - gl/m4/stdio_h.m4, gl/m4/time_h.m4, gl/m4/ungetc.m4, - gl/stdio-impl.h, gl/stdio.in.h, gl/tests/Makefile.am, - gl/tests/init.sh, gl/tests/test-u64.c, gl/time.in.h, gl/u64.c, - gl/u64.h, gl/vasnprintf.c, maint.mk: gnulib: removed u64 module - -2015-03-24 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/aes-gcm-x86-pclmul.c, lib/gnutls_int.h: drop - support for gnulib's u64 - -2015-03-23 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-main-openssl: tests: check legacy RC4 in - testcompat That would prevent losing compatibility without detecting it. That - is currently the case since it is no longer enabled by default. - -2015-03-23 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-record-retvals.c: tests: added check - to verify the correctness of the record function return values - -2015-03-21 Nikos Mavrogiannopoulos - - * src/common.c, src/crywrap/crywrap.c, src/tests.c: tools: enable - compilation with all options disabled - -2015-03-21 Nikos Mavrogiannopoulos - - * lib/gnutls_auth.c, lib/gnutls_ui.c: enable compilation with - several options disabled - -2015-03-21 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-20 Nikos Mavrogiannopoulos - - * lib/gnutls_auth.c, lib/gnutls_state.c, lib/pkcs11.c, - lib/pkcs11_privkey.c, lib/x509/crq.c, lib/x509/pkcs7.c: doc: avoid - mentioning pointers when not needed - -2015-03-20 Nikos Mavrogiannopoulos - - * configure.ac: increase the maximum stack frame the compiler will - warn for - -2015-03-20 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c, lib/crypto-api.c, lib/ext/alpn.c, - lib/ext/etm.c, lib/ext/ext_master_secret.c, lib/ext/heartbeat.c, - lib/ext/max_record.c, lib/ext/safe_renegotiation.c, - lib/ext/server_name.c, lib/ext/session_ticket.c, - lib/ext/signature.c, lib/ext/srtp.c, lib/ext/status_request.c, - lib/gnutls_alert.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c, - lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_db.c, - lib/gnutls_dh.c, lib/gnutls_dtls.c, lib/gnutls_handshake.c, - lib/gnutls_pcert.c, lib/gnutls_priority.c, lib/gnutls_privkey.c, - lib/gnutls_privkey_raw.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c, - lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_session.c, - lib/gnutls_session_pack.c, lib/gnutls_srp.c, lib/gnutls_state.c, - lib/gnutls_ui.c, lib/gnutls_x509.c, lib/openpgp/extras.c, - lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c, - lib/openpgp/privkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c, - lib/pkcs11x.c, lib/system-keys-win.c, lib/system_override.c, - lib/tpm.c, lib/verify-tofu.c, lib/x509/crl.c, lib/x509/crl_write.c, - lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c, - lib/x509/hostname-verify.c, lib/x509/name_constraints.c, - lib/x509/ocsp.c, lib/x509/ocsp_output.c, lib/x509/output.c, - lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c, - lib/x509/privkey.c, lib/x509/privkey_openssl.c, - lib/x509/privkey_pkcs8.c, lib/x509/verify-high.c, - lib/x509/verify-high2.c, lib/x509/x509.c, lib/x509/x509_ext.c, - lib/x509/x509_write.c: doc: avoid using structure for opaque types - -2015-03-20 Nikos Mavrogiannopoulos - - * tests/mini-extension.c: tests: include gnutls_ext_s/get_data into - tests of mini-extension - -2015-03-20 Nikos Mavrogiannopoulos - - * lib/gnutls_extensions.c: updated documentation on non-return value - of gnutls_ext_set_data - -2015-03-20 Nikos Mavrogiannopoulos - - * tests/mini-dtls0-9.c: tests: fixed buffers in mini-dtls0-9 - -2015-03-20 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c: avoid overflow when receiving DTLS 0.9 CCS - -2015-03-20 Nikos Mavrogiannopoulos - - * lib/auth/srp.c, lib/ext/alpn.c, lib/ext/etm.c, - lib/ext/heartbeat.c, lib/ext/max_record.c, - lib/ext/safe_renegotiation.c, lib/ext/server_name.c, - lib/ext/session_ticket.c, lib/ext/signature.c, lib/ext/srp.c, - lib/ext/srtp.c, lib/ext/status_request.c, lib/gnutls_extensions.c, - lib/gnutls_extensions.h, lib/gnutls_int.h, lib/gnutls_str.h, - lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: added - gnutls_ext_set_data() and gnutls_ext_get_data() As a side effect the type which holds private data was reduced from - union to void * pointer. That simplifies the exported API without - reducing the options in the internal API. - -2015-03-19 Nikos Mavrogiannopoulos - - * .gitignore: more files to ignore - -2015-03-19 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/gnutls.h.in: set GNUTLS_DTLS_VERSION_MIN to be - DTLS0.9 That allows standard DTLS ciphersuites to be used with DTLS0.9 - -2015-03-19 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-dtls0-9.c: tests: added test for - DTLS 0.9 - -2015-03-19 Nikos Mavrogiannopoulos - - * tests/mini-extension.c: tests: updated mini-extension - -2015-03-19 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-19 Nikos Mavrogiannopoulos - - * doc/cha-internals.texi: mention the new functionality briefly in - documentation - -2015-03-19 Nikos Mavrogiannopoulos - - * lib/gnutls_extensions.c, lib/gnutls_supplemental.c: mention that - the registration functions are not thread safe - -2015-03-19 Nikos Mavrogiannopoulos - - * lib/gnutls_extensions.c, lib/gnutls_extensions.h: store a copy of - the extensions name - -2015-03-19 Nikos Mavrogiannopoulos - - * lib/gnutls_global.c: deinitialize supplemental data on deinit - -2015-03-19 Nikos Mavrogiannopoulos - - * lib/gnutls_extensions.c, lib/gnutls_extensions.h, - lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: removed - unused epoch change callback - -2015-03-19 Nikos Mavrogiannopoulos - - * lib/gnutls_global.c, lib/gnutls_supplemental.c, - lib/gnutls_supplemental.h: deinitialize supplemental data on deinit - -2015-03-19 Nikos Mavrogiannopoulos - - * lib/gnutls_hash_int.h, lib/gnutls_supplemental.c: reduce warnings - -2015-03-19 Nikos Mavrogiannopoulos - - * lib/gnutls_extensions.c, lib/gnutls_str.c, lib/gnutls_str.h, - lib/gnutls_supplemental.c: added documentation for the new functions - -2015-03-19 Nikos Mavrogiannopoulos - - * tests/mini-supplementaldata.c: tests: remove warnings in - mini-supplementaldata.c - -2015-03-19 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/gnutls.h.in, tests/mini-supplementaldata.c: - updated types - -2015-03-19 Nikos Mavrogiannopoulos - - * .gitignore: more files to ignore - -2015-03-19 Thierry Quemerais - - * lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map, tests/Makefile.am, tests/mini-supplementaldata.c: - Added a way to add custom supplemental data from public API. Signed-off-by: Thierry Quemerais - -2015-03-19 Thierry Quemerais - - * tests/mini-extension.c: Fixed extension test. Signed-off-by: Thierry Quemerais - -2015-03-19 Nikos Mavrogiannopoulos - - * lib/gnutls_str.h, lib/includes/gnutls/gnutls.h.in, - tests/Makefile.am, tests/mini-extension.c: renamed gnutls_buffer_st - -> gnutls_buffer_t - -2015-03-19 Thierry Quemerais - - * lib/gnutls_extensions.c, lib/gnutls_extensions.h, - lib/gnutls_int.h, lib/gnutls_str.c, lib/gnutls_str.h, - lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, - tests/mini-extension.c: Added a way to add custom extensions from - public API. Signed-off-by: Thierry Quemerais - -2015-03-19 Nikos Mavrogiannopoulos - - * .gitignore: more files to ignore - -2015-03-19 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h: - gnutls_x509_crt_import_pkcs11_url moved to pkcs11.h as it was always - defined there - -2015-03-19 Nikos Mavrogiannopoulos - - * lib/inet_ntop.c: inet_ntop replacement: include sys/socket.h - -2015-03-19 Nikos Mavrogiannopoulos - - * lib/inet_ntop.c, lib/system.h: inet_ntop replacement: do not - depend on socklen_t - -2015-03-18 Nikos Mavrogiannopoulos - - * tests/slow/Makefile.am: tests: link cipher tests directly with - nettle when needed - -2015-03-18 Nikos Mavrogiannopoulos - - * tests/mini-dtls-record.c: tests: mini-dtls-record: increase - timeouts to avoid failure of test due to slow system - -2015-03-18 Nikos Mavrogiannopoulos - - * tests/mini-dtls-record.c: tests: mini-dtls-record: removed the - need for 64-bit number - -2015-03-18 Nikos Mavrogiannopoulos - - * tests/mini-dtls-record.c: tests: increase verbosity of - mini-dtls-record - -2015-03-18 Nikos Mavrogiannopoulos - - * doc/cha-crypto.texi: document the cipher override API - -2015-03-18 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-18 Nikos Mavrogiannopoulos - - * tests/slow/Makefile.am, tests/slow/mac-override.c, - tests/slow/override-ciphers: added test suite for overriden digests - and MACs - -2015-03-18 Nikos Mavrogiannopoulos - - * lib/accelerated/cryptodev.c, lib/accelerated/x86/x86-common.c, - lib/crypto-backend.c, lib/crypto-backend.h, - lib/includes/gnutls/crypto.h, lib/libgnutls.map: Added API to - register MAC and digest algorithms. - -2015-03-18 Nikos Mavrogiannopoulos - - * tests/slow/Makefile.am, tests/slow/cipher-override.c, - tests/slow/override-ciphers: added test suite for overriden ciphers - -2015-03-18 Nikos Mavrogiannopoulos - - * lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c, - lib/accelerated/x86/x86-common.c, lib/crypto-backend.c, - lib/crypto-backend.h, lib/includes/gnutls/crypto.h, - lib/libgnutls.map: Added API to register AEAD and legacy ciphers. - -2015-03-18 Nikos Mavrogiannopoulos - - * lib/accelerated/cryptodev-gcm.c: cryptodev: provide the new AEAD - API - -2015-03-18 Nikos Mavrogiannopoulos - - * lib/gnutls_global.c: Added environment variable which can override - automatic global initialization - -2015-03-18 Nikos Mavrogiannopoulos - - * lib/crypto-backend.c, lib/crypto-backend.h: removed unused - functions - -2015-03-18 Nikos Mavrogiannopoulos - - * m4/hooks.m4: configure: fail compilation if the minimum required - libtasn1 is not present - -2015-03-18 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-16 Nikos Mavrogiannopoulos - - * tests/long-session-id.c: tests: long-session-id uses the test - framework - -2015-03-17 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-17 Nikos Mavrogiannopoulos - - * configure.ac, lib/pkcs11.c: depend on p11-kit 0.23.1 to conform to - draft-pechanec-pkcs11uri-21 - -2015-03-16 Nikos Mavrogiannopoulos - - * tests/mini-dtls-record.c: tests: fixed shadowed variable in - mini-dtls-record - -2015-03-16 Nikos Mavrogiannopoulos - - * tests/long-session-id.c, tests/mini-dtls-fork.c, - tests/mini-dtls-pthread.c, tests/mini-dtls-rehandshake.c, - tests/mini-handshake-timeout.c, tests/utils.c, tests/utils.h: tests: - use nanosleep for sleeping - -2015-03-14 Nikos Mavrogiannopoulos - - * README.md: README-alpha: move valgrind to testing tools - -2015-03-14 Nikos Mavrogiannopoulos - - * README.md: updated README-alpha - -2015-03-13 Nikos Mavrogiannopoulos - - * lib/gnutls_supplemental.c: Fixed handling of supplemental data - with types > 255. Patch by Thierry Quemerais. - -2015-03-13 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c: doc update - -2015-03-13 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c: gnutls_priority_init: document that - priorities can be NULL - -2015-03-13 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11.softhsm: testpkcs11: disallow softhsm - 2.0.0b1 from being used to test PKCS #11 - -2015-03-13 Nikos Mavrogiannopoulos - - * tests/suite/mini-eagain2.c: tests: mini-eagain2: call - gnutls_handshake_set_timeout() at the proper time - -2015-03-13 Nikos Mavrogiannopoulos - - * README.md: added libasan as dependency - -2015-03-13 Nikos Mavrogiannopoulos - - * lib/crypto-selftests.c: corrected self test for 3DES - -2015-03-12 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: correctly set the size of type - -2015-03-11 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: combined the fill for object attributes set - -2015-03-11 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: only set ID and label when both size and - data are set - -2015-03-11 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-11 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-11 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: exit with non-zero reason if no objects are - found - -2015-03-11 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11: tests: added checks for p11tool --set-id - and --set-label - -2015-03-11 Nikos Mavrogiannopoulos - - * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: - p11tool: added --set-id and --set-label options - -2015-03-11 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, - lib/pkcs11_int.c, lib/pkcs11_int.h: added - gnutls_pkcs11_obj_set_info() This function allows setting information such as the CKA_ID and the - CKA_LABEL of an object. Resolves #1 - -2015-03-11 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig, - tests/cert-tests/invalid-sig.pem: Added check for GNUTLS-SA-2015-1 - -2015-03-09 Nikos Mavrogiannopoulos - - * tests/test-chains.h: tests: removed test with invalid DER encoding - in chainverify These certificates are now rejected earlier. - -2015-03-09 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/strict-der.c: tests: added a check for - certificates with invalid DER encodings - -2015-03-09 Nikos Mavrogiannopoulos - - * lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c, - lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c, - lib/x509/mpi.c, lib/x509/ocsp.c, lib/x509/privkey.c, - lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_ext.c: - x509: use libtasn1's strict DER decoding rules in network obtained - structures - -2015-03-09 Nikos Mavrogiannopoulos - - * lib/x509/common.c, m4/hooks.m4: depend on libtasn1 4.3 - -2015-03-09 Nikos Mavrogiannopoulos - - * lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h, - lib/minitasn1/parser_aux.c: minitasn1: updated to libtasn1 4.3 - -2015-03-09 Nikos Mavrogiannopoulos - - * doc/cha-internals.texi: rearranged internal documentation - -2015-03-09 Nikos Mavrogiannopoulos - - * src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def, - src/socket.c: tools: added ftp as a starttls protocol - -2015-03-09 Nikos Mavrogiannopoulos - - * src/cli-args.def: gnutls-cli: starttls and starttls-proto can't - mix - -2015-03-07 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: expand on SECURE256 being an alias to - SECURE192 - -2015-03-07 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-polarssl: tests: do not run polarssl - interop test on VIA - -2015-03-07 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-common: use common license in all - testcompat scripts - -2015-03-07 Nikos Mavrogiannopoulos - - * lib/nettle/pk.c: removed unused function - -2015-03-07 Nikos Mavrogiannopoulos - - * doc/TODO: doc update - -2015-03-06 Nikos Mavrogiannopoulos - - * Makefile.am, README-alpha, README.md: README-alpha is README.md on - repository It contains information for developers. - -2015-03-06 Nikos Mavrogiannopoulos - - * Makefile.am, README, README.md: Revert "auto-generate README from - README.md" This reverts commit aff4b2151b42c6a59e490c3714d3e1e64d2921dd. - -2015-03-06 Nikos Mavrogiannopoulos - - * README.md: cleaned up licensing - -2015-03-06 Nikos Mavrogiannopoulos - - * Makefile.am, README, README.md: auto-generate README from - README.md - -2015-03-06 Nikos Mavrogiannopoulos - - * README.md: Revert "added README.md as link to README" This reverts commit 041d4f947eb6937d4af62eb35055668825c36833. - -2015-03-06 Nikos Mavrogiannopoulos - - * README.md: added README.md as link to README - -2015-03-06 Nikos Mavrogiannopoulos - - * README, README-alpha, README-alpha.md, README.md: Revert "renamed - README files" This reverts commit 05b4fa46667d3f5972f6de6ac61ff959382c67a5. - -2015-03-06 Nikos Mavrogiannopoulos - - * README, README-alpha, README-alpha.md, README.md: renamed README - files - -2015-03-06 Nikos Mavrogiannopoulos - - * README, README-alpha: README: converted to mark-down - -2015-03-06 Nikos Mavrogiannopoulos - - * src/tests.c: gnutls-cli-debug: corrected check of certificate - chain order - -2015-03-06 Nikos Mavrogiannopoulos - - * tests/x509cert.c: tests: added small test to verify that - GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED succeeds with a single cert - -2015-03-06 Nikos Mavrogiannopoulos - - * src/cli-debug.c, src/tests.c: gnutls-cli-debug: disable - unsupported TLS protocols as soon - -2015-03-06 Nikos Mavrogiannopoulos - - * src/socket.c: cli sockets: check for a digit prior using atoi - -2015-03-06 Nikos Mavrogiannopoulos - - * src/tests.c: gnutls-cli-debug: a cert list of size 1 is always - sorted - -2015-03-06 Nikos Mavrogiannopoulos - - * src/socket.c: gnutls-cli-debug: do not warn multiple times about - unknown protocols - -2015-03-06 Nikos Mavrogiannopoulos - - * doc/cha-support.texi: updated documentation on FIPS140-2 - -2015-03-05 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-main-openssl, - tests/suite/testcompat-main-polarssl: tests: speed up testcompat - check by remove less important options - -2015-03-05 Nikos Mavrogiannopoulos - - * tests/suite/softhsm.h: tests: updated paths for softhsm detection - -2015-03-05 Nikos Mavrogiannopoulos - - * README-alpha: README: mention nodejs - -2015-03-05 Nikos Mavrogiannopoulos - - * configure.ac: configure: check for /usr/share/dns/root.key as well - for dns root key - -2015-03-05 Nikos Mavrogiannopoulos - - * README-alpha: README: mention dependency on dns-root-data - -2015-03-05 Nikos Mavrogiannopoulos - - * tests/cert-tests/template-test: tests: don't perform the overflow - check in 32-bit systems - -2015-03-05 Nikos Mavrogiannopoulos - - * tests/cert-tests/template-date.pem, - tests/cert-tests/template-date.tmpl: tests: date parsing test was - modified to work in 32-bit systems - -2015-03-05 Nikos Mavrogiannopoulos - - * src/certtool-cfg.c: certtool: in 32-bit systems use PRIu64 to - print 64-bit values - -2015-03-05 Nikos Mavrogiannopoulos - - * src/certtool-cfg.c: certtool: exit when there is an overflow in - parsing days - -2015-03-05 Nikos Mavrogiannopoulos - - * README-alpha: README: mention that openssl and polarssl will be - used for interop testing - -2015-03-05 Nikos Mavrogiannopoulos - - * tests/cert-tests/template-test: Revert "tests: increased the - retries with datefudge cert generation" This reverts commit a381fd148d2e181e19aad9ab9a9c5993080ce869. - -2015-03-05 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, - tests/cert-tests/template-basic.pem, - tests/cert-tests/template-basic.tmpl, - tests/cert-tests/template-test: Revert "tests: template-test: added - a baseline check to detect slow systems" This reverts commit b7ef1265810ec55d0912db2e3fa4204d8c412377. - -2015-03-05 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, - tests/cert-tests/template-basic.pem, - tests/cert-tests/template-basic.tmpl, - tests/cert-tests/template-test: tests: template-test: added a - baseline check to detect slow systems - -2015-03-05 Nikos Mavrogiannopoulos - - * tests/cert-tests/template-test: tests: increased the retries with - datefudge cert generation There are slow systems that are not always capable of generating the - certificate within a single second. - -2015-03-04 Nikos Mavrogiannopoulos - - * README-alpha: add bison as a dependency - -2015-03-04 Nikos Mavrogiannopoulos - - * Makefile.am: build documentation last That allows the examples to depend on libgnu_gpl.la - -2015-03-04 Nikos Mavrogiannopoulos - - * README-alpha: list unbound dependency for DANE - -2015-03-04 Nikos Mavrogiannopoulos - - * tests/suite/testdane: tests: removed dane hosts which don't behave - well - -2015-03-04 Nikos Mavrogiannopoulos - - * README-alpha: updated instructions for installed packages - -2015-03-04 Nikos Mavrogiannopoulos - - * doc/latex/cover.tex: latex doc: updated copyright dates - -2015-03-04 Nikos Mavrogiannopoulos - - * doc/gnutls.texi: updated copyright date - -2015-03-04 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c, lib/tpm.c, lib/x509/common.c, - lib/x509/common.h, lib/x509/dn.c, lib/x509/ocsp.c, - lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/x509_ext.c, - m4/hooks.m4: use asn1_decode_simple_ber if available - -2015-03-04 Nikos Mavrogiannopoulos - - * doc/cha-library.texi: corrected typo - -2015-03-04 Nikos Mavrogiannopoulos - - * doc/cha-library.texi: mention libidn - -2015-03-04 Ilya V. Matveychikov - - * tests/suite/asn1random.pl: asn1random.pl: generate simple tags - only Do not emit tags with numbers greater than or equal 31 as they must - be encoded an octet sequence (ref X.690-0207 # 8.1.2.4) Signed-off-by: Ilya V. Matveychikov - -2015-03-04 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c: doc update - -2015-02-20 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig, - tests/cert-tests/invalid-sig2.pem, - tests/cert-tests/invalid-sig3.pem: tests: added checks for invalid - X.509 certificate signatures - -2015-03-04 Nikos Mavrogiannopoulos - - * doc/cha-upgrade.texi: added the change of priority string NORMAL - in documentation - -2015-03-04 Nikos Mavrogiannopoulos - - * doc/cha-library.texi: document the usage of a PKCS #11 trust - module for verification - -2015-03-03 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-main-openssl: tests: updated the suite to - account for the removal of DSA by default - -2015-03-03 Nikos Mavrogiannopoulos - - * tests/dsa/testdsa, tests/openpgp-callback.c, tests/openpgpself.c, - tests/priorities.c: tests: updated the suite to account for the - removal of DSA by default - -2015-03-03 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-03 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-main-openssl, - tests/suite/testcompat-main-polarssl, - tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl: - cross-implementation test suite was relicensed to 3-clause BSD That way the suite can be used by projects with other licenses. - -2015-03-03 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-03-03 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c: DSA signatures and DHE-DSS are disabled by - default DSA was an algorithm that was never deployed on the Internet and - had, until very recently, several limitations such as restriction of - its keys to 1024 bits, SHA1-only etc. Given that there are literally - 0 internet (HTTPS) certificates using DSA, there is no point to - enable it by default and increase our attack surface. - -2015-03-02 Nikos Mavrogiannopoulos - - * src/benchmark-cipher.c: gnutls-cli: include AES_128_CCM in - benchmark-ciphers - -2015-02-28 Nikos Mavrogiannopoulos - - * lib/gnutls_session.c: doc update - -2015-02-28 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-02-28 Nikos Mavrogiannopoulos - - * lib/gnutls_privkey.c: doc update - -2015-02-28 Nikos Mavrogiannopoulos - - * lib/Makefile.am, lib/inet_ntop.c, lib/system.c, lib/system.h, - lib/x509/output.c: bundle inet_ntop in systems that don't have it - -2015-02-27 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated - auto-generated files - -2015-02-27 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/abstract.h: removed - gnutls_pubkey_get_verify_algorithm from abstract.h - -2015-02-26 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c: corrected typo in gnutls_handshake(), - spotted by Andris Mednis - -2015-02-24 Nikos Mavrogiannopoulos - - * lib/gnutls_session.c: doc update: document that session_get_data() - must be used in non-resumed sessions - -2015-02-23 Nikos Mavrogiannopoulos - - * doc/cha-tokens.texi: doc update - -2015-02-22 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c, lib/gnutls_handshake.c: added - comments - -2015-02-22 Nikos Mavrogiannopoulos - - * configure.ac, lib/pkcs11.c: Use p11_kit_uri_get_pin_value() if - available in p11-kit - -2015-02-21 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c: fixed handling of GNUTLS_E_INT_CHECK_AGAIN - -2015-02-21 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c: removed unnecessary check and - optimized function - -2015-02-21 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c: corrected check which prevented - client to sent an unacceptable for the version ciphersuite - -2015-02-21 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-02-21 Nikos Mavrogiannopoulos - - * tests/mini-key-material.c: tests: mini-key-material: avoid memory - leak - -2015-02-21 Nikos Mavrogiannopoulos - - * tests/mini-dtls-lowmtu.c, tests/mini-overhead.c, - tests/mini-record.c: tests: require DTLS 1.2 when using GCM - -2015-02-21 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c: handle GNUTLS_E_INT_CHECK_AGAIN - -2015-02-21 Nikos Mavrogiannopoulos - - * lib/algorithms.h, lib/algorithms/ciphersuites.c, - lib/gnutls_handshake.c: check the negotiated TLS/DTLS version prior - to offering a ciphersuite a server - -2015-02-21 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c: remove unnecessary assert - -2015-02-21 Nikos Mavrogiannopoulos - - * doc/cha-upgrade.texi: doc update - -2015-02-21 Nikos Mavrogiannopoulos - - * tests/cve-2009-1415.c, tests/x509sign-verify.c: tests: modified - tests with obsolete APIs with their replacement API - -2015-02-21 Nikos Mavrogiannopoulos - - * doc/cha-upgrade.texi: doc: added deprecated functions into upgrade - plan - -2015-02-21 Nikos Mavrogiannopoulos - - * tests/x509cert-tl.c: tests: added checks for - gnutls_x509_crt_get_signature_algorithm and - gnutls_x509_crt_get_preferred_hash_algorithm - -2015-02-21 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-02-21 Nikos Mavrogiannopoulos - - * lib/crypto-backend.h, lib/gnutls_pk.c, lib/gnutls_pk.h, - lib/gnutls_pubkey.c, lib/libgnutls.map, lib/nettle/pk.c, - lib/x509/verify.c, lib/x509/x509.c: removed - gnutls_pubkey_get_verify_algorithm() and unnecessary internal APIs - -2015-02-21 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/x509.c: - removed gnutls_x509_crt_get_verify_algorithm() - -2015-02-21 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h, - lib/libgnutls.map: removed gnutls_pubkey_verify_hash() and - gnutls_pubkey_verify_data() - -2015-02-20 Nikos Mavrogiannopoulos - - * src/certtool-common.h: certtool: use unsigned for bits - -2015-02-20 Nikos Mavrogiannopoulos - - * src/certtool.c, src/p11tool.c: certtool/p11tool: avoid cast to - function call - -2015-02-20 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool.c: certtool: allow specifying - a purpose and a hostname for chain verification - -2015-02-20 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/x509cert-invalid.c: tests: added check - for invalid X.509 certificate - -2015-02-20 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-key-material.c: tests: added check - for gnutls_record_get_state() - -2015-02-20 Nikos Mavrogiannopoulos - - * lib/gnutls_constate.c: removed unused constants - -2015-02-20 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c: memcpy fix in gnutls_record_get_state - -2015-02-20 Nikos Mavrogiannopoulos - - * ltmain.sh: removed ltmain.sh from root - -2015-02-20 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-02-20 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map: Added gnutls_record_get_state() and - gnutls_record_set_state() These functions allow to export the key material and sequence - numbers. That allows offloading the sending and receiving of - individual records. - -2015-02-20 Nikos Mavrogiannopoulos - - * lib/gnutls_record.c: fixed sequence number copy - -2015-02-20 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-02-20 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: - gnutls_handshake_set_hook_function: will provide the raw handshake - data - -2015-02-18 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/gnutls.h.in: use explicit casts to unsigned - int in the CURVE_TO_BITS et al - -2015-02-18 Nikos Mavrogiannopoulos - - * lib/x509/pkcs12_encr.c: use cast in _gnutls_hash_fast - -2015-02-17 Nikos Mavrogiannopoulos - - * lib/x509/x509.c: when importing a certificate ensure that the - signature parameters match - -2015-02-14 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/x86-common.c: Allow AESNI GCM accelaration in - x86 - -2015-02-06 Nikos Mavrogiannopoulos - - * src/cli-args.def, src/cli.c: gnutls-cli: added --save-cert option - -2015-02-05 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/gnutls.h.in: added missing prototypes - -2015-02-04 Nikos Mavrogiannopoulos - - * src/cli.c: handle differently OCSP responses that are revoked and - of unknown status - -2015-02-01 Nikos Mavrogiannopoulos - - * src/common.c: compilation fix with return on void function; - reported by David Marx - -2015-01-29 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c: doc update - -2015-01-29 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c: set the appropriate direction when - _gnutls_io_write_flush() is called - -2015-01-28 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-dtls-pthread.c: tests: added check - for operation under different threads and DTLS - -2015-01-28 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-dtls-fork.c: tests: added check for - operation under different processes and DTLS - -2015-01-28 Nikos Mavrogiannopoulos - - * NEWS: Revert "doc update" This reverts commit eabf1f27d255577bad60d302abf46a969848fcd7. - -2015-01-28 Nikos Mavrogiannopoulos - - * lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map: Revert "Added gnutls_record_is_async()" This reverts commit 2232822aabe473d124f924d64ff52981d685fd41. - -2015-01-28 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: documented using a session with fork or - multiple threads - -2015-01-27 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2015-01-27 Nikos Mavrogiannopoulos - - * lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map: Added gnutls_record_is_async() That function indicates whether gnutls_record_recv() and - gnutls_record_send() can be used independently and in parallel. - -2015-01-25 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c: print errno in a more uniform way - -2015-01-25 Nikos Mavrogiannopoulos - - * NEWS, lib/system.c: doc update - -2015-01-25 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_state.c, - lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/system.c, - lib/system.h, lib/system_override.c: exported - gnutls_system_recv_timeout() - -2015-01-25 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c: simplified _gnutls_writev() by requiring the - total length - -2015-01-20 Nikos Mavrogiannopoulos - - * lib/opencdk/kbnode.c, lib/opencdk/read-packet.c: opencdk: small - fixed to reduce warnings - -2015-01-19 Nikos Mavrogiannopoulos - - * lib/gnutls_ui.c: doc update - -2015-01-19 Nikos Mavrogiannopoulos - - * src/cli.c, src/ocsptool-common.c, src/ocsptool-common.h: don't be - so verbose about the OCSP nonce; it is universally unsupported - -2015-01-17 Tim Ruehsen - - * src/cli.c, src/ocsptool-common.c: OCSP check the whole cert chain Signed-off-by: Nikos Mavrogiannopoulos - -2015-01-19 Nikos Mavrogiannopoulos - - * lib/x509/x509.c: on certificate import check whether the two - signature algorithms match - -2015-01-17 Nikos Mavrogiannopoulos - - * cross.mk: cross.mk: use 3.3.12 - -2015-01-17 Nikos Mavrogiannopoulos - - * lib/x509/key_decode.c: doc update - -2015-01-12 Luke Dashjr - - * Makefile.am, configure.ac, doc/manpages/Makefile.am: Added - configure option --disable-tools - -2015-01-16 Nikos Mavrogiannopoulos - - * libdane/errors.c: corrected typos Reported by Guido Kroon. - -2015-01-16 Nikos Mavrogiannopoulos - - * lib/algorithms/protocols.c, lib/gnutls_int.h: Added the notion of - obsolete versions That prevents using these versions as record version numbers, unless - they are the only protocol supported. This avoids the issues with - servers that have banned SSL 3.0 record versions. - -2015-01-16 Nikos Mavrogiannopoulos - - * src/ocsptool-common.c: ocsptool: follow the documented process for - gnutls_x509_crt_get_authority_info_access - -2015-01-16 Nikos Mavrogiannopoulos - - * lib/x509/x509.c: gnutls_x509_crt_get_authority_info_access: doc - update - -2015-01-15 Nikos Mavrogiannopoulos - - * src/ocsptool-common.c: ocsptool-common: iterate through all AIA - items prior to decidig the OCSP server - -2015-01-14 Nikos Mavrogiannopoulos - - * lib/fips.c: use a FIPS key that agree's with fedora's fipshmac - -2015-01-14 Nikos Mavrogiannopoulos - - * devel/DCO/people-dco.txt: DCO: Added Luke Dashjr - -2015-01-13 Nikos Mavrogiannopoulos - - * src/cli-args.def: simplified text for inline-commands-prefix - -2015-01-12 Nikos Mavrogiannopoulos - - * src/cli-args.def, src/cli.c, src/socket.c: gnutls-cli: added - --starttls-proto option - -2015-01-12 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: cleanup the name of types - -2015-01-12 Nikos Mavrogiannopoulos - - * tests/suite/softhsm.h: tests: updates in softhsm detection - -2015-01-12 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: when importing a public key, import it's - data as well (version 2 fix) - -2015-01-12 Nikos Mavrogiannopoulos - - * lib/x509/verify.c: doc update - -2015-01-12 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11: testpkcs11: do not ignore the failure to - write a trusted CA - -2015-01-12 Nikos Mavrogiannopoulos - - * lib/libgnutls.map: removed gnutls_pubkey_get_pk_* from the - exported function list - -2015-01-12 Nikos Mavrogiannopoulos - - * tests/key-import-export.c: tests: key-import-export: enhanced to - test gnutls_pubkey_*_ecc_x962 - -2015-01-12 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c: gnutls_pubkey_t: allow the import of another - parameter set without a leak - -2015-01-12 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c: removed ABI-compatibility functions - -2015-01-09 Nikos Mavrogiannopoulos - - * src/certtool-args.def: doc update - -2015-01-11 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11.softhsm: testpkcs11: modified to support - both softhsmv1 and v2 - -2015-01-11 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: when importing a public key, import it's - data as well - -2015-01-11 Nikos Mavrogiannopoulos - - * tests/key-import-export.c: tests: enhanced key-import-export to - check output of pubkeys - -2015-01-11 Nikos Mavrogiannopoulos - - * tests/openpgp-callback.c: tests: eliminated leaks - -2015-01-11 Nikos Mavrogiannopoulos - - * lib/gnutls_cert.c: doc update - -2015-01-11 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/key-import-export.c: tests: added checks - for private key import/export functions - -2015-01-10 Nikos Mavrogiannopoulos - - * doc/TODO: doc update - -2015-01-10 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/openpgp-callback.c: tests: Added test - case for openpgp keys loaded by callback - -2015-01-10 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c: When setting up TLS with cert-type OpenPGP - from a client, the server verifies if it supports the extension’s - contents in _gnutls_session_cert_type_supported(). This function - checks for cred->get_cert_callback but not cred->get_cert_callback2. - As a result, servers setup for OpenPGP certificate credential - callback with gnutls_certificate_set_retrieve_function2() are unable - to use the OpenPGP certificate type. The solution is to consider cred->get_cert_callback2 alongside - cred->get_cert_callback in _gnutls_session_cert_type_supported(). Patch by Rick van Rein. - -2015-01-10 Nikos Mavrogiannopoulos - - * lib/gnutls_privkey.c: gnutls_privkey_import_openpgp_raw: do not - release the cached value - -2015-01-08 Ludovic Courtès - - * NEWS, guile/modules/gnutls.in: guile: Call 'load-extension' both - during expansion and at run time. Fixes . * guile/modules/gnutls.in: Wrap '%libdir' definition and 'load-extension' call in 'eval-when'. - -2015-01-08 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c, lib/gnutls_errors.h: When receiving a TLS - record with multiple handshake packets, parse them in one go That resolves: https://savannah.gnu.org/support/?108712 - -2015-01-08 Nikos Mavrogiannopoulos - - * tests/mini-dtls-record-asym.c: tests: updated - mini-dtls-record-asym - -2015-01-06 Nikos Mavrogiannopoulos - - * tests/mini-dtls-record-asym.c: tests: better documentation of - mini-dtls-record-asym purpose - -2015-01-06 Nikos Mavrogiannopoulos - - * tests/mini-dtls-mtu.c, tests/utils.c, tests/utils.h: tests: moved - udp_socketpair to utils - -2015-01-06 Nikos Mavrogiannopoulos - - * tests/mini-dtls-record-asym.c: tests: corrected asymmetric MTU - test for DTLS and added caching - -2015-01-06 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-dtls-record-asym.c: Added test case - for DTLS handshake packet reconstruction when it exceeds MTU https://savannah.gnu.org/support/?108712 - -2015-01-06 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c: simplified _gnutls_dgram_read() - -2015-01-06 Nikos Mavrogiannopoulos - - * src/Makefile.am: danetool: only compile when dane is enabled - -2015-01-06 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c: in DTLS don't combine multiple packets which - exceed MTU Resolves: https://savannah.gnu.org/support/?108715 - -2015-01-06 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c: Added more precise check of push functions - availability - -2015-01-06 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c, lib/gnutls_state.c, lib/system.c, - lib/system.h: Revert "in DTLS don't use writev() when multiple - packets which exceed MTU are queued" This reverts commit 43082a67c7514d65301d157fb567a133138a85ab. - -2015-01-06 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c: Revert "Give precedence to vector push - function" This reverts commit cb4ea413569803cbbf291abb27d30d14bfa971c5. - -2015-01-05 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c: Give precedence to vector push function - -2015-01-05 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c, lib/gnutls_state.c, lib/system.c, - lib/system.h: in DTLS don't use writev() when multiple packets which - exceed MTU are queued That change requires the system_write() to be registered - unconditionally, even when writev() is available. Resolves: - https://savannah.gnu.org/support/?108715 - -2015-01-05 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-dtls-mtu.c: tests: added check to - ensure that DTLS handshake packets will not exceed MTU - -2015-01-05 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: warn when setting a certificate's - expiration longer than the CA's expiration - -2015-01-05 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11: testpkcs11: detect softhsm2 - -2015-01-05 Nikos Mavrogiannopoulos - - * tests/mini-global-load.c, tests/mini-x509.c, tests/priorities.c, - tests/record-sizes.c: tests: account for disabling of ARCFOUR where - needed - -2015-01-04 Nikos Mavrogiannopoulos - - * src/certtool-cfg.c: certtool: modified check for READ_NUMERIC - -2015-01-04 Nikos Mavrogiannopoulos - - * src/certtool-cfg.c: certtool: use 64-bit type for CRL serial - number - -2015-01-04 Nikos Mavrogiannopoulos - - * src/certtool-cfg.c: certtool: check for overflows when reading - serial numbers - -2015-01-04 Nikos Mavrogiannopoulos - - * src/certtool-cfg.c, src/certtool-cfg.h: certtool: use int64_t as - type for integers read - -2015-01-04 Nikos Mavrogiannopoulos - - * src/socket.c: gnutls-cli-debug: more precise handling of SMTP - protocol Patch by Andreas Metzler. - -2015-01-04 Nikos Mavrogiannopoulos - - * gl/Makefile.am, gl/alloca.in.h, gl/asnprintf.c, gl/asprintf.c, - gl/base64.c, gl/base64.h, gl/byteswap.in.h, gl/c-ctype.c, - gl/c-ctype.h, gl/errno.in.h, gl/float+.h, gl/float.c, - gl/float.in.h, gl/fstat.c, gl/ftell.c, gl/ftello.c, gl/getdelim.c, - gl/getline.c, gl/gettext.h, gl/gettimeofday.c, gl/hash-pjw-bare.c, - gl/hash-pjw-bare.h, gl/intprops.h, gl/itold.c, gl/lseek.c, - gl/m4/00gnulib.m4, gl/m4/absolute-header.m4, gl/m4/alloca.m4, - gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/codeset.m4, - gl/m4/errno_h.m4, gl/m4/exponentd.m4, gl/m4/extensions.m4, - gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, - gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4, - gl/m4/fseeko.m4, gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4, - gl/m4/func.m4, gl/m4/getdelim.m4, gl/m4/getline.m4, - gl/m4/getpagesize.m4, gl/m4/gettext.m4, gl/m4/gettimeofday.m4, - gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, - gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, - gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/intdiv0.m4, - gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4, - gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, - gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/largefile.m4, - gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4, - gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4, - gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4, - gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4, - gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4, - gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4, - gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4, - gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/po.m4, gl/m4/printf-posix.m4, - gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4, - gl/m4/realloc.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4, - gl/m4/socklen.m4, gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, - gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4, - gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4, - gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/string_h.m4, - gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4, - gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/sys_socket_h.m4, - gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4, - gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4, - gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4, - gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, - gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4, - gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4, - gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c, - gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c, - gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h, - gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c, - gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h, - gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/size_max.h, - gl/snprintf.c, gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h, - gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h, - gl/str-two-way.h, gl/strcasecmp.c, gl/string.in.h, gl/strings.in.h, - gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strtok_r.c, - gl/strverscmp.c, gl/sys_socket.in.h, gl/sys_stat.in.h, - gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h, - gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/fcntl.in.h, - gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/getpagesize.c, - gl/tests/init.sh, gl/tests/inttypes.in.h, gl/tests/macros.h, - gl/tests/signature.h, gl/tests/test-alloca-opt.c, - gl/tests/test-base64.c, gl/tests/test-binary-io.c, - gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c, - gl/tests/test-errno.c, gl/tests/test-fcntl-h.c, - gl/tests/test-fdopen.c, gl/tests/test-fgetc.c, - gl/tests/test-float.c, gl/tests/test-fputc.c, - gl/tests/test-fread.c, gl/tests/test-fstat.c, - gl/tests/test-ftell.c, gl/tests/test-ftell3.c, - gl/tests/test-ftello.c, gl/tests/test-ftello3.c, - gl/tests/test-ftello4.c, gl/tests/test-func.c, - gl/tests/test-fwrite.c, gl/tests/test-getdelim.c, - gl/tests/test-getline.c, gl/tests/test-gettimeofday.c, - gl/tests/test-iconv.c, gl/tests/test-init.sh, - gl/tests/test-intprops.c, gl/tests/test-inttypes.c, - gl/tests/test-memchr.c, gl/tests/test-netdb.c, - gl/tests/test-netinet_in.c, gl/tests/test-read-file.c, - gl/tests/test-snprintf.c, gl/tests/test-stdalign.c, - gl/tests/test-stdbool.c, gl/tests/test-stddef.c, - gl/tests/test-stdint.c, gl/tests/test-stdio.c, - gl/tests/test-stdlib.c, gl/tests/test-string.c, - gl/tests/test-strings.c, gl/tests/test-strnlen.c, - gl/tests/test-strverscmp.c, gl/tests/test-sys_socket.c, - gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c, - gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c, - gl/tests/test-sys_wait.h, gl/tests/test-time.c, - gl/tests/test-u64.c, gl/tests/test-unistd.c, - gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c, - gl/tests/test-vc-list-files-cvs.sh, - gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c, - gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c, - gl/tests/zerosize-ptr.h, gl/time.in.h, gl/time_r.c, gl/u64.h, - gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c, - gl/verify.h, gl/vsnprintf.c, gl/wchar.in.h, gl/xsize.h, - src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.in.h, - src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/bind.c, - src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/close.c, - src/gl/connect.c, src/gl/dup2.c, src/gl/errno.in.h, src/gl/error.c, - src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h, - src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h, - src/gl/float.c, src/gl/float.in.h, src/gl/fseek.c, src/gl/fseeko.c, - src/gl/fstat.c, src/gl/ftell.c, src/gl/ftello.c, - src/gl/gai_strerror.c, src/gl/getaddrinfo.c, src/gl/getdelim.c, - src/gl/getline.c, src/gl/getpass.c, src/gl/getpass.h, - src/gl/getpeername.c, src/gl/gettext.h, src/gl/gettime.c, - src/gl/gettimeofday.c, src/gl/inet_ntop.c, src/gl/inet_pton.c, - src/gl/intprops.h, src/gl/itold.c, src/gl/listen.c, src/gl/lseek.c, - src/gl/m4/00gnulib.m4, src/gl/m4/absolute-header.m4, - src/gl/m4/alloca.m4, src/gl/m4/arpa_inet_h.m4, src/gl/m4/bison.m4, - src/gl/m4/clock_time.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4, - src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4, - src/gl/m4/error.m4, src/gl/m4/exponentd.m4, - src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4, - src/gl/m4/float_h.m4, src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4, - src/gl/m4/fstat.m4, src/gl/m4/ftell.m4, src/gl/m4/ftello.m4, - src/gl/m4/getaddrinfo.m4, src/gl/m4/getdelim.m4, - src/gl/m4/getline.m4, src/gl/m4/getpass.m4, src/gl/m4/gettime.m4, - src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4, - src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4, - src/gl/m4/gnulib-tool.m4, src/gl/m4/hostent.m4, - src/gl/m4/include_next.m4, src/gl/m4/inet_ntop.m4, - src/gl/m4/inet_pton.m4, src/gl/m4/intmax_t.m4, - src/gl/m4/inttypes_h.m4, src/gl/m4/largefile.m4, - src/gl/m4/longlong.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4, - src/gl/m4/malloca.m4, src/gl/m4/math_h.m4, src/gl/m4/memchr.m4, - src/gl/m4/minmax.m4, src/gl/m4/mktime.m4, src/gl/m4/mmap-anon.m4, - src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4, - src/gl/m4/multiarch.m4, src/gl/m4/netdb_h.m4, - src/gl/m4/netinet_in_h.m4, src/gl/m4/off_t.m4, - src/gl/m4/parse-datetime.m4, src/gl/m4/printf.m4, - src/gl/m4/read-file.m4, src/gl/m4/realloc.m4, src/gl/m4/select.m4, - src/gl/m4/servent.m4, src/gl/m4/setenv.m4, src/gl/m4/signal_h.m4, - src/gl/m4/size_max.m4, src/gl/m4/snprintf.m4, - src/gl/m4/socketlib.m4, src/gl/m4/sockets.m4, src/gl/m4/socklen.m4, - src/gl/m4/sockpfaf.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdalign.m4, - src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4, - src/gl/m4/stdint_h.m4, src/gl/m4/stdio_h.m4, src/gl/m4/stdlib_h.m4, - src/gl/m4/strdup.m4, src/gl/m4/strerror.m4, src/gl/m4/string_h.m4, - src/gl/m4/sys_select_h.m4, src/gl/m4/sys_socket_h.m4, - src/gl/m4/sys_stat_h.m4, src/gl/m4/sys_time_h.m4, - src/gl/m4/sys_types_h.m4, src/gl/m4/sys_uio_h.m4, - src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4, - src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4, - src/gl/m4/vasnprintf.m4, src/gl/m4/warn-on-use.m4, - src/gl/m4/wchar_h.m4, src/gl/m4/wchar_t.m4, src/gl/m4/wint_t.m4, - src/gl/m4/xalloc.m4, src/gl/m4/xsize.m4, src/gl/malloc.c, - src/gl/malloca.c, src/gl/malloca.h, src/gl/memchr.c, - src/gl/minmax.h, src/gl/mktime.c, src/gl/msvc-inval.c, - src/gl/msvc-inval.h, src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h, - src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/parse-datetime.h, - src/gl/parse-datetime.y, src/gl/printf-args.c, - src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h, - src/gl/progname.c, src/gl/progname.h, src/gl/read-file.c, - src/gl/read-file.h, src/gl/realloc.c, src/gl/recv.c, - src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c, src/gl/sendto.c, - src/gl/setenv.c, src/gl/setsockopt.c, src/gl/shutdown.c, - src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c, - src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h, - src/gl/stdalign.in.h, src/gl/stdbool.in.h, src/gl/stddef.in.h, - src/gl/stdint.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h, - src/gl/stdlib.in.h, src/gl/strdup.c, src/gl/strerror-override.c, - src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h, - src/gl/sys_select.in.h, src/gl/sys_socket.in.h, - src/gl/sys_stat.in.h, src/gl/sys_time.in.h, src/gl/sys_types.in.h, - src/gl/sys_uio.in.h, src/gl/time.in.h, src/gl/time_r.c, - src/gl/timespec.h, src/gl/unistd.in.h, src/gl/unsetenv.c, - src/gl/vasnprintf.c, src/gl/vasnprintf.h, src/gl/verify.h, - src/gl/w32sock.h, src/gl/wchar.in.h, src/gl/xalloc-die.c, - src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c, - src/gl/xsize.h: updated gnulib - -2015-01-02 Nikos Mavrogiannopoulos - - * src/cli-debug.c: gnutls-cli-debug: corrected the skip of ignored - checks - -2014-12-31 Nikos Mavrogiannopoulos - - * lib/x509/output.c: use explicit casts in the dummy ip conversion - functions - -2014-12-31 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-12-31 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi, - lib/gnutls_priority.c: ARCFOUR-128 is disabled by default - -2014-12-31 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-12-31 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-12-31 Nikos Mavrogiannopoulos - - * lib/system-keys-win.c: system-keys-win: use LoadLibraryA to load - ncrypt.dll - -2014-12-31 Nikos Mavrogiannopoulos - - * Makefile.am, devel/abi3.4.xml: Updated abi-compliance-checker for - 3.4 API - -2014-12-31 Nikos Mavrogiannopoulos - - * Makefile.am, symbols.last: updated export symbols list (due to ABI - breakage) - -2014-12-31 Nikos Mavrogiannopoulos - - * doc/Makefile.am: doc: updated auto-generated files - -2014-12-31 Nikos Mavrogiannopoulos - - * doc/doc.mk, doc/manpages/Makefile.am: generate manpages for urls.h - and system-keys.h - -2014-12-31 Nikos Mavrogiannopoulos - - * tests/suite/pkcs11-get-issuer.c: tests: added check for - gnutls_x509_trust_list_get_issuer_by_dn() - -2014-12-31 Nikos Mavrogiannopoulos - - * lib/libgnutls.map: updated libgnutls.map for new functions - -2014-12-31 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am: doc: - updated auto-generated files and added urls.h - -2014-12-31 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, tests/cert-tests/certtool: tests: - added checks for the new --key-id and --fingerprint certtool options - -2014-12-31 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool.c: certtool: Added - --fingerprint and --key-id options - -2014-12-31 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: --pubkey-info will load a public key - from stdin - -2014-12-31 Nikos Mavrogiannopoulos - - * lib/system.h: include netinet/in.h if present to access ipv6 - related structures Based on patch by Rumko. https://savannah.gnu.org/support/?108713 - -2014-12-31 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c: VERS-ALL adds all protocols if used with - '+' - -2014-12-31 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-12-31 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi, lib/gnutls_priority.c: priority strings - VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding - protocols That introduces VERS-ALL which behaves as VERS-TLS-ALL previously. - -2014-12-31 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/gnutls.h.in: gnutls.h: made DTLS protocol - version numbering distinct - -2014-12-30 Matthias-Christian Ott - - * lib/gnutls_cipher_int.c: Don't call _gnutls_cipher_encrypt2 with - textlen = 0 in _gnutls_auth_cipher_encrypt2_tag If the plaintext is shorter than the block size of the used cipher, - _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with - textlen = 0. By definition _gnutls_cipher_encrypt2 does nothing in - this case and thus does not need to be called. - -2014-12-30 Matthias-Christian Ott - - * lib/accelerated/x86/aes-gcm-padlock.c, - lib/accelerated/x86/aes-padlock.c: Handle zero length plaintext for - VIA PadLock functions If the plaintext is shorter than the block size of the used cipher, - _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with - textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that - the plaintext length (last parameter) is greater than zero and - segfault otherwise. The assembler code for both functions is - automatically generated and imported from OpenSSL, so to ease - maintenance the length should be validated in the functions that - call padlock_ecb_encrypt or padlock_cbc_encrypt. - -2014-12-28 Nikos Mavrogiannopoulos - - * lib/system.c: use backslashes in windows path - -2014-12-28 Nikos Mavrogiannopoulos - - * tests/openpgp-keyring.c: tests: enhanced openpgp-keyring test - -2014-12-28 Nikos Mavrogiannopoulos - - * lib/openpgp/output.c: openpgp: properly print names in oneline - output as well - -2014-12-28 Nikos Mavrogiannopoulos - - * lib/openpgp/output.c: updates in openpgp DSA key printing - -2014-12-28 Nikos Mavrogiannopoulos - - * lib/openpgp/output.c: properly print openpgp names - -2014-12-28 Nikos Mavrogiannopoulos - - * lib/opencdk/Makefile.am: opencdk: print all warnings on - compilation - -2014-12-28 Nikos Mavrogiannopoulos - - * lib/opencdk/armor.c: opencdk: eliminated warning from armor.c - -2014-12-28 Nikos Mavrogiannopoulos - - * lib/opencdk/keydb.c: removed cache support for opencdk's keydb It's implementation looked buggy. - -2014-12-27 Nikos Mavrogiannopoulos - - * NEWS: updated guile comments - -2014-12-25 Nikos Mavrogiannopoulos - - * src/cli-debug.c, src/common.c, src/tests.c: tools: use OCSP - functions only when OCSP is enabled - -2014-12-24 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c: Corrected encoding and decoding of ANSI X9.62 That affects gnutls_pubkey_export_ecc_x962() and - gnutls_pubkey_import_ecc_x962(). - -2014-12-24 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/p11tool-args.def: tools: document the - available curves - -2014-12-24 Nikos Mavrogiannopoulos - - * tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c, - tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c, - tests/suite/pkcs11-privkey.c, tests/suite/softhsm.h, - tests/suite/testpkcs11.softhsm: PKCS #11 tests: ported to softhsmv2 The C programs still rely on softhsmv1 since there are issues with - softhsmv2 and CKA_TRUSTED. - https://bugzilla.redhat.com/show_bug.cgi?id=1177086 - -2014-12-23 Nikos Mavrogiannopoulos - - * lib/safe-memfuncs.c: updated documentation of gnutls_memcmp() - -2014-12-23 Nikos Mavrogiannopoulos - - * doc/cha-tokens.texi, lib/x509/x509.c: use everywhere the new name - of gnutls_x509_crt_import_pkcs11_url - -2014-12-23 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: better cleanup in - gnutls_pkcs11_privkey_import_url and allow reuse - -2014-12-23 Nikos Mavrogiannopoulos - - * doc/examples/Makefile.am, src/Makefile.am, src/gl/Makefile.am, - src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4: completely - separated the two gnulibs to avoid conflicts - -2014-12-23 Nikos Mavrogiannopoulos - - * gl/Makefile.am, gl/m4/extensions.m4, gl/m4/extern-inline.m4, - gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/printf.m4, - gl/m4/stdalign.m4, gl/m4/stddef_h.m4, gl/m4/stdio_h.m4, - gl/stdalign.in.h, gl/stddef.in.h, gl/tests/test-fcntl-h.c, - gl/tests/test-stddef.c, gl/unistd.in.h, gl/vasnprintf.c, - src/gl/Makefile.am, src/gl/m4/extensions.m4, - src/gl/m4/extern-inline.m4, src/gl/m4/gnulib-comp.m4, - src/gl/m4/printf.m4, src/gl/m4/stdalign.m4, src/gl/m4/stddef_h.m4, - src/gl/m4/stdio_h.m4, src/gl/parse-datetime.y, - src/gl/stdalign.in.h, src/gl/stddef.in.h, src/gl/timespec.h, - src/gl/unistd.in.h, src/gl/vasnprintf.c: updated gnulib - -2014-12-23 Nikos Mavrogiannopoulos - - * lib/gnutls_privkey.c, lib/pkcs11_privkey.c, lib/urls.c, - lib/urls.h, lib/x509/x509.c: dropped the sanitize URL approach - -2014-12-23 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h, - lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c: - Instead of sanitizing URLs, use hints to support incomplete PKCS#11 - URIs - -2014-12-23 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/x509.c: - gnutls_x509_crt_import_url replaces - gnutls_x509_crt_import_pkcs11_url - -2014-12-23 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: use p11_kit_uri_get_pin_source instead of - p11_kit_uri_get_pinfile - -2014-12-22 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-12-22 Nikos Mavrogiannopoulos - - * doc/examples/ex-pkcs11-list.c: ex-pkcs11-list.c: updated for new - API - -2014-12-22 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, - lib/x509/verify-high.c, lib/x509/verify-high2.c: combined - gnutls_pkcs11_obj_attr_t with gnutls_pkcs11_obj_flags That was done in an API-backwards compatible way. That introduces - gnutls_pkcs11_obj_list_import_url3() and - gnutls_pkcs11_obj_list_import_url4(). - -2014-12-21 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, - lib/x509/verify-high2.c: first attempt to unify obj_attrs with - obj_flags - -2014-12-21 Nikos Mavrogiannopoulos - - * tests/suite/pkcs11-is-known.c: tests: pkcs11-is-known checks - whether the import of PKCS #11 objects as trusted certs works - -2014-12-21 Nikos Mavrogiannopoulos - - * tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c, - tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c, - tests/suite/pkcs11-privkey.c, tests/suite/softhsm.h, - tests/suite/testpkcs11.softhsm: Added softhsm.h to share code in - softhsm detection - -2014-12-21 Nikos Mavrogiannopoulos - - * lib/pkcs11_int.h, lib/x509/verify-high2.c: Directly import PKCS - #11 object URLs as trusted certificates That is, don't treat them as trusted modules, because they aren't a - token URL, but rather a direct reference to specific objects. - -2014-12-20 Nikos Mavrogiannopoulos - - * lib/gnutls_psk.c: PSK: added sanity check on PSK key size set - -2014-12-19 Nikos Mavrogiannopoulos - - * src/tests.c: gnutls-cli-debug: removed ARCFOUR-40 from the ciphers - to use It is no longer supported. - -2014-12-19 Nikos Mavrogiannopoulos - - * lib/gnutls_str.c: _gnutls_buffer_append_data returns zero on - success - -2014-12-19 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c, lib/gnutls_record.c: corrected documentation - for the cork/uncork functions Reported by Jaak Ristioja. - -2014-12-19 Nikos Mavrogiannopoulos - - * lib/gnutls_record.c: doc update - -2014-12-19 Nikos Mavrogiannopoulos - - * lib/algorithms/protocols.c: Added more precise version check in - _gnutls_version_lowest - -2014-12-19 Nikos Mavrogiannopoulos - - * lib/gnutls_record.c: corrected documentation of gnutls_cork() - -2014-12-17 Nikos Mavrogiannopoulos - - * lib/gnutls_str.c: Added 32-bit overflow protection in - _gnutls_buffer_append_data() - -2014-12-17 Jaak Ristioja - - * lib/gnutls_str.c: Remove redundant condition in - align_allocd_with_data(). At all call-sites of align_allocd_with_data() dest->data is - non-NULL. Signed-off-by: Jaak Ristioja - -2014-12-17 Jaak Ristioja - - * lib/gnutls_str.c: Deduplicated some code in - _gnutls_buffer_append_data(). Signed-off-by: Jaak Ristioja - -2014-12-17 Jaak Ristioja - - * lib/gnutls_str.c: Explicitly marked some variables const in - _gnutls_buffer_append_data(). Signed-off-by: Jaak Ristioja - -2014-12-17 Nikos Mavrogiannopoulos - - * devel/DCO/people-dco.txt: DCO: added Jaak Ristioja - -2014-12-16 Nikos Mavrogiannopoulos - - * tests/slow/cipher-test.c: test-ciphers: do not fail on processor - which don't have the AES-NI instructions - -2014-12-16 Nikos Mavrogiannopoulos - - * lib/gnutls_str.c: _gnutls_buffer_*: moved common operations to - function - -2014-12-16 Nikos Mavrogiannopoulos - - * lib/gnutls_str.c: _gnutls_buffer_append_data: moved common code - outside the if-clause - -2014-12-12 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-main-polarssl: tests: disable SSL 3.0 - checks with polarssl It seems that SSL 3.0 is disabled in Debian's polarssl. - -2014-12-12 Nikos Mavrogiannopoulos - - * tests/suite/testdane: testdane: removed www.vulcano.cl from good - hosts - -2014-12-04 Nikos Mavrogiannopoulos - - * tests/x509cert-tl.c: tests: enhanced x509cert-tl Verify gnutls_x509_trust_list_verify_crt2() in combination with - gnutls_x509_trust_list_add_named_crt(). - -2014-12-04 Nikos Mavrogiannopoulos - - * lib/x509/verify-high.c: use - gnutls_x509_trust_list_verify_named_crt in - gnutls_x509_trust_list_verify_crt2 - -2014-12-12 Ludovic Courtès - - * NEWS: Update 'NEWS'. - -2014-12-12 Nikos Mavrogiannopoulos - - * lib/random.c: gnutls_rnd: doc update - -2014-12-12 Nikos Mavrogiannopoulos - - * lib/x509/pkcs12.c: gnutls_pkcs12_simple_parse: doc update - -2014-12-12 Nikos Mavrogiannopoulos - - * libdane/dane.c: improved documentation on dane - -2014-12-11 Ludovic Courtès - - * guile/tests/openpgp-keyring.scm: guile: Open binary file in binary - mode, for the sake of MinGW. Reported by Eli Zaretskii . * guile/tests/openpgp-keyring.scm: Use 'open-file' with "rb" instead - of 'open-input-file'. - -2014-12-11 Ludovic Courtès - - * guile/src/Makefile.am: guile: Link with '-no-undefined'. Fixes builds on MinGW. Reported by Eli Zaretskii . * guile/src/Makefile.am (guile_gnutls_v_2_la_LDFLAGS): Add -no-undefined. - -2014-12-11 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: use Sleep() in windows - -2014-12-11 Nikos Mavrogiannopoulos - - * src/certtool-cfg.c: certtool: ensure that default_serial_int is - 64-bits or more - -2014-12-11 Nikos Mavrogiannopoulos - - * src/socket.c: use select() instead of alarm for better portability Based on patch by Eli Zaretskii. - -2014-12-11 Nikos Mavrogiannopoulos - - * cross.mk: cross.mk: updated for 3.3.11 - -2014-12-11 Nikos Mavrogiannopoulos - - * lib/crypto-backend.c: Allow a random generator with the same - priority to re-register That corrects an issue where the library is deinitialized, and - reinitialization wouldn't register the same rnd module. Reported by - Stanislav Zidek. - -2014-12-11 Nikos Mavrogiannopoulos - - * tests/x509cert.c: tests: x509cert: verify that length returned - from gnutls_x509_crt_get_dn matches strlen - -2014-12-11 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-main-openssl: testcompat: corrected usage - of null cipher - -2014-12-10 Nikos Mavrogiannopoulos - - * lib/nettle/rnd-fips.c: added the .check function in FIPS140-2 code - -2014-12-08 Nikos Mavrogiannopoulos - - * lib/x509/common.c: corrected typo - -2014-12-06 Nikos Mavrogiannopoulos - - * configure.ac: configure: added option --without-idn - -2014-12-06 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/aes-gcm-padlock.c, - lib/accelerated/x86/aes-gcm-x86-aesni.c, - lib/accelerated/x86/aes-gcm-x86-ssse3.c: accelerated: added required - casts - -2014-12-06 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-12-06 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi, lib/gnutls_priority.c: the priority string - EXPORT is no more - -2014-12-06 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/aes-ccm-x86-aesni.c: aesni-ccm: removed unused - struct entries - -2014-12-06 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/Makefile.am, - lib/accelerated/x86/aes-ccm-x86-aesni.c, - lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/x86-common.c: - added AESNI accelerated CCM - -2014-12-06 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/aes-gcm-padlock.c, - lib/accelerated/x86/aes-gcm-x86-aesni.c, - lib/accelerated/x86/aes-gcm-x86-ssse3.c: more nettle3 related - changes - -2014-12-05 Nikos Mavrogiannopoulos - - * libdane/dane.c: dane: use the new _gnutls_buffer_to_datum - -2014-12-05 Nikos Mavrogiannopoulos - - * tests/ocsp.c: tests: corrected the expected lengths in ocsp - -2014-12-05 Nikos Mavrogiannopoulos - - * lib/gnutls_cert.c, lib/gnutls_session_pack.c, lib/gnutls_str.c, - lib/gnutls_str.h, lib/openpgp/output.c, lib/pkcs11.c, lib/tpm.c, - lib/x509/dn.c, lib/x509/ocsp_output.c, lib/x509/output.c: - _gnutls_buffer_to_datum: includes code for exporting strings - -2014-12-05 Nikos Mavrogiannopoulos - - * lib/x509/verify-high.c: when the trusted list contains a non-CA - certificate warn via the audit log - -2014-12-05 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c: modified the CCM ciphersuite's name - to match the one in the IANA registry - -2014-12-05 Nikos Mavrogiannopoulos - - * tests/suite/ciphersuite/scan-gnutls.sh, - tests/suite/ciphersuite/test-ciphers.js: ciphersuite test: enhanced - check for correct ciphersuites - -2014-12-05 Nikos Mavrogiannopoulos - - * tests/suite/ciphersuite/scan-gnutls.sh: ciphersuites tests: add - missing includes - -2014-12-05 Nikos Mavrogiannopoulos - - * tests/suite/ciphersuite/scan-gnutls.sh: ciphersuite tests: define - HAVE_CONFIG_H - -2014-12-04 Ludovic Courtès - - * guile/src/Makefile.am: guile: Build with warnings. * guile/src/Makefile.am (AM_CFLAGS) [HAVE_GCC]: Add -Wall -Wextra -Wno-unused-parameter. - -2014-12-04 Ludovic Courtès - - * guile/modules/Makefile.am, guile/modules/gnutls.in, - guile/modules/gnutls/build/priorities.scm, guile/src/Makefile.am, - guile/src/core.c, guile/src/make-session-priorities.scm, - guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: - guile: Remove the deprecated priority API. * guile/modules/gnutls/build/priorities.scm: Remove. * guile/src/make-session-priorities.scm: Remove. * guile/modules/Makefile.am (EXTRA_DIST): Adjust accordingly. * guile/src/Makefile.am (EXTRA_DIST): Likewise. (GENERATED_BINDINGS): Remove 'priorities.i.c'. (priorities.i.c): Remove target. * guile/src/core.c: Don't include it. (scm_gnutls_set_default_priority_x): Remove. * guile/modules/gnutls.in (gnutls): Adjust export list. * guile/tests/session-record-port.scm: Use - 'set-session-priorities!'. * guile/tests/x509-auth.scm: Likewise. - -2014-12-04 Ludovic Courtès - - * doc/gnutls-guile.texi, guile/modules/gnutls.in, - guile/modules/gnutls/build/smobs.scm, guile/src/core.c, - guile/tests/openpgp-auth.scm, guile/tests/x509-auth.scm: guile: - Remove RSA parameters and related procedures. * guile/modules/gnutls/build/smobs.scm (%rsa-parameters-smob): - Remove. (%gnutls-smobs): Remove it. * guile/src/core.c (scm_gnutls_make_rsa_parameters, scm_gnutls_pkcs1_import_rsa_parameters, scm_gnutls_pkcs1_export_rsa_parameters, scm_gnutls_set_certificate_credentials_rsa_export_params_x): - Remove. * guile/modules/gnutls.in: Adjust export list. * guile/tests/openpgp-auth.scm (import-rsa-params): Remove. Remove references to it and to 'set-certificate-credentials-rsa-export-parameters!'. * guile/tests/x509-auth.scm: Likewise. * doc/gnutls-guile.texi (Representation of Binary Data): Remove references to RSA parameters. Adjust example accordingly. (OpenPGP Authentication Guile Example): Likewise. - -2014-12-04 Nikos Mavrogiannopoulos - - * doc/TODO: updated TODO list - -2014-12-04 Nikos Mavrogiannopoulos - - * lib/libgnutls.map: removed several of the unneeded exported - internal symbols - -2014-12-03 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-12-03 Nikos Mavrogiannopoulos - - * doc/cha-upgrade.texi: doc: corrected typo - -2014-11-28 Nikos Mavrogiannopoulos - - * lib/nettle/cipher.c: use unsigned long in gcm_cast_st - -2014-11-26 Nikos Mavrogiannopoulos - - * lib/nettle/cipher.c: corrected issue in AES-256-GCM - -2014-11-26 Nikos Mavrogiannopoulos - - * tests/slow/Makefile.am, tests/slow/test-ciphers: tests: enhanced - cipher check to include all ciphers. - -2014-11-26 Nikos Mavrogiannopoulos - - * lib/nettle/cipher.c: simplified abstractions over nettle based on - Niels' comments. - -2014-11-26 Nikos Mavrogiannopoulos - - * lib/crypto-api.c: API doc update - -2014-11-26 Nikos Mavrogiannopoulos - - * lib/crypto-selftests.c: Added test vectors for CCM mode - -2014-11-26 Nikos Mavrogiannopoulos - - * lib/nettle/cipher.c: CCM: corrected AEAD decryption - -2014-11-25 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c: CCM mode moved to the lowest priority - -2014-11-25 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/aes-gcm-aead.h: aes-gcm-aead.h: generalized - -2014-11-25 Nikos Mavrogiannopoulos - - * src/benchmark-tls.c: gnutls-cli: added benchmark for CCM - -2014-11-25 Nikos Mavrogiannopoulos - - * tests/priorities.c, tests/suite/testcompat-main-polarssl: tests: - updated for AES-128-CCM ciphersuites - -2014-11-25 Nikos Mavrogiannopoulos - - * lib/gnutls_cipher.c: use the new AEAD API in gnutls_cipher.c - -2014-11-25 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c, - lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in, - lib/nettle/cipher.c: Added definitions for CCM ciphersuites - -2014-11-24 Nikos Mavrogiannopoulos - - * NEWS, doc/cha-crypto.texi, lib/accelerated/x86/Makefile.am, - lib/accelerated/x86/aes-gcm-aead.h, - lib/accelerated/x86/aes-gcm-padlock.c, - lib/accelerated/x86/aes-gcm-x86-aesni.c, - lib/accelerated/x86/aes-gcm-x86-pclmul.c, - lib/accelerated/x86/aes-gcm-x86-ssse3.c, lib/crypto-api.c, - lib/crypto-backend.h, lib/crypto-selftests.c, - lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h, - lib/includes/gnutls/crypto.h, lib/libgnutls.map, - lib/nettle/cipher.c: Modified crypto backend to accomodate for the - CCM ciphersuites - -2014-11-24 Nikos Mavrogiannopoulos - - * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c, - lib/nettle/int/dsa-validate.c, lib/nettle/pk.c: More nettle2 updates - (in FIPS140-2 mode) - -2014-11-23 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/aes-gcm-padlock.c, - lib/accelerated/x86/aes-gcm-x86-aesni.c, - lib/accelerated/x86/aes-gcm-x86-ssse3.c, - lib/accelerated/x86/aes-padlock.c, - lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.h, - lib/accelerated/x86/sha-padlock.c, - lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/Makefile.am, - lib/nettle/cipher.c, lib/nettle/int/gcm-camellia.c, - lib/nettle/int/gcm-camellia.h, lib/nettle/pk.c, m4/hooks.m4, - tests/dsa/testdsa: ported to nettle 3.0 - -2014-12-03 Nikos Mavrogiannopoulos - - * m4/hooks.m4: reduced current soversion - -2014-12-03 Nikos Mavrogiannopoulos - - * NEWS, doc/cha-upgrade.texi, lib/libgnutls.map: documented the - removal of deprecated functions - -2014-12-03 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c: corrected comparison - -2014-12-03 Nikos Mavrogiannopoulos - - * lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c, - lib/gnutls_priority.c, lib/gnutls_state.c, - lib/includes/gnutls/compat.h: removed the old gnutls_retr_st - compatibility functions - -2014-12-03 Nikos Mavrogiannopoulos - - * configure.ac, lib/Makefile.am, lib/gnutls_rsa_export.c, - lib/gnutls_ui.c, lib/includes/gnutls/compat.h, m4/hooks.m4: Removed - binary compatibility with RSA-EXPORT using applications - -2014-12-03 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c, lib/includes/gnutls/compat.h: removed the - old priority functions That is: gnutls_cipher_set_priority gnutls_mac_set_priority - gnutls_compression_set_priority gnutls_kx_set_priority - gnutls_protocol_set_priority gnutls_certificate_type_set_priority - -2014-12-03 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/compat.h, lib/x509/x509.c: removed - gnutls_x509_crt_verify_hash() and gnutls_x509_crt_verify_data() - -2014-12-03 Nikos Mavrogiannopoulos - - * lib/gnutls_cert.c, lib/gnutls_int.h, lib/gnutls_sig.c, - lib/includes/gnutls/compat.h: gnutls_sign_callback_set() and - gnutls_sign_callback_get() were removed - -2014-12-03 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/gnutls.h.in: renumbered fields in gnutls.h - -2014-12-03 Nikos Mavrogiannopoulos - - * lib/libgnutls.map, m4/hooks.m4: increased gnutls' soversion - -2014-12-02 Nikos Mavrogiannopoulos - - * lib/random.h: if the rnd structure doesn't provide check, - _gnutls_rnd_check() will succeed - -2014-11-30 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/x509-verify-with-crl.c: tests: Added - check for verification using CRLs - -2014-11-30 Nikos Mavrogiannopoulos - - * lib/x509/x509.c: Reorganized, and eliminated memory leak in - _gnutls_x509_crt_check_revocation() Reported by Tim Rühsen. - -2014-11-29 Nikos Mavrogiannopoulos - - * src/systemkey.c: systemkey: updated for new - gnutls_system_key_iter_get_info - -2014-11-28 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/system-keys.h, lib/system-keys-dummy.c, - lib/system-keys-win.c: gnutls_system_key_iter_get_info() allows - restricting results to a specific certificate type - -2014-11-28 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c: removed unneeded variable - -2014-11-28 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h: doc - update - -2014-11-28 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: doc: added recommendation to use the higher - level functions to load keys - -2014-11-28 Nikos Mavrogiannopoulos - - * src/certtool-cfg.c: certtool: avoid gcc warnings - -2014-11-25 Nikos Mavrogiannopoulos - - * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added - check for whether %NO_EXTENSIONS is required - -2014-11-28 Nikos Mavrogiannopoulos - - * lib/gnutls_ui.c: gnutls_session_get_desc: allow proper printing of - the NULL KX - -2014-11-28 Nikos Mavrogiannopoulos - - * lib/gnutls_ui.c: gnutls_session_get_desc will return NULL if - initial negotiation is not complete - -2014-11-27 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-11-27 Nikos Mavrogiannopoulos - - * tests/mini-chain-unsorted.c: tests: small fix in - mini-chain-unsorted - -2014-11-27 Nikos Mavrogiannopoulos - - * lib/gnutls_pcert.c, lib/gnutls_x509.c, lib/x509/common.c, - lib/x509/common.h, lib/x509/x509.c: - GNUTLS_E_CERTIFICATE_LIST_UNSORTED can be returned from - gnutls_pcert_import_x509_list That is when it cannot sort the list and GNUTLS_X509_CRT_LIST_SORT - is specified. - -2014-11-27 Nikos Mavrogiannopoulos - - * lib/gnutls_pcert.c: gnutls_pcert_import_x509_list: only sort the - lists it can sort - -2014-11-27 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-11-27 Nikos Mavrogiannopoulos - - * lib/system-keys-win.c: simplified windows URLs - -2014-11-27 Nikos Mavrogiannopoulos - - * lib/system-keys-win.c: system-keys-win: include urls.h - -2014-11-27 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-cert-status.c, - tests/mini-chain-unsorted.c: tests: added mini-chain-unsorted - -2014-11-27 Nikos Mavrogiannopoulos - - * lib/gnutls_pcert.c, lib/gnutls_x509.c, - lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h, - lib/libgnutls.map, lib/x509/common.c, lib/x509/common.h, - lib/x509/verify-high.c, lib/x509/x509.c: Added flag - GNUTLS_X509_CRT_LIST_SORT for gnutls_x509_crt_list_import* That also allows automatically sorting input chains to the - gnutls_certificate_credentials_t structure. - -2014-11-25 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/set_x509_key_file.c: tests: Added check - for memory leaks when a file cannot be loaded. - -2014-11-25 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c: gnutls_certificate_set_x509_key_*: eliminated - memory leak when certificate could not be parsed Reported by Georg Richter. - -2014-11-25 Nikos Mavrogiannopoulos - - * libdane/dane.c: libdane: undef gnutls_assert() before redefining - it - -2014-11-24 Nikos Mavrogiannopoulos - - * src/socket.c: gnutls-cli-debug: do not print error on unknown - protocols - -2014-11-24 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/set_x509_key_mem.c: tests: added leak - check for gnutls_set_x509_key_mem2() - -2014-11-24 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c: documented the limitations of the loading - functions - -2014-11-24 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c: corrected memleak in read_key_mem() Patch by Georg Richter. - -2014-11-24 Nikos Mavrogiannopoulos - - * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added - check for sorted certificate chain - -2014-11-24 Nikos Mavrogiannopoulos - - * lib/gnutls_db.c: do not allow the resumption of a session which - switches the state of ext_master_secret - -2014-11-23 Nikos Mavrogiannopoulos - - * tests/rfc2253-escape-test: tests: run rfc2253-escape-test under - valgrind - -2014-11-23 Nikos Mavrogiannopoulos - - * tests/custom-urls.c: tests: enhanced custom-url check - -2014-11-23 Nikos Mavrogiannopoulos - - * lib/gnutls_privkey.c, lib/gnutls_x509.c: sanitize URLs at the - proper place - -2014-11-23 Nikos Mavrogiannopoulos - - * lib/x509/x509.c: corrected freeing of custom URL - -2014-11-23 Nikos Mavrogiannopoulos - - * doc/cha-tokens.texi, lib/includes/gnutls/urls.h: doc update - -2014-11-23 Nikos Mavrogiannopoulos - - * tests/suite/suppressions.valgrind, tests/suppressions.valgrind: - Added memxor_different_alignment into suppressions - -2014-11-23 Nikos Mavrogiannopoulos - - * doc/cha-tokens.texi, lib/gnutls_x509.c, - lib/includes/gnutls/urls.h, lib/urls.c, lib/urls.h: Allow the - construction of chains with custom URLs - -2014-11-23 Nikos Mavrogiannopoulos - - * .gitignore: updated ignored files - -2014-11-23 Nikos Mavrogiannopoulos - - * src/Makefile.am, src/systemkey-tool.c, src/systemkey.c: renamed - systemkey-tool to systemkey, and don't install it by default - -2014-11-23 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-11-23 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/custom-urls.c: tests: added check for - registration of custom URLs - -2014-11-23 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/urls.h, lib/libgnutls.map, lib/urls.c: export - gnutls_register_custom_url - -2014-11-23 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c: correctly handle non-pkcs11 URLs in - read_cert_url - -2014-11-23 Nikos Mavrogiannopoulos - - * .gitignore: more files to ignore - -2014-11-23 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/cha-tokens.texi, lib/gnutls_privkey.c, - lib/gnutls_pubkey.c, lib/gnutls_x509.c, lib/gnutls_x509.h, - lib/includes/Makefile.am, lib/includes/gnutls/urls.h, - lib/system-keys-win.c, lib/urls.c, lib/urls.h, lib/x509/x509.c: - Added the ability to register application specific URLs for keys and - certs - -2014-11-23 Nikos Mavrogiannopoulos - - * lib/system-keys-win.c: system-keys-win: use macros for the URL - -2014-11-22 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c: doc update - -2014-11-21 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-rehandshake-2.c: tests: added test - for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake - -2014-11-21 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c, lib/gnutls_record.c: treat - GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is - complete This corrects a regression introduced in - b5a0de2e6da98866cafb770c3141b7353d030ab2 Reported by Dan Winship. - https://savannah.gnu.org/support/?108690 - -2014-11-21 Nikos Mavrogiannopoulos - - * NEWS: removed old news - -2014-11-21 Nikos Mavrogiannopoulos - - * lib/algorithms.h, lib/algorithms/protocols.c, - lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: The - record version in the client Hello will be set to the lowest - supported protocol There should have been no harm in keeping it SSL 3.0 but - unfortunately in draft-thomson-sslv3-diediedie-00 it has been marked - as MUST NOT do that. That will be fixed in a later revision but - since then there are servers not accepting SSL 3.0 as a valid record - version (note that this is about the record version, which describes - the format of the packet, nothing to do with the negotiated - version). - -2014-11-21 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c: Revert "The priority modifier - %LATEST_RECORD_VERSION is now the default" This reverts commit 66c419cc6336ea9a2747574588ffee77458b838f. - -2014-11-21 Nikos Mavrogiannopoulos - - * lib/x509/ocsp.c: deinitialize the OCSP response der data That also makes sure that reinitialization of ASN1 structures are - done when it is required only. - -2014-11-21 Nikos Mavrogiannopoulos - - * lib/Makefile.am, lib/gnutls_priority.c, - lib/includes/gnutls/gnutls.h.in, src/cli.c: - gnutls_priority_string_list: allow printing the special keywords as - well. - -2014-11-21 Nikos Mavrogiannopoulos - - * lib/nettle/rnd-common.c: simplified code involving getrandom() and - getentropy() - -2014-11-20 Nikos Mavrogiannopoulos - - * configure.ac: configure: detect android system and define a - variable - -2014-11-20 Nikos Mavrogiannopoulos - - * lib/Makefile.am, lib/system-keys-dummy.c, lib/system-keys-win.c, - lib/system-keys.c: separated system-keys implementations - -2014-11-20 Nikos Mavrogiannopoulos - - * lib/libgnutls.map: removed redundant local - -2014-11-20 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11: tests: added check for the abbreviated - URLs which don't contain object information - -2014-11-20 Nikos Mavrogiannopoulos - - * lib/Makefile.am, lib/gnutls_x509.c, lib/pkcs11_privkey.c, - lib/urls.c, lib/urls.h, lib/x509/x509.c: prior to importing objects - with URLs sanitize them That allows to use out of band information to complete missing parts - in URLs (e.g., object-type=cert, when there is a certificate). - -2014-11-19 Nikos Mavrogiannopoulos - - * lib/system-keys.c: compilation fixes - -2014-11-19 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-11-07 Nikos Mavrogiannopoulos - - * lib/Makefile.am, lib/gnutls_errors.c, lib/gnutls_global.c, - lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h, - lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_x509.c, - lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in, - lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/system-keys.h, - lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c, - lib/pkcs11_int.h, lib/system-keys.c, lib/system-keys.h, - lib/x509/Makefile.am, lib/x509/x509.c, src/Makefile.am, - src/systemkey-args.def, src/systemkey-tool.c: Added API to - read/write/delete key-cert pairs (limited to windows for now) - -2014-11-17 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c: NORMAL priority: prioritize the less than - 256-bits curves at the lowest level - -2014-11-17 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h, - src/certtool.c: certtool: Allow to set the nonRepudiation, - keyAgreement and dataEncipherment flags - -2014-11-17 Nikos Mavrogiannopoulos - - * src/certtool-args.def: list the OIDs in the certtool cfg file - documentation - -2014-11-16 Nikos Mavrogiannopoulos - - * lib/fips.c, lib/fips.h, lib/gnutls_global.c: properly reset the - zombie mode in FIPS mode This amends 9158f590f4a18c84fc9eb41877b29d73b30af879 - -2014-11-15 Nikos Mavrogiannopoulos - - * doc/TODO: doc update - -2014-11-14 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-11-14 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c: partially reverted - 999d221fd2241ff73f884bf33d8cbe6eb8299184 That change allows to use the intermediate certificates in chains as - OCSP anchors. - -2014-11-14 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: print message when the system trust is - used - -2014-11-14 David Weber - - * src/cli.c, src/serv.c: Fixed SRTP profile configuration in cli.c - and serv.c. I have tested the fix in 3.3.10. This commit is UNTESTED as i am - unable to compile gnutls (./configure complains about gl_INIT and - ggl_INIT). Signed-off-by: Nikos Mavrogiannopoulos - -2014-11-14 Nikos Mavrogiannopoulos - - * tests/ocsp.c: tests: ocsp: added the signature in check - -2014-11-14 Nikos Mavrogiannopoulos - - * lib/x509/ocsp_output.c: only print about additional certificates - if they are present - -2014-11-14 Nikos Mavrogiannopoulos - - * lib/x509/ocsp.c: ocsp: fix DN decoding in - gnutls_ocsp_resp_get_responder_raw_id - -2014-11-14 Nikos Mavrogiannopoulos - - * tests/ocsp.c: tests: ocsp: added check with a long response - -2014-11-14 Nikos Mavrogiannopoulos - - * lib/x509/ocsp.c: use the original DER/BER data when verifying an - OCSP response - -2014-11-14 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c: _pkcs1_rsa_verify_sig() simplify hashing - -2014-11-14 Nikos Mavrogiannopoulos - - * lib/x509/ocsp.c: ocsp: eliminated duplicate code - -2014-11-14 Nikos Mavrogiannopoulos - - * src/certtool-args.def: clarified the multiple paths printing of - the verify options - -2014-11-14 Nikos Mavrogiannopoulos - - * src/cli.c: gnutls-cli: allow printing the certificates in OCSP - responses when --print-cert is specified - -2014-11-14 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c, lib/x509/ocsp.c: updated OCSP verification code - to better use the trust list, and the KeyHash - -2014-11-14 Nikos Mavrogiannopoulos - - * lib/x509/ocsp_output.c: OCSP printing: Add header in front of - certificates - -2014-11-14 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h, - lib/pkcs11.c, lib/x509/verify-high.c: added - gnutls_pkcs11_get_raw_issuer_by_dn and - gnutls_x509_trust_list_get_issuer_by_dn - -2014-11-14 Nikos Mavrogiannopoulos - - * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: check - for OCSP status response - -2014-11-14 Nikos Mavrogiannopoulos - - * tests/cert-tests/crq: corrected crq test case; reported by Andreas - Metzler - -2014-11-13 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: set the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN - callback - -2014-11-13 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/ocsp.h, lib/libgnutls.map, lib/x509/ocsp.c, - lib/x509/ocsp_output.c, tests/ocsp.c: replaced - gnutls_ocsp_resp_get_responder_by_key with - gnutls_ocsp_resp_get_responder_raw_id In addition reverted gnutls_ocsp_resp_get_responder() to the old - buggy behavior of returning 0 if the element was missing. - -2014-11-13 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: make sure that GNUTLS_PKCS_PLAIN is set - when no password should be asked - -2014-11-13 Nikos Mavrogiannopoulos - - * lib/x509/privkey.c: gnutls_x509_privkey_import2: will not use a - callback if GNUTLS_PKCS_PLAIN is specified - -2014-11-13 Nikos Mavrogiannopoulos - - * lib/fips.c: the FIPS140-2 testing mode is disabled after - self-checks - -2014-11-13 Nikos Mavrogiannopoulos - - * tests/ocsp.c: updated OCSP tests to account for the new key ID - -2014-11-13 Nikos Mavrogiannopoulos - - * lib/x509/ocsp.c: doc update and gnutls_ocsp_resp_get_responder() - will always initialized output data - -2014-11-13 Nikos Mavrogiannopoulos - - * lib/nettle/rnd-common.c: _rnd_get_event: use memset to avoid - valgrind complaints - -2014-11-13 Nikos Mavrogiannopoulos - - * src/cli.c: gnutls-cli: print the OCSP response in verbose mode - -2014-11-13 Nikos Mavrogiannopoulos - - * lib/x509/ocsp.c: corrected documentation of OCSP response - verification - -2014-11-13 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/ocsp.h, lib/libgnutls.map, lib/x509/ocsp.c, - lib/x509/ocsp_output.c: Added - gnutls_ocsp_resp_get_responder_by_key() - -2014-11-13 Nikos Mavrogiannopoulos - - * lib/x509/dn.c: dn parsing: return - GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when DN is not available - -2014-11-13 Nikos Mavrogiannopoulos - - * src/cli-args.def, src/cli.c, src/common.c: gnutls-cli: added - option to save the OCSP response - -2014-11-13 Nikos Mavrogiannopoulos - - * lib/abstract_int.h, lib/gnutls_privkey.c, lib/gnutls_sig.c, - lib/includes/gnutls/abstract.h: added the notion of preferred sign - algorithm in a private key This can be set for keys imported with gnutls_privkey_import_ext3() - with the info callback. It is only considered for client side keys - in TLS sessions. - -2014-11-13 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi, lib/ext/ext_master_secret.c, - lib/gnutls_int.h, lib/gnutls_priority.c, lib/priority_options.gperf: - Added priority string %NO_SESSION_HASH to prevent advertising the - extended master secret extension - -2014-11-13 Nikos Mavrogiannopoulos - - * lib/ext/status_request.c: certificate status requestion response - is optional according to RFC6066 - -2014-11-13 Nikos Mavrogiannopoulos - - * lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, src/common.c: - Added flag GNUTLS_OCSP_SR_IS_AVAIL for - gnutls_ocsp_status_request_is_checked - -2014-11-13 Nikos Mavrogiannopoulos - - * lib/nettle/rnd-common.h: rnd: removed the packed attribute from - event_st That prevents a SIGBUS on solaris sparc systems. Reported by Thomas - Thorberger. - -2014-11-13 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c: The priority modifier - %LATEST_RECORD_VERSION is now the default This works-around issue with servers that forbit the SSL 3.0 version - number from the first packet of the record protocol. - -2014-11-13 Nikos Mavrogiannopoulos - - * src/cli-debug.c, src/tests.c, src/tests.h: added check for servers - that disallow the SSL 3.0 record version - -2014-11-12 Nikos Mavrogiannopoulos - - * src/common.c: gnutls-cli: print whether status request has been - checked - -2014-11-12 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c: doc update - -2014-11-12 Nikos Mavrogiannopoulos - - * lib/gnutls_privkey.c, lib/includes/gnutls/x509.h, - lib/libgnutls.map, lib/pin.c, lib/pin.h, lib/pkcs11.c, lib/tpm.c, - lib/x509/privkey.c, lib/x509/x509_int.h: Enable PIN support to - gnutls_x509_privkey_t - -2014-11-11 Nikos Mavrogiannopoulos - - * lib/system.c, lib/system.h, lib/x509/common.c, - lib/x509/x509_ext.c: _gnutls_ucs2_to_utf8() can handle little endian - strings. - -2014-11-11 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-11-11 Nikos Mavrogiannopoulos - - * lib/Makefile.am, lib/crypto-api.c, lib/ext/session_ticket.c, - lib/gnutls_cipher.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map, lib/safe-memfuncs.c, lib/safe-memset.c: Added - gnutls_memcmp() and exported it. - -2014-11-11 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/abstract.h: indentation fix - -2014-11-11 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-11-07 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs12.h, lib/libgnutls.map, - lib/x509/pkcs12_bag.c: added gnutls_pkcs12_bag_set_privkey() Conflicts: lib/libgnutls.map - -2014-11-10 Nikos Mavrogiannopoulos - - * lib/abstract_int.h, lib/gnutls_privkey.c, - lib/includes/gnutls/abstract.h: dropped unused copy_func - -2014-11-10 Nikos Mavrogiannopoulos - - * lib/x509/gnutls-idna.h: silence warning - -2014-10-31 Nikos Mavrogiannopoulos - - * configure.ac, tests/cert-tests/Makefile.am, tests/cert-tests/crq: - Added check with the invalid crq sent by Sean Burford - -2014-10-31 Nikos Mavrogiannopoulos - - * lib/gnutls_ecc.c: when exporting curve coordinates to X9.63 - format, perform additional sanity checks on input Reported by Sean Burford. - -2014-11-08 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-11-08 Nikos Mavrogiannopoulos - - * doc/cha-intro-tls.texi: doc update - -2014-11-08 Nikos Mavrogiannopoulos - - * NEWS, lib/ext/session_ticket.c, lib/gnutls_mem.h, - lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: exported - gnutls_memset() - -2014-11-08 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: doc: updated text - on session tickets - -2014-11-07 Nikos Mavrogiannopoulos - - * src/socket.c: tools: include arpa/inet.h in socket.c - -2014-11-07 Nikos Mavrogiannopoulos - - * doc/examples/ex-serv-dtls.c: doc: use the same port for DTLS - client and server - -2014-11-07 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: pass the correct user type to protected - authentication login - -2014-11-07 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: doc: corrected values for INSECURE level - -2014-11-07 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c: - pkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flags - -2014-11-07 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c: - pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH - -2014-11-07 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: pkcs11: perform reauth at the appropriate - state - -2014-11-07 Nikos Mavrogiannopoulos - - * lib/pkcs11.c, lib/pkcs11_int.h: pkcs11_login: set the correct user - type on reauthentication - -2014-11-06 Nikos Mavrogiannopoulos - - * gl/unistd.in.h, src/gl/unistd.in.h: applied patch by A. Klitzing - to improve compatibile with some apple systems Signed-off-by: Nikos Mavrogiannopoulos - -2014-11-06 Nikos Mavrogiannopoulos - - * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11: - force login on tokens that require it - -2014-11-06 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: always set slot_info - -2014-11-06 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-main-openssl: testcompat-openssl: disable - SSL 3.0 as it is not supported on debian - -2014-11-06 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-main-polarssl: fixed polarssl compatibility - checks on debian - -2014-11-06 Nikos Mavrogiannopoulos - - * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_write.c, lib/pkcs11x.c: - pkcs11: eliminated the need for struct token_info - -2014-11-06 Nikos Mavrogiannopoulos - - * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: added - support for PKCS #11 keys that require reauthentication and - simplified pkcs11_login - -2014-11-05 Nikos Mavrogiannopoulos - - * src/cli-debug.c: gnutls-cli-debug: clarified text - -2014-11-05 Nikos Mavrogiannopoulos - - * tests/suite/Makefile.am, tests/suite/testcompat, - tests/suite/testcompat-main, tests/suite/testcompat-main-openssl, - tests/suite/testcompat-main-polarssl, - tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl: - tests: separated the two testcompat tests (openssl/polarssl) - -2014-11-05 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphers.c: added missing comma - -2014-11-05 Nikos Mavrogiannopoulos - - * src/tests.c: gnutls-cli-debug: corrected heartbeat check - -2014-11-05 Nikos Mavrogiannopoulos - - * src/tests.c: gnutls-cli-debug: fixes in tests to prevent false - negatives - -2014-11-05 Nikos Mavrogiannopoulos - - * src/tests.c: gnutls-cli-debug: fixes in tests to prevent false - negatives - -2014-11-05 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-main: tests: added interoperability tests - with openssl's PSK - -2014-11-05 Nikos Mavrogiannopoulos - - * lib/gnutls_constate.c, lib/gnutls_int.h: corrected calculation for - max send data and other uses of _gnutls_cipher_type() - -2014-11-05 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphers.c: modernized cipher table - -2014-11-05 Chen Hongzhi - - * lib/x509/pkcs12.c: Fix double-free in gnutls_pkcs12_simple_parse() Signed-off-by: Nikos Mavrogiannopoulos - -2014-11-05 Nikos Mavrogiannopoulos - - * lib/gnutls_cipher.c: simplified checks for EtM - -2014-11-05 Nikos Mavrogiannopoulos - - * tests/anonself.c: tests: enhanced test to check the return value - of gnutls_record_send() - -2014-11-05 Nikos Mavrogiannopoulos - - * tests/mini-x509-2.c: tests: Added unit tests for - gnutls_certificate_get_ours in mini-x509-2 - -2014-11-05 Nikos Mavrogiannopoulos - - * lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h, - lib/gnutls_session.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c, - lib/includes/gnutls/gnutls.h.in: introduced - GNUTLS_MAX_SESSION_ID_SIZE - -2014-11-04 Nikos Mavrogiannopoulos - - * doc/scripts/mytexi2latex: mytexi2latex: handle na@"ive - -2014-11-04 Chris Barry - - * doc/cha-auth.texi, doc/cha-cert-auth.texi, - doc/cha-cert-auth2.texi, doc/cha-errors.texi, doc/sec-tls-app.texi: - Cleaning up some awkward phrasings. Signed-off-by: Nikos Mavrogiannopoulos - -2014-11-04 Nikos Mavrogiannopoulos - - * .gitignore, tests/Makefile.am, tests/mini-record-failure.c: tests: - Added test for MAC verification checks - -2014-11-04 Nikos Mavrogiannopoulos - - * lib/ext/etm.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: EtM - fixes: it only applies to block ciphers - -2014-11-04 Nikos Mavrogiannopoulos - - * src/cli-debug.c: gnutls-cli-debug: reorganized output - -2014-11-04 Nikos Mavrogiannopoulos - - * src/cli-debug.c, src/tests.c: moved the HTTPS server name outside - of verbose tests; only run when the HTTPS protocol is used - -2014-11-04 Nikos Mavrogiannopoulos - - * src/cli-debug.c, src/common.c, src/common.h, src/tests.c: enhanced - gnutls-cli-debug verbose output (uses files for mass text) - -2014-11-04 Nikos Mavrogiannopoulos - - * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added - tests for EtM and extended master secret support In addition reworked the output for existing tests. - -2014-11-04 Nikos Mavrogiannopoulos - - * src/socket.c: tools: only warn of an error if it is fatal - -2014-11-04 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-main, tests/suite/testcompat-polarssl: - testcompat: increased the number of test cases checked - -2014-11-04 Nikos Mavrogiannopoulos - - * lib/ext/alpn.c: updated text - -2014-11-04 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-11-04 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-polarssl: testcompat-polarssl: try to run - the test only if polarssl binaries are available - -2014-11-04 Nikos Mavrogiannopoulos - - * tests/suite/testcompat-common, tests/suite/testcompat-polarssl: - testcompat: check the PSK ciphersuite interoperability against - polarssl - -2014-11-03 Nikos Mavrogiannopoulos - - * tests/suite/Makefile.am, tests/suite/testcompat, - tests/suite/testcompat-common, tests/suite/testcompat-main, - tests/suite/testcompat-polarssl: testcompat: added interop tests - with polarssl - -2014-11-03 Jaak Ristioja - - * lib/system_override.c: doc: Added missing reference for EMSGSIZE - to inline documentation of gnutls_transport_set_errno(). Signed-off-by: Nikos Mavrogiannopoulos - -2014-11-03 Jaak Ristioja - - * lib/system_override.c: doc: Fixed typo in inline comment of - gnutls_transport_set_errno(). Signed-off-by: Nikos Mavrogiannopoulos - -2014-11-03 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-11-03 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi, lib/ext/Makefile.am, lib/ext/etm.c, - lib/ext/etm.h, lib/gnutls_buffers.c, lib/gnutls_cipher.c, - lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h, - lib/gnutls_constate.c, lib/gnutls_extensions.c, lib/gnutls_int.h, - lib/gnutls_priority.c, lib/gnutls_session_pack.c, - lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, - lib/priority_options.gperf, src/common.c: Added support for RFC7366 - (encrypt then authenticate) It implements a revised version of RFC7366, to avoid - interoperability issues: - http://www.ietf.org/mail-archive/web/tls/current/msg14349.html This - is currently enabled by default, unless %NO_ETM, or %COMPAT is - specified. - -2014-11-03 Nikos Mavrogiannopoulos - - * lib/algorithms.h, lib/algorithms/ciphers.c, lib/crypto-api.c, - lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c, - lib/gnutls_int.h, lib/gnutls_range.c: Made AEAD type an alternative - to stream and block That way the terminology becomes closer to the TLS rfc. - -2014-11-02 Nikos Mavrogiannopoulos - - * lib/gnutls_errors.c: updated the text for - GNUTLS_E_UNSUPPORTED_VERSION_PACKET - -2014-11-01 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-11-01 Nikos Mavrogiannopoulos - - * tests/suite/Makefile.am, tests/suite/pkcs11-privkey.c: tests: - Added check for gnutls_certificate_set_x509_key_file2() and PKCS #11 - + PIN - -2014-11-01 Nikos Mavrogiannopoulos - - * .gitignore: more files to ignore - -2014-11-01 Nikos Mavrogiannopoulos - - * lib/x509/common.c: when calling gnutls_x509_crt_get_subject_key_id - set the id_size - -2014-11-01 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: deinitialize the temporary spki data - -2014-10-31 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/init_fds.c: tests: added test for - gnutls_global_init after all descriptors are closed - -2014-10-31 Nikos Mavrogiannopoulos - - * lib/gnutls_global.c, lib/nettle/rnd-common.c, lib/random.h: - corrected check for urandom fd - -2014-10-31 Nikos Mavrogiannopoulos - - * tests/dtls/dtls-stress.c: tests: dtls-stress: fix issues in the - suite - -2014-10-31 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c: Do not require a PIN callback in the - certificate credentials when a password is specified - -2014-10-31 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c: doc update - -2014-10-31 Nikos Mavrogiannopoulos - - * lib/gnutls_global.c: corrected exit state from gnutls_global_init - -2014-10-31 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: updated text for gnutls_fd_in_use() to - account the new behavior - -2014-10-31 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map, lib/nettle/rnd-common.c: dropped - gnutls_fd_in_use, it is no longer necessary - -2014-10-31 Nikos Mavrogiannopoulos - - * lib/crypto-backend.h, lib/gnutls_global.c, - lib/nettle/rnd-common.c, lib/nettle/rnd-common.h, lib/nettle/rnd.c, - lib/random.h: When gnutls_global_init() is called manually from the - application check the urandom fd for validity That addresses the issue where a server closes all open file - descriptors and then calls gnutls_global_init(). - -2014-10-30 Nikos Mavrogiannopoulos - - * NEWS, configure.ac, lib/nettle/rnd-common.c: Added support for - getentropy() and reworked getrandom support - -2014-10-29 Nikos Mavrogiannopoulos - - * lib/nettle/pk.c: _gnutls_dh_generate_key() will account the q_bits - -2014-10-29 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-10-29 Nikos Mavrogiannopoulos - - * lib/gnutls_dh.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map: Added gnutls_dh_params_import_raw2(), which - allows to specify the number of bits for key size - -2014-10-29 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-10-29 Nikos Mavrogiannopoulos - - * configure.ac, lib/nettle/rnd-common.c: use Linux' getrandom() when - available - -2014-10-29 Nikos Mavrogiannopoulos - - * lib/nettle/rnd.c: use the random rnd context when refreshing the - nonce context That avoids frequent reads from /dev/urandom. - -2014-10-28 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c: do not explicitly refresh rnd state on session - deinit It is already being refreshed during the session lifetime. - -2014-10-28 Nikos Mavrogiannopoulos - - * lib/nettle/rnd.c: doc update - -2014-10-28 Nikos Mavrogiannopoulos - - * lib/nettle/rnd.c: increase the reseed time - -2014-10-26 Nikos Mavrogiannopoulos - - * lib/crypto-selftests.c: tests: enhance cipher test to include tag - verification error - -2014-10-26 Nikos Mavrogiannopoulos - - * lib/crypto-api.c: better documented the new API - -2014-10-26 Nikos Mavrogiannopoulos - - * lib/crypto-api.c: harmonise variable names - -2014-10-26 Nikos Mavrogiannopoulos - - * configure.ac: disable hardware acceleration by default in solaris - -2014-10-25 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c, lib/gnutls_int.h: Improved support of - draft-ietf-tls-session-hash-02. Now the session hash is calculated correctly even when a client - certificate is sent. That is, the session hash now does not take - into account the CertificateVerify message. - -2014-10-25 Nikos Mavrogiannopoulos - - * lib/crypto-api.c: doc update - -2014-10-25 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-10-25 Nikos Mavrogiannopoulos - - * doc/cha-crypto.texi: doc: list the AEAD API - -2014-10-25 Nikos Mavrogiannopoulos - - * NEWS, lib/crypto-api.c, lib/crypto-selftests.c, - lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h, - lib/libgnutls.map: Added a new simple to use AEAD API - -2014-10-25 Nikos Mavrogiannopoulos - - * NEWS, m4/hooks.m4: the openssl compatibility library isn't built - by default - -2014-10-25 Nikos Mavrogiannopoulos - - * cfg.mk, lib/accelerated/x86/elf/aes-ssse3-x86.s, - lib/accelerated/x86/elf/aes-ssse3-x86_64.s, - lib/accelerated/x86/elf/aesni-x86.s, - lib/accelerated/x86/elf/aesni-x86_64.s, - lib/accelerated/x86/elf/cpuid-x86.s, - lib/accelerated/x86/elf/cpuid-x86_64.s, - lib/accelerated/x86/elf/e_padlock-x86.s, - lib/accelerated/x86/elf/e_padlock-x86_64.s, - lib/accelerated/x86/elf/ghash-x86_64.s, - lib/accelerated/x86/elf/sha1-ssse3-x86.s, - lib/accelerated/x86/elf/sha1-ssse3-x86_64.s, - lib/accelerated/x86/elf/sha256-ssse3-x86.s, - lib/accelerated/x86/elf/sha512-ssse3-x86.s, - lib/accelerated/x86/elf/sha512-ssse3-x86_64.s: do not use the ifdef - directive in assembly files, as it isn't portable - -2014-10-24 Nikos Mavrogiannopoulos - - * lib/gnutls_cipher.c: eliminate IV size usage in TLS - encryption/decryption; it was a remnant of salsa20 - -2014-10-24 Nikos Mavrogiannopoulos - - * lib/ext/ext_master_secret.c: corrected likely macro usage Spotted by Manuel Pégourié-Gonnard. - -2014-10-24 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c, lib/gnutls_cipher.c, - lib/gnutls_cipher_int.h, tests/mini-overhead.c: removed support for - SALSA20 and for stream ciphers with IV The proposal was not adopted by the TLS WG, and the AEAD path will - be used. - -2014-10-24 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi, lib/gnutls_int.h, lib/gnutls_priority.c, - lib/priority_options.gperf: Added priority string %NO_TICKETS that - disables session ticket support This is implied by the priority string PFS. - -2014-10-23 Nikos Mavrogiannopoulos - - * lib/ext/ext_master_secret.c, lib/gnutls_kx.c: do not negotiate nor - use the 'extended master secret' in SSL 3.0 According to Alfredo Pironti support for that protocol will be - dropped from the draft. - -2014-10-22 Nikos Mavrogiannopoulos - - * cross.mk: compile 3.3.9 by default - -2014-10-23 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c: always send the mandatory extensions (even - in SSL 3.0) The only way to force no extensions and usage of SCSVs is the - %NO_EXTENSIONS priority string. - -2014-10-23 Nikos Mavrogiannopoulos - - * lib/ext/ext_master_secret.c: EXT MASTER SECRET moved to mandatory - extensions - -2014-10-23 Nikos Mavrogiannopoulos - - * configure.ac, lib/Makefile.am: check and use libnsl (used in - solaris) - -2014-10-23 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/coff/aes-ssse3-x86_64.s, - lib/accelerated/x86/coff/aesni-x86.s, - lib/accelerated/x86/coff/aesni-x86_64.s, - lib/accelerated/x86/coff/e_padlock-x86_64.s, - lib/accelerated/x86/coff/ghash-x86_64.s, - lib/accelerated/x86/coff/sha1-ssse3-x86_64.s, - lib/accelerated/x86/coff/sha256-ssse3-x86.s, - lib/accelerated/x86/coff/sha512-ssse3-x86.s, - lib/accelerated/x86/coff/sha512-ssse3-x86_64.s, - lib/accelerated/x86/elf/aes-ssse3-x86.s, - lib/accelerated/x86/elf/aes-ssse3-x86_64.s, - lib/accelerated/x86/elf/aesni-x86.s, - lib/accelerated/x86/elf/aesni-x86_64.s, - lib/accelerated/x86/elf/cpuid-x86.s, - lib/accelerated/x86/elf/cpuid-x86_64.s, - lib/accelerated/x86/elf/e_padlock-x86.s, - lib/accelerated/x86/elf/e_padlock-x86_64.s, - lib/accelerated/x86/elf/ghash-x86_64.s, - lib/accelerated/x86/elf/sha1-ssse3-x86.s, - lib/accelerated/x86/elf/sha1-ssse3-x86_64.s, - lib/accelerated/x86/elf/sha256-ssse3-x86.s, - lib/accelerated/x86/elf/sha512-ssse3-x86.s, - lib/accelerated/x86/elf/sha512-ssse3-x86_64.s, - lib/accelerated/x86/macosx/aes-ssse3-x86_64.s, - lib/accelerated/x86/macosx/aesni-x86.s, - lib/accelerated/x86/macosx/aesni-x86_64.s, - lib/accelerated/x86/macosx/e_padlock-x86_64.s, - lib/accelerated/x86/macosx/ghash-x86_64.s, - lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s, - lib/accelerated/x86/macosx/sha256-ssse3-x86.s, - lib/accelerated/x86/macosx/sha512-ssse3-x86.s, - lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: updated asm - sources - -2014-10-23 Nikos Mavrogiannopoulos - - * devel/openssl: updated perl asm sources - -2014-10-23 Nikos Mavrogiannopoulos - - * cfg.mk: use the GNU-stack note in linux systems - -2014-10-23 Nikos Mavrogiannopoulos - - * gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/gnulib-common.m4, - gl/m4/manywarnings.m4, gl/m4/stdlib_h.m4, gl/m4/threadlib.m4, - gl/m4/unistd_h.m4, gl/stdlib.in.h, gl/tests/fcntl.in.h, - gl/unistd.in.h, gl/vasnprintf.c, maint.mk, src/gl/Makefile.am, - src/gl/error.c, src/gl/getpass.c, src/gl/m4/extern-inline.m4, - src/gl/m4/gnulib-common.m4, src/gl/m4/stdlib_h.m4, - src/gl/m4/unistd_h.m4, src/gl/parse-datetime.y, src/gl/stdlib.in.h, - src/gl/sys_select.in.h, src/gl/unistd.in.h, src/gl/vasnprintf.c: - updated gnulib - -2014-10-23 Nikos Mavrogiannopoulos - - * tests/suite/pkcs11-get-issuer.c: tests: check the issuer value - validity of gnutls_x509_trust_list_get_issuer - -2014-10-23 Nikos Mavrogiannopoulos - - * lib/x509/verify-high.c: corrected bug in - gnutls_x509_trust_list_get_issuer() when used without the - GNUTLS_TL_GET_COPY flag - -2014-10-22 Nikos Mavrogiannopoulos - - * tests/slow/Makefile.am: tests: include minitasn1 when needed - -2014-10-22 Nikos Mavrogiannopoulos - - * src/danetool.c: use HAVE_DANE ifdef for unused functions - -2014-10-22 Nikos Mavrogiannopoulos - - * lib/libgnutls.map: exported gnutls_fd_in_use - -2014-10-22 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: document gnutls_fd_in_use() - -2014-10-22 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c: gnutls_fd_in_use: mention version - -2014-10-22 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: corrected FIND_OBJECT loop when the token - func is used - -2014-10-22 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in, - lib/nettle/rnd-common.c, lib/random.h: added gnutls_fd_in_use() to - check whether a file descriptor is in use - -2014-10-21 Nikos Mavrogiannopoulos - - * lib/gnutls_state.h: added prototype to avoid compiler warning - -2014-10-21 Nikos Mavrogiannopoulos - - * lib/nettle/pk.c: fips140-2: limit the FIPS code in fips mode - -2014-10-21 Nikos Mavrogiannopoulos - - * lib/nettle/pk.c: fips140-2: use the FIPS algorithms only when in - FIPS140-2 mode - -2014-10-20 Nikos Mavrogiannopoulos - - * tests/dtls/dtls-stress.c: dtls-stress: reindented code - -2014-10-20 Nikos Mavrogiannopoulos - - * tests/dtls/dtls-stress.c: tests: dtls-stress: only replay when - send succeeds - -2014-10-17 Nikos Mavrogiannopoulos - - * tests/suite/testsrn: testsrn: do not assume that SSL 3.0 is - enabled by default - -2014-10-17 Nikos Mavrogiannopoulos - - * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: added - test that checks the fallback from TLS 1.6 - -2014-10-17 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c, - lib/libgnutls.map: added _gnutls_hello_set_default_version() which - allows to override the clienthello version - -2014-10-17 Nikos Mavrogiannopoulos - - * src/cli-args.def: gnutls-cli: prevent the combination of the -p - and --list options As -p may be mistaken for --priority that would prevent wrong - outputs. - -2014-10-17 Nikos Mavrogiannopoulos - - * lib/x509/verify-high2.c: avoid d from getting out of scope - -2014-10-17 Nikos Mavrogiannopoulos - - * src/udp-serv.c: gnutls-serv: avoid possible buffer overrun - -2014-10-17 Nikos Mavrogiannopoulos - - * lib/x509/privkey.c: avoid memory leak on - gnutls_x509_privkey_generate() failure - -2014-10-16 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-10-16 Nikos Mavrogiannopoulos - - * src/cli-args.def, src/cli.c: gnutls-cli: added option - --priority-list - -2014-10-16 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map: added gnutls_priority_string_list(), a function - to iterate all priority strings - -2014-10-16 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c: put all priority strings into a table - -2014-10-15 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: updated documentation for SSL 3.0 removal - -2014-10-15 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-10-15 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c: SSL 3.0 is no longer on the default - priorities list - -2014-10-15 Nikos Mavrogiannopoulos - - * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c, - lib/nettle/int/dsa-validate.c: in FIPS140-2 mode only disable - 1024-bit DSA parameters when generating - -2014-10-14 Ludovic Courtès - - * guile/src/core.c: guile: Remove trailing zero in - 'gnutls_server_name_set' call. In GnuTLS 3.2.19 (and possibly 3.3.9 and 3.1.17), - 'set-session-server-name!' would pass a trailing nul character on - the wire after the server name, which would thus be rejected by - servers. - -2014-10-14 Nikos Mavrogiannopoulos - - * src/libopts/Makefile.am: corrected libopt's Makefile.am reported by Marius Schamschula. - -2014-10-14 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c: use _gnutls_hash_fast() in DSA/ECDSA - verification - -2014-10-14 Nikos Mavrogiannopoulos - - * lib/nettle/int/dsa-fips.h, lib/nettle/int/provable-prime.c, - lib/nettle/int/rsa-keygen-fips186.c: FIPS140-2 RSA key generation - changes to account for seed starting with null byte - -2014-10-14 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/sha-x86-ssse3.c: corrected the SSSE3 optimized - SHA224 - -2014-10-14 Nikos Mavrogiannopoulos - - * lib/nettle/rnd-common.c: simplified getrusage code; the failure - check code wasn't needed - -2014-10-10 Nikos Mavrogiannopoulos - - * lib/nettle/int/rsa-keygen-fips186.c: use lcm(p-1,q-1) instead of - phi(n) for RSA key generation in FIPS-140-2 mode - -2014-10-13 Nikos Mavrogiannopoulos - - * tests/x509-extensions.c: tests: added check for import failure of - v1 certificate with extensions - -2014-10-13 Nikos Mavrogiannopoulos - - * lib/x509/x509.c: do not allow importing X.509 certificates with - version < 3 and extensions present - -2014-10-13 Nikos Mavrogiannopoulos - - * cfg.mk: update the guile manual along the C one - -2014-10-11 Nikos Mavrogiannopoulos - - * src/libopts/Makefile.am, src/libopts/ag-char-map.h, - src/libopts/ao-strs.c, src/libopts/ao-strs.h, - src/libopts/autoopts.h, src/libopts/autoopts/options.h, - src/libopts/autoopts/usage-txt.h, src/libopts/compat/_Noreturn.h, - src/libopts/genshell.c, src/libopts/genshell.h, - src/libopts/intprops.h, src/libopts/m4/libopts.m4, - src/libopts/m4/stdnoreturn.m4, src/libopts/option-value-type.c, - src/libopts/option-value-type.h, - src/libopts/option-xat-attribute.c, - src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c, - src/libopts/proto.h, src/libopts/stdnoreturn.in.h, - src/libopts/version.c: updated to libopts 5.18.4 - -2014-10-11 Nikos Mavrogiannopoulos - - * lib/nettle/rnd-common.c: place all rusage variables into - HAVE_GETRUSAGE block - -2014-10-11 Nikos Mavrogiannopoulos - - * lib/nettle/rnd-common.c: rnd: if RUSAGE_THREAD fails try - RUSAGE_SELF - -2014-10-10 Nikos Mavrogiannopoulos - - * tests/test-chains.h: tests: removed last remnants of - GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE - -2014-10-10 Nikos Mavrogiannopoulos - - * tests/suite/pkcs11-combo.c: tests: pkcs11-combo: use unique db - file - -2014-09-25 Nikos Mavrogiannopoulos - - * lib/ext/heartbeat.c: forbid heartbeat messages during a handshake - -2014-10-09 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: - added internal variable to track handshake status - -2014-10-09 Nikos Mavrogiannopoulos - - * src/ocsptool-common.c: ocsptool: avoid shadowing a global variable - -2014-10-09 Nikos Mavrogiannopoulos - - * NEWS, lib/includes/gnutls/x509.h, lib/x509/verify.c: removed flag - GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE - -2014-10-09 Nikos Mavrogiannopoulos - - * .gitignore: more files to ignore - -2014-10-09 Nikos Mavrogiannopoulos - - * tests/suite/pkcs11-is-known.c: tests: updated time in - pkcs11-is-known - -2014-10-09 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: handle errors from override_cert_exts as - fatal - -2014-10-09 Nikos Mavrogiannopoulos - - * tests/chainverify.c, tests/suite/pkcs11-chainverify.c, - tests/test-chains.h: tests: allow running specific chainverify tests - on fixed dates - -2014-10-09 Nikos Mavrogiannopoulos - - * lib/x509/common.c: _gnutls_check_valid_key_id: corrected - activation/expiration check - -2014-10-09 Nikos Mavrogiannopoulos - - * lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: - simplified and optimized loop - -2014-10-09 Nikos Mavrogiannopoulos - - * doc/cha-crypto.texi: mention nettle as the recommended crypto - backend - -2014-10-09 Nikos Mavrogiannopoulos - - * tests/suite/Makefile.am, tests/suite/pkcs11-combo.c: tests: Added - check to ensure that trust list combination with extra certificates - works - -2014-10-09 Nikos Mavrogiannopoulos - - * lib/x509/verify-high.c: when both a trust module and additional - CAs are present account the latter as well That solves an issue in openconnect which used the system trust - module, plus additional certificates. - -2014-10-09 Nikos Mavrogiannopoulos - - * lib/x509/verify-high.c, lib/x509/verify-high.h: simplify the - handling of trust_list_get_issuer() when GNUTLS_TL_GET_COPY is not - given - -2014-10-08 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-10-08 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-09-29 Nikos Mavrogiannopoulos - - * src/common.c: tools: print the status of safe renegotiation and - extended master secret - -2014-09-29 Nikos Mavrogiannopoulos - - * tests/mini-x509.c, tests/resume.c: tests: check whether the - extended master secret is negotiated by default - -2014-10-08 Nikos Mavrogiannopoulos - - * lib/ext/Makefile.am, lib/ext/ext_master_secret.c, - lib/ext/ext_master_secret.h, lib/gnutls_constate.c, - lib/gnutls_extensions.c, lib/gnutls_handshake.c, - lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c, - lib/gnutls_session_pack.c, lib/gnutls_state.c, - lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added support - for the extended master secret calculation That is performed implicitly unless GNUTLS_NO_EXTENSIONS is - specified. The implementation follows - draft-ietf-tls-session-hash-02. - -2014-10-08 Nikos Mavrogiannopoulos - - * lib/nettle/pk.c: corrected assignment - -2014-10-08 Nikos Mavrogiannopoulos - - * lib/libgnutls.map: corrected the name of exported function - -2014-10-07 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-10-07 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-dtls-discard.c: tests: added check - for gnutls_record_discard_queued() - -2014-10-07 Nikos Mavrogiannopoulos - - * lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map: Added gnutls_record_discard_queued() That function allows to discard queued data in DTLS. - -2014-10-07 Nikos Mavrogiannopoulos - - * tests/test-chains.h: tests: corrected test for v1 cert signing - (removed bogus authorityIdentifier) - -2014-10-07 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: only set the authority key identifier, - if there is a corresponding subject key identifier - -2014-10-07 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: do not shortcut checks when - GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is specified - -2014-10-07 Nikos Mavrogiannopoulos - - * lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: always - check for a valid subjectKeyIdentifier match That way, expired certificates can co-exist with their replacements. - -2014-10-06 Armin Burgmeier - - * tests/suite/pkcs11-chainverify.c: Add a test for PKCS11 CA - iteration Signed-off-by: Armin Burgmeier - -2014-10-06 Armin Burgmeier - - * lib/x509/verify-high.c: Also iterate over the CA certificates in a - PKCS11 token Signed-off-by: Armin Burgmeier - -2014-10-06 Armin Burgmeier - - * lib/x509/verify-high2.c: Return an error if multiple PKCS11 URLs - are added to a trust list Before, the new URL would overwrite the old URL, and the memory of - theold URL would be leaked. It is documented that only one URL can - be used, so it should be safe to reject any attempt to add another - one. Signed-off-by: Armin Burgmeier - -2014-10-07 Nikos Mavrogiannopoulos - - * lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: when - no CKA_ID can be relied on fallback on checking the - SubjectKeyIdentifier Patch by David Woodhouse. - -2014-10-07 Nikos Mavrogiannopoulos - - * lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 ECDH - verification functions - -2014-10-07 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/gnutls.h.in: removed unused definition - -2014-10-07 Nikos Mavrogiannopoulos - - * lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 DH - verification functions - -2014-10-07 Nikos Mavrogiannopoulos - - * tests/suite/pkcs11-is-known.c: tests: corrected check with - gnutls_x509_trust_list_get_issuer - -2014-10-06 Nikos Mavrogiannopoulos - - * lib/x509/verify-high2.c: corrected remove_pkcs11_url() - -2014-10-06 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: address memory leak in gnutls_pkcs11_crt_is_known() - -2014-10-06 Nikos Mavrogiannopoulos - - * tests/suite/Makefile.am, tests/suite/pkcs11-is-known.c: tests: - check gnutls_pkcs11_crt_is_known() when multiple same DNs are - present - -2014-10-06 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: when checking for presence do not give up on - the first mismatch - -2014-10-05 Nikos Mavrogiannopoulos - - * lib/x509/verify-high2.c: doc update: clarifications in - gnutls_x509_trust_list_add_trust_file - -2014-10-02 Nikos Mavrogiannopoulos - - * lib/x509/verify-high.c: corrected compilation for non-pkcs11; - reported by David Woodhouse. - -2014-10-02 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-10-02 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c: avoid calls in gnutls_init() - -2014-10-02 Nikos Mavrogiannopoulos - - * lib/gnutls_dtls.c, lib/gnutls_handshake.c, lib/gnutls_int.h, - lib/gnutls_state.c: the handshake function has a timeout value by - default - -2014-10-02 Nikos Mavrogiannopoulos - - * lib/ext/session_ticket.c: use wait and retransmit when receiving - session tickets - -2014-10-02 Nikos Mavrogiannopoulos - - * tests/dtls/dtls, tests/dtls/dtls-stress.c: tests: added -r option - to dtls-stress That allows it to replay messages in a kind of arbitrary way. - -2014-10-02 Nikos Mavrogiannopoulos - - * lib/gnutls_global.c: report the FIPS140-2 mode - -2014-10-01 Nikos Mavrogiannopoulos - - * tests/suite/pkcs11-get-issuer.c, tests/x509cert.c: tests: added - check for GNUTLS_TL_GET_COPY - -2014-10-01 Nikos Mavrogiannopoulos - - * lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/x509.h, - lib/x509/ocsp.c, lib/x509/verify-high.c: Added GNUTLS_TL_GET_COPY - flag and documented the limitations of - gnutls_x509_trust_list_get_issuer() - -2014-09-30 Nikos Mavrogiannopoulos - - * lib/opencdk/stream.h: opencdk: changed filter_fnct_t to match the - actual function prototypes - -2014-09-30 Nikos Mavrogiannopoulos - - * NEWS: updated news entry - -2014-09-30 Ludovic Courtès - - * doc/gnutls-guile.texi: guile: doc: Remove erroneous @ifnottex. - -2014-09-30 Ludovic Courtès - - * NEWS: Add NEWS entry for Guile changes. - -2014-09-30 Ludovic Courtès - - * doc/gnutls-guile.texi: guile: doc: Make it clear that the bindings - are part of GnuTLS. - -2014-09-27 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c: if receiving a ChangeCipherSpec fails, - return GNUTLS_E_UNEXPECTED_PACKET That is more precise than the current - GNUTLS_E_UNEXPECTED_PACKET_LENGTH - -2014-09-27 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/x86-common.c: use __hidden in solaris to - provide the hidden visibility attribute - -2014-09-27 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/x86-common.h: no need to define - _gnutls_x86_cpuid_s - -2014-09-29 Nikos Mavrogiannopoulos - - * lib/gnutls_cipher.c, lib/nettle/cipher.c: use - MAX_CIPHER_BLOCK_SIZE more consistently - -2014-09-26 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c, lib/gnutls_handshake.c: do not allow - GNUTLS_E_LARGE_PACKET to be returned from non-DTLS sessions - -2014-09-25 Nikos Mavrogiannopoulos - - * lib/system.c: gnutls_x509_trust_list_add_system_trust() will not - allow duplicate entries - -2014-09-25 Nikos Mavrogiannopoulos - - * src/danetool.c, src/tpmtool.c: more compiler warning fixes - -2014-09-25 Nikos Mavrogiannopoulos - - * configure.ac: configure: enabled more warnings - -2014-09-25 Nikos Mavrogiannopoulos - - * lib/ext/session_ticket.c, lib/gnutls_dtls.h, - lib/gnutls_privkey.c, lib/openpgp/output.c, lib/random.c, - lib/system.c, lib/x509/ocsp_output.c, lib/x509/pkcs12.c, - src/certtool.c, src/cli.c: fixed compilation warnings - -2014-09-25 Nikos Mavrogiannopoulos - - * lib/x509/verify-high2.c: use _DIRENT_HAVE_D_TYPE to detect - d->d_type - -2014-09-25 Nikos Mavrogiannopoulos - - * lib/x509/x509.c: corrected type - -2014-09-25 Nikos Mavrogiannopoulos - - * configure.ac: configure: don't both with checks for padlock in - non-x86 - -2014-09-25 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/manpages/Makefile.am, lib/libgnutls.map, - symbols.last: updated auto-generated files - -2014-09-25 Nikos Mavrogiannopoulos - - * Makefile.am, README-alpha, devel/abi.xml, devel/abi3.2.xml: run - abi-compliance-checker prior to release - -2014-09-25 Nikos Mavrogiannopoulos - - * lib/libgnutls.map: indented symbols - -2014-09-25 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: - protect DTLS clients that don't handle GNUTLS_E_LARGE_PACKET from an - infinite loop on handshake - -2014-09-25 Nikos Mavrogiannopoulos - - * lib/gnutls_errors.c: removed unused error values - -2014-09-25 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h: - restrict the number of non-fatal errors gnutls_handshake() can - return - -2014-09-25 Nikos Mavrogiannopoulos - - * lib/gnutls_errors.c: optimized gnutls_error_is_fatal() by - splitting the errors to two tables - -2014-09-24 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-09-24 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in, - lib/includes/gnutls/openpgp.h, lib/openpgp/gnutls_openpgp.c, - tests/openpgp-auth.c, tests/x509cert.c: use unsigned types in - prototypes - -2014-09-24 Nikos Mavrogiannopoulos - - * configure.ac: enable gcc warnings by default - -2014-09-23 Armin Burgmeier - - * tests/openpgp-auth.c, tests/x509cert.c: Check the credentials - getter functions as part of the unit tests - -2014-09-18 Armin Burgmeier - - * lib/includes/gnutls/x509.h, lib/libgnutls.map, - lib/x509/verify-high.c: Add an interface to iterate the trusted CA - certificates in a trust list Signed-off-by: Armin Burgmeier - -2014-09-18 Armin Burgmeier - - * lib/includes/gnutls/openpgp.h, lib/libgnutls.map, - lib/openpgp/gnutls_openpgp.c: Add getter functions for openpgp keys - and certificates Signed-off-by: Armin Burgmeier - -2014-09-17 Armin Burgmeier - - * lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map: Add functions to obtain X.509 keys and - certificates from certificate credentials Signed-off-by: Armin Burgmeier - -2014-09-24 Nikos Mavrogiannopoulos - - * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h, - lib/libgnutls.map: enabled gnutls_privkey_export_pkcs11 - -2014-09-17 Armin Burgmeier - - * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h, - lib/libgnutls.map: Add functions to export X.509 and OpenPGP private - keys from the abstract type Signed-off-by: Armin Burgmeier - -2014-09-17 Armin Burgmeier - - * lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map: - Add a function to obtain the trust list of a - gnutls_certificate_credentials_t Signed-off-by: Armin Burgmeier - -2014-09-24 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c: doc update - -2014-09-22 Nikos Mavrogiannopoulos - - * .gitignore: more files to ignore - -2014-09-22 Nikos Mavrogiannopoulos - - * NEWS, lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h: removed - gnutls_pcert_get_type() - -2014-09-22 Nikos Mavrogiannopoulos - - * configure.ac: only enable crywrap if libidn is present - -2014-09-22 Ludovic Courtès - - * guile/src/core.c: guile: Restore cross-reference in - 'set-session-priorities!' docstring. This had been destroyed in 32d90395. - -2014-09-22 Ludovic Courtès - - * guile/modules/gnutls.in, guile/modules/gnutls/build/enums.scm, - guile/src/core.c, guile/tests/anonymous-auth.scm: guile: Add - bindings for 'gnutls_server_name_set'. This adds the 'set-session-server-name!' procedure and the - 'server-name-type' enum type. - -2014-09-22 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-09-22 Nikos Mavrogiannopoulos - - * tests/chainverify.c, tests/suite/certs/create-chain.sh, - tests/suite/pkcs11-chainverify.c, tests/test-chains.h: tests: Added - checks for key purpose verification - -2014-09-22 Nikos Mavrogiannopoulos - - * lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in, - lib/includes/gnutls/x509.h, lib/x509/common.h, - lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h: - Verify key purpose on intermediate certificate if - GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE is specified That introduces the verification flag - GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE, and the verification - result GNUTLS_CERT_PURPOSE_MISMATCH. The reason that this - verification test must be explicitly enabled is because it is only - defined in CA Forum's Baseline requirements 1.1.9 but not any IETF - document. - -2014-09-22 Nikos Mavrogiannopoulos - - * src/certtool-args.def: certtool: updated the extended key usage - documentation - -2014-09-22 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/gnutls.h.in: added missing prototype - -2014-09-22 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-09-22 Nikos Mavrogiannopoulos - - * lib/abstract_int.h, lib/gnutls_privkey.c, - lib/includes/gnutls/abstract.h, lib/libgnutls.map: introduced - gnutls_privkey_import_ext3() That function allows copying an external specified private key, as - well as allow variability on the capabilities of an external key. - -2014-09-21 Nikos Mavrogiannopoulos - - * cross.mk: updated cross.mk - -2014-09-21 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-09-21 Nikos Mavrogiannopoulos - - * lib/x509/output.c: when printing a certificate request also print - its signature algorithm - -2014-09-21 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c: - added gnutls_x509_crq_get_signature_algorithm() - -2014-09-21 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-09-21 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/abstract.h: Added missing prototype - -2014-09-21 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, - lib/pkcs11_privkey.c: Added gnutls_pkcs11_privkey_cpy() - -2014-09-17 Armin Burgmeier - - * lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map: Add gnutls_certificate_get_verify_flags Signed-off-by: Armin Burgmeier - -2014-09-17 Armin Burgmeier - - * lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h, - lib/libgnutls.map: Add API to retrieve a X.509 or OpenPGP - certificate from a gnutls_pcert_t Signed-off-by: Armin Burgmeier - -2014-09-18 Armin Burgmeier - - * lib/x509/verify-high.c: Memory leak fix on certificate copy - failure Signed-off-by: Armin Burgmeier - -2014-09-17 Armin Burgmeier - - * lib/gnutls_ui.c: Fix a documentation typo Signed-off-by: Armin Burgmeier - -2014-09-19 Nikos Mavrogiannopoulos - - * cfg.mk, lib/accelerated/x86/files.mk: regenerated files.mk - -2014-09-19 Nikos Mavrogiannopoulos - - * libdane/dane.c: libdane: do not require the CA to be a direct CA - -2014-09-19 Nikos Mavrogiannopoulos - - * tests/scripts/common.sh, tests/suite/testpkcs11: tests: enhanced - test suite to pass more of the PKCS #11 API under valgrind - -2014-09-19 Nikos Mavrogiannopoulos - - * src/serv-args.def, src/serv.c: gnutls-serv: added the --provider - option - -2014-09-19 Nikos Mavrogiannopoulos - - * src/common.c: tools: corrected pin entry - -2014-09-19 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c: cleaned up memory deallocation in - read_cert_url() That caused unexpected results when loading PKCS #11 URLs. Reported - by Joseph Peruski. - -2014-09-18 Nikos Mavrogiannopoulos - - * doc/certtool.cfg: updated certtool.cfg - -2014-09-15 Nikos Mavrogiannopoulos - - * tests/test-chains.h: tests: added checks with modified certificate This tests whether a modified of a DER certificate, that is - cancelled out while we parse it, would result to a good signature. - -2014-09-18 Nikos Mavrogiannopoulos - - * configure.ac: require explicit disabling of PKCS #11 in configure - -2014-09-16 Nikos Mavrogiannopoulos - - * devel/DCO/people-dco.txt: Added Armin's DCO - -2014-09-18 Nikos Mavrogiannopoulos - - * lib/x509/verify-high.c, lib/x509/verify.c: updated details on - certificate verification - -2014-09-18 Nikos Mavrogiannopoulos - - * configure.ac: depend on p11-kit 0.20.7 - -2014-09-16 Armin Burgmeier - - * lib/x509/verify.c, tests/test-chains.h: Check for all error - conditions when verifying a certificate This allows to check for all possible flaws with a certificate chain - with a single call to gnutls_x509_crt_list_verify and friends. Signed-off-by: Armin Burgmeier - -2014-09-17 Nikos Mavrogiannopoulos - - * configure.ac, lib/pkcs11x.h: depend on p11-kit 0.20.6 - -2014-09-17 Nikos Mavrogiannopoulos - - * lib/x509/verify.c: removed unneeded set of status - -2014-09-17 Nikos Mavrogiannopoulos - - * lib/x509/verify.c: pkcs11: when a signer isn't found in PKCS #11 - force the verification of the chain That allows obtaining any additional flags from the chain such as - insecure algorithms or expirations. - -2014-09-17 Nikos Mavrogiannopoulos - - * src/psk.c: psktool: corrected resource leak on failure - -2014-09-17 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c: added sanity check on cleanup - -2014-09-17 Nikos Mavrogiannopoulos - - * lib/verify-tofu.c: removed unused variable - -2014-09-17 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: corrected typo in printing error - -2014-09-17 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: correctly reallocate the read buffer Report and patch by David Woodhouse. - -2014-09-16 Nikos Mavrogiannopoulos - - * doc/cha-cert-auth.texi: updated documentation on PKCS #11 trust - module verification - -2014-09-16 Nikos Mavrogiannopoulos - - * lib/x509/common.h, lib/x509/verify-high.c, lib/x509/verify.c: - unified the key purpose checks functions - -2014-09-16 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/x509.h, lib/x509/common.h, - lib/x509/verify-high.c, lib/x509/verify.c: check for CAs with the - same key in gnutls_x509_trust_list_add_cas That way when GNUTLS_TL_NO_DUPLICATE_KEY is specified the added CA - will overwrite any previous one with the same name and key. - -2014-09-16 Nikos Mavrogiannopoulos - - * lib/x509/verify-high.c: hostname and key purpose checks were moved - above CRL checks - -2014-09-16 Nikos Mavrogiannopoulos - - * lib/x509/output.c, lib/x509/x509_ext.c: doc update - -2014-09-16 Nikos Mavrogiannopoulos - - * lib/x509/crl.c: corrected gnutls_x509_crl_get_raw_issuer_dn() - -2014-09-15 Nikos Mavrogiannopoulos - - * tests/scripts/common.sh: tests: use the PID number in RPORT The shell's RANDOM isn't that random. - -2014-09-15 Nikos Mavrogiannopoulos - - * lib/minitasn1/decoding.c: updated libtasn1 - -2014-09-15 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: documented the environment variables - -2014-09-13 Nikos Mavrogiannopoulos - - * configure.ac, lib/pkcs11.c, lib/pkcs11x.c, lib/pkcs11x.h: simulate - pkcs11x.h when it doesn't exist - -2014-09-13 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/crlverify.c: tests: Added crlverify to - check gnutls_x509_crl_verify and gnutls_x509_trust_list_add_crls - -2014-09-13 Nikos Mavrogiannopoulos - - * tests/suite/certs/create-chain.sh: create-chain.sh: generate CRL - -2014-09-13 Nikos Mavrogiannopoulos - - * lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the - invalid status Reported by Armin Burgmeier. - -2014-09-13 Nikos Mavrogiannopoulos - - * lib/x509/verify.c: Revert "gnutls_x509_crl_verify: do not always - set the invalid status" This reverts commit a922ee10c5f3902988e5730a1e6fbf77b033058c. - -2014-09-13 Nikos Mavrogiannopoulos - - * lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the - invalid status Reported by Armin Burgmeier. - -2014-09-13 Nikos Mavrogiannopoulos - - * lib/gnutls_ui.c: doc update - -2014-09-12 Nikos Mavrogiannopoulos - - * lib/pkcs11x.c: added missing file - -2014-09-12 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: print Attached Extensions, instead of - extensions - -2014-09-12 Nikos Mavrogiannopoulos - - * lib/x509/verify-high.c: when adding a duplicate certificate, keep - the last entry - -2014-09-12 Nikos Mavrogiannopoulos - - * lib/Makefile.am, lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, - lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_write.c, lib/pkcs11x.h, - lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h: added - gnutls_pkcs11_copy_attached_extension() - -2014-09-12 Nikos Mavrogiannopoulos - - * tests/suite/pkcs11-get-issuer.c: pkcs11-get-issuer: do not - hardcode the chain number, use its name - -2014-09-11 Nikos Mavrogiannopoulos - - * lib/x509/crq.c, lib/x509/verify-high.c, lib/x509/x509.c: Revert - "corrected planned version number" This reverts commit 5e44f432580f8b9533223acc3060db26446f0e96. - -2014-09-11 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/x509-ext.h, lib/libgnutls.map, - lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c, - src/pkcs11.c: fixes in the extension handling - -2014-09-11 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: will print trust module extensions if - present - -2014-09-10 Nikos Mavrogiannopoulos - - * lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h: - check the key purpose of the CA certificate when in pkcs11 cert - validation - -2014-09-10 Nikos Mavrogiannopoulos - - * lib/Makefile.am, lib/includes/gnutls/pkcs11.h, - lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c, - lib/pkcs11_int.c, lib/pkcs11_int.h, lib/x509/common.h, - lib/x509/output.c, lib/x509/x509_ext.c: allow retrieving extensions - in a trust module using - GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT - -2014-09-10 Nikos Mavrogiannopoulos - - * lib/verify-tofu.c, lib/x509/common.h, lib/x509/extensions.c, - lib/x509/ocsp.c: export x509_crt_to_raw_pubkey() in x509/common.h - and prefixed s/get_extension with _gnutls - -2014-09-10 Nikos Mavrogiannopoulos - - * lib/x509/verify-high.c: doc update - -2014-09-09 Nikos Mavrogiannopoulos - - * lib/x509/crq.c, lib/x509/verify-high.c, lib/x509/x509.c: corrected - planned version number - -2014-09-09 Nikos Mavrogiannopoulos - - * lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h, - lib/includes/gnutls/x509.h, lib/libgnutls.map, - lib/x509/verify-high.c: gnutls_x509_trust_list_verify_crt2 is in par - with gnutls_certificate_verify_peers That is, it accepts a list of gnutls_typed_vdata_st and allows for - flexibility. - -2014-09-08 Nikos Mavrogiannopoulos - - * lib/x509/x509_ext.c: doc update - -2014-09-08 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c, - lib/x509/x509.c: Added gnutls_x509_crt_get_extension_by_oid2() and - gnutls_x509_crq_get_extension_by_oid2() - -2014-09-08 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map, - lib/x509/verify-high.c: Added - gnutls_x509_trust_list_verify_purpose_crt() - -2014-09-08 Nikos Mavrogiannopoulos - - * src/tpmtool.c: tpmtool: corrected key password read - -2014-09-08 Nikos Mavrogiannopoulos - - * src/danetool.c: set umask prior to calling mkstemp - -2014-09-08 Nikos Mavrogiannopoulos - - * lib/x509/verify-high.c: initialize verification output to zero - -2014-09-08 Nikos Mavrogiannopoulos - - * lib/gnutls_buffers.c: dtls: when discarding packet, discard the - correct number of bytes - -2014-09-08 Nikos Mavrogiannopoulos - - * lib/x509/hostname-verify.c: check_ip: initialize ret - -2014-09-08 Nikos Mavrogiannopoulos - - * lib/tpm.c: gnutls_tpm_privkey_generate: initialize input values to - null to prevent any issue - -2014-09-08 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: do not dereference find_data->p_list in pkcs11 - callback - -2014-09-08 Nikos Mavrogiannopoulos - - * lib/nettle/rnd-fips.c: corrected issue in fips RNG - -2014-09-08 Nikos Mavrogiannopoulos - - * lib/nettle/pk.c: added comment to clarify check - -2014-09-08 Nikos Mavrogiannopoulos - - * lib/opencdk/literal.c: opencdk: corrected unsigned comparison - -2014-09-08 Nikos Mavrogiannopoulos - - * lib/tpm.c: fixes in loop for SRK password input - -2014-09-08 Nikos Mavrogiannopoulos - - * src/common.c: apps: corrected GNUTLS_PIN reading - -2014-09-08 Nikos Mavrogiannopoulos - - * lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_dir: - corrected CRL loading error - -2014-09-08 Nikos Mavrogiannopoulos - - * src/certtool-cfg.c: certtool: corrected copy+paste error - -2014-09-07 Nikos Mavrogiannopoulos - - * tests/suite/suppressions.valgrind, tests/suppressions.valgrind: - tests: simply valgrind suppressions for libidn - -2014-09-05 Nikos Mavrogiannopoulos - - * tests/dsa/testdsa, tests/openpgp-certs/testcerts, - tests/scripts/common.sh, tests/suite/testcompat-main, - tests/suite/testpkcs11, tests/suite/testsrn: use random ports in - tests, unless a port is provided - -2014-09-05 Nikos Mavrogiannopoulos - - * lib/x509/verify-high2.c: corrected usage of readdir_r() - -2014-09-05 Nikos Mavrogiannopoulos - - * src/ocsptool-common.c: ocsptool: better error message - -2014-09-05 Nikos Mavrogiannopoulos - - * lib/x509/verify-high2.c: reentrant fixes for - gnutls_x509_trust_list_add_trust_dir() handle unknown file types - -2014-09-05 Nikos Mavrogiannopoulos - - * src/certtool-args.def: doc update - -2014-09-04 Nikos Mavrogiannopoulos - - * lib/x509/x509_dn.c: optimized escaped comma handling - -2014-09-04 Nikos Mavrogiannopoulos - - * m4/hooks.m4, tests/ocsp.c: require libtasn1 3.9 or later That is because of the ocsp fix. - -2014-09-04 Nikos Mavrogiannopoulos - - * tests/crq_apis.c: tests: extended crq API checks - -2014-09-04 Nikos Mavrogiannopoulos - - * lib/x509/x509_write.c: doc update - -2014-09-04 Nikos Mavrogiannopoulos - - * lib/x509/x509_dn.c: when setting a DN properly handle spaces and - escaped commas - -2014-09-04 Nikos Mavrogiannopoulos - - * lib/x509/common.c: simplified _gnutls_x509_get_signed_data() - -2014-09-04 Nikos Mavrogiannopoulos - - * lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c, - lib/x509/x509.c: The get_raw_dn() functions were modified to work - even if the certificate is generated (not imported) - -2014-09-04 Nikos Mavrogiannopoulos - - * lib/gnutls_dtls.c: Disallow zero fragments in DTLS for packets - which have data. Reported by Manuel Pégourié-Gonnard. - -2014-09-04 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/mini-dtls-lowmtu.c: tests: Check the - behavior of a DTLS server in a low-mtu scenario. http://permalink.gmane.org/gmane.network.gnutls.general/3582 - -2014-09-04 Nikos Mavrogiannopoulos - - * configure.ac, lib/vasprintf.c: steal openconnect's vasprintf() - implementation - -2014-09-04 Nikos Mavrogiannopoulos - - * lib/vasprintf.c: corrected bundled vasprintf(); reported by Jeff - Lee - -2014-09-04 Nikos Mavrogiannopoulos - - * lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated - libtasn1 - -2014-09-04 Nikos Mavrogiannopoulos - - * tests/ocsp.c: tests: Added tests on the invalid OCSP response - -2014-09-03 Nikos Mavrogiannopoulos - - * lib/fips.c: fips140: check the integrity of GMP - -2014-09-03 Nikos Mavrogiannopoulos - - * lib/x509/common.h, lib/x509/verify.c: when comparing an - end-certificate with the trusted list compare the entire certificate - -2014-09-02 Nikos Mavrogiannopoulos - - * tests/test-chains.h: tests: Added test for amazon.com chain with - new verisign CA. - -2014-09-02 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/x509/common.c, - lib/x509/common.h, lib/x509/crl.c, lib/x509/verify.c, - lib/x509/x509.c, lib/x509/x509_int.h: when comparing a CA - certificate with the trusted list compare the name and key That is to handle cases where a CA certificate was superceded by a - different one with the same name and the same key. That can happen - when an intermediate CA certificate is replaced by a self-signed - one. - -2014-09-02 Nikos Mavrogiannopoulos - - * lib/fips.c, lib/fips.h, lib/gnutls_global.c, - lib/nettle/int/dsa-fips.h: perform the FIPS140-2 self tests in two - rounds One round is before the AES acceleration is registered, and the - second is after. That is to allow testing of the AES implementation - used in the DRBG. That is a hack until nettle handles all cipher - acceleration. - -2014-09-01 Nikos Mavrogiannopoulos - - * lib/x509/name_constraints.c: name constraints: do not check CN - when a DNSname is available - -2014-09-01 Nikos Mavrogiannopoulos - - * lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.h: - drbg-aes: added checks in the error handling of the functions That coverts the instantiate and generation functions. - -2014-09-01 Nikos Mavrogiannopoulos - - * lib/crypto-selftests.c: fips140: fail on encryption test failure - -2014-09-01 Nikos Mavrogiannopoulos - - * lib/nettle/int/drbg-aes.c: drbg-aes: if the continuous test fails, - put the library into error state - -2014-08-31 Nikos Mavrogiannopoulos - - * doc/cha-tokens.texi, doc/cha-upgrade.texi, doc/latex/cover.tex: - small doc updates - -2014-08-31 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/cha-tokens.texi, doc/latex/cover.tex: doc: - fixes in sectioning for p11tool and tpmtool invocation - -2014-08-29 Tristan Matthews - - * lib/ext/alpn.c: alpn: fix version documentation Signed-off-by: Nikos Mavrogiannopoulos - -2014-08-29 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: allow printing multiple types of tokens - -2014-08-29 Nikos Mavrogiannopoulos - - * lib/x509/hostname-verify.c: remove text not applicable in that - version - -2014-08-29 Nikos Mavrogiannopoulos - - * lib/x509/hostname-verify.c: refer to rfc6125 - -2014-08-29 Nikos Mavrogiannopoulos - - * lib/x509/privkey.c: additional sanity check in RSA key generation - testing in FIPS-140-2 mode The encrypted data are checked to differ from the plaintext, to - prevent any issues with an accidental null encryption. - -2014-08-29 Nikos Mavrogiannopoulos - - * lib/x509/privkey.c: when in FIPS140-2 mode switch the library to - error state if key generation fails - -2014-08-29 Nikos Mavrogiannopoulos - - * lib/x509/common.c, lib/x509/crl.c, lib/x509/x509.c: avoid new - allocations and keep a pointer to the DER data for DN - -2014-08-29 Nikos Mavrogiannopoulos - - * lib/x509/crl.c, lib/x509/verify.c, lib/x509/x509_int.h: when - importing a CRL keep the DER data - -2014-08-29 Nikos Mavrogiannopoulos - - * lib/x509/common.c, lib/x509/common.h, lib/x509/crq.c, - lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: when - importing a certificate, keep the DER data - -2014-08-29 Nikos Mavrogiannopoulos - - * lib/ext/session_ticket.c: doc update - -2014-08-29 Nikos Mavrogiannopoulos - - * cfg.mk, configure.ac, devel/openssl, - lib/accelerated/x86/Makefile.am, lib/accelerated/x86/x86-common.c: - added configuration option --disable-padlock That allows keeping hardware acceleration in x86 but without support - for padlock. - -2014-08-29 Nikos Mavrogiannopoulos - - * devel/openssl, lib/accelerated/x86/coff/ghash-x86_64.s, - lib/accelerated/x86/coff/sha1-ssse3-x86_64.s, - lib/accelerated/x86/coff/sha512-ssse3-x86_64.s, - lib/accelerated/x86/elf/ghash-x86_64.s, - lib/accelerated/x86/elf/sha1-ssse3-x86_64.s, - lib/accelerated/x86/elf/sha512-ssse3-x86_64.s, - lib/accelerated/x86/macosx/ghash-x86_64.s, - lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s, - lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Revert "updated - asm sources" This reverts commit 97895066e18abc5689ede9af1a463539ea783e90. - -2014-08-28 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: when listing tokens, list their type as - well - -2014-08-27 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/x86-common.c: hide _gnutls_x86_cpuid_s - -2014-08-27 Nikos Mavrogiannopoulos - - * devel/openssl, lib/accelerated/x86/coff/ghash-x86_64.s, - lib/accelerated/x86/coff/sha1-ssse3-x86_64.s, - lib/accelerated/x86/coff/sha512-ssse3-x86_64.s, - lib/accelerated/x86/elf/ghash-x86_64.s, - lib/accelerated/x86/elf/sha1-ssse3-x86_64.s, - lib/accelerated/x86/elf/sha512-ssse3-x86_64.s, - lib/accelerated/x86/macosx/ghash-x86_64.s, - lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s, - lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: updated asm - sources - -2014-08-27 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: gnutls_pkcs11_obj_list_import_url2() will import - data in a single pass - -2014-08-26 Nikos Mavrogiannopoulos - - * tests/suite/suppressions.valgrind: tests: added more idna valgrind - suppressions - -2014-08-26 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: when reading PKCS #11 objects, read multiple - objects at a time That improves the performance significantly when reading from tokens - with a significant number of objects. Reported by David Woodhouse. - -2014-08-26 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: do not fail the entire operation if a single - object cannot be imported - -2014-08-26 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: allow objects without label or without ID - -2014-08-26 Nikos Mavrogiannopoulos - - * tests/test-chains.h: tests: updated name constraints checks to not - include a CN - -2014-08-26 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, - tests/cert-tests/name-constraints-err.pem, - tests/cert-tests/name-constraints-err.pem.out, - tests/cert-tests/verify-test: Revert "tests: Added a nameconstraints - test based on the CN bypass" The bypass check was included in - chainverify. This reverts commit c9417bcc0614aaa2668486d294f5759b4082a23a. - -2014-08-26 Nikos Mavrogiannopoulos - - * lib/x509/name_constraints.c, lib/x509/x509.c: doc update - -2014-08-26 Nikos Mavrogiannopoulos - - * lib/x509/verify.c: only check name constraints in non-CA - certificates - -2014-08-26 Nikos Mavrogiannopoulos - - * lib/x509/name_constraints.c: ignore constraints for different type - than the checked - -2014-08-26 Nikos Mavrogiannopoulos - - * tests/cert-tests/Makefile.am, - tests/cert-tests/name-constraints-err.pem, - tests/cert-tests/name-constraints-err.pem.out, - tests/cert-tests/verify-test: tests: Added a nameconstraints test - based on the CN bypass That was discussed in: - http://permalink.gmane.org/gmane.comp.encryption.openssl.devel/26660 - -2014-08-26 Nikos Mavrogiannopoulos - - * lib/x509/name_constraints.c: when verifying name constrains - enforce the single CN rule - -2014-08-22 Nikos Mavrogiannopoulos - - * cross.mk: cross.mk: compile gnutls without p11-kit by default - -2014-08-22 Nikos Mavrogiannopoulos - - * cross.mk: cross.mk: do not delete the pkgconfig directory - -2014-08-25 Nikos Mavrogiannopoulos - - * devel/DCO/people-dco.txt: Added Alon's DCO link - -2014-08-25 Nikos Mavrogiannopoulos - - * src/libopts/autoopts.h: check for stdnoreturn.h presence - -2014-08-24 Alon Bar-Lev - - * tests/Makefile.am, tests/x509cert-tl.c: build: tests: x509cert-tl: - support separate builddir Signed-off-by: Alon Bar-Lev - -2014-08-24 Alon Bar-Lev - - * lib/gnutls_privkey.c: build: condition pkcs11 block Signed-off-by: Alon Bar-Lev - -2014-08-23 Nikos Mavrogiannopoulos - - * lib/gnutls_record.c: record: tolerate a finished packet with - errors in DTLS - -2014-08-23 Nikos Mavrogiannopoulos - - * lib/gnutls_record.c: record: in DTLS discard only messages that - cause unexpected packet errors - -2014-08-23 Nikos Mavrogiannopoulos - - * tests/suite/suppressions.valgrind: tests: suppress more libidn - warnings - -2014-08-23 Nikos Mavrogiannopoulos - - * src/danetool.c: danetool: ensure the temporary file is always - removed - -2014-08-23 Nikos Mavrogiannopoulos - - * lib/ext/server_name.c, lib/includes/gnutls/gnutls.h.in: the - server_name extension will convert input and output names to IDNA. - -2014-08-23 Nikos Mavrogiannopoulos - - * src/Makefile.am, src/socket.c: tools: use idna_to_ascii_8z() to - convert internationalized hostnames - -2014-08-22 Nikos Mavrogiannopoulos - - * lib/x509/gnutls-idna.h, lib/x509/hostname-verify.c, - lib/x509/output.c: hostname-verify: use idn_free() - -2014-08-22 Nikos Mavrogiannopoulos - - * lib/gnutls_errors.c: doc update - -2014-08-22 Nikos Mavrogiannopoulos - - * lib/nettle/int/dsa-keygen-fips186.c: prevent 1024-bit DSA - parameter generation only when FIPS-mode is enabled. - -2014-08-22 Nikos Mavrogiannopoulos - - * lib/nettle/int/dsa-keygen-fips186.c: Revert "removed pbits=1024, - qbits=160 from the acceptable bit sizes in FIPS140-2 DSA parameter - generation." This reverts commit 110527d9bb9ca70a66ae8173769067f133fd3cf7. - -2014-08-21 Nikos Mavrogiannopoulos - - * lib/system.c: use the windows API in windows even if iconv is - available - -2014-08-20 Nikos Mavrogiannopoulos - - * cross.mk: win32: updated Makefile and added the ability build - openconnect - -2014-08-20 Nikos Mavrogiannopoulos - - * configure.ac: check for the correct version of libidn - -2014-08-20 Nikos Mavrogiannopoulos - - * tests/hostname-check.c: tests: Added case sensitive checks in - hostname verification - -2014-08-20 Nikos Mavrogiannopoulos - - * tests/suite/suppressions.valgrind: tests: copied valgrind - suppressions to suite - -2014-08-20 Nikos Mavrogiannopoulos - - * lib/minitasn1/decoding.c: updated libtasn1 - -2014-08-20 Nikos Mavrogiannopoulos - - * tests/suppressions.valgrind: tests: suppress valgrind warnings due - to libidn - -2014-08-20 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-08-20 Nikos Mavrogiannopoulos - - * lib/x509/Makefile.am, lib/x509/gnutls-idna.h, - lib/x509/hostname-verify.c, lib/x509/output.c: - gnutls_x509_crt_print() will print the IDNA A-label names as well. - -2014-08-20 Nikos Mavrogiannopoulos - - * tests/hostname-check.c: tests: added UTF-8 hostname comparison - checks - -2014-08-20 Nikos Mavrogiannopoulos - - * configure.ac, lib/Makefile.am, lib/x509/hostname-verify.c: Added - support for RFC6125 hostname comparison That adds the dependency on libidn. - -2014-08-20 Nikos Mavrogiannopoulos - - * lib/x509/Makefile.am, lib/x509/hostname-verify.c, - lib/x509/rfc2818_hostname.c: renamed rfc2818_hostname to - hostname-verify The file no longer follows RFC2818. - -2014-08-20 Nikos Mavrogiannopoulos - - * lib/minitasn1/decoding.c: updated minitasn1 - -2014-08-18 Nikos Mavrogiannopoulos - - * lib/x509/crl.c, lib/x509/pkcs7.c, lib/x509/privkey.c, - lib/x509/x509.c, lib/x509/x509_int.h: Safer reinitialization of - structures on re-import to avoid memory leaks. That also adds the gnutls_pkcs7_t structure into the list of allowed - to re-import. - -2014-08-17 Nikos Mavrogiannopoulos - - * lib/verify-tofu.c: doc update - -2014-08-17 Nikos Mavrogiannopoulos - - * lib/verify-tofu.c: doc update - -2014-08-16 Nikos Mavrogiannopoulos - - * lib/x509/crl.c, lib/x509/pkcs12.c, lib/x509/privkey.c, - lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_int.h: - Re-initialize the ASN.1 structures on every import That allows to import a key/certificate on a structure even if the - previous import failed. - -2014-08-14 Nikos Mavrogiannopoulos - - * src/cli-args.def, src/cli.c: gnutls-cli: added --fips140-mode - command line option That option will report the status of the FIPS140-2 mode in the - library. - -2014-08-14 Nikos Mavrogiannopoulos - - * lib/fips.c: The environment variable GNUTLS_FORCE_FIPS_MODE can be - used to force the FIPS-140-2 mode - -2014-08-13 Nikos Mavrogiannopoulos - - * src/common.h: gnutls-cli/danetool: corrected check on ipv6 IPs - -2014-08-13 Nikos Mavrogiannopoulos - - * lib/x509/rfc2818_hostname.c: Follow the rfc6125 requirement that a - single CN must be present for hostname verification. Follow up on the original commit that simplifies checking for more - than a single hostname. - -2014-08-13 Nikos Mavrogiannopoulos - - * src/cli-debug.c, src/cli.c, src/common.h, src/danetool.c: - gnutls-cli/danetool: added a common check for hostname being an IP - -2014-08-13 Nikos Mavrogiannopoulos - - * lib/x509/rfc2818_hostname.c, tests/hostname-check.c: Follow the - rfc6125 requirement that a single CN must be present for hostname - verification. - -2014-08-12 Nikos Mavrogiannopoulos - - * tests/hostname-check.c: tests: check that - gnutls_x509_crt_check_hostname() will correctly use the last CN when - multiple - -2014-08-12 Nikos Mavrogiannopoulos - - * lib/x509/rfc2818_hostname.c: when checking the hostname of a - certificate with multiple CNs use the "most specific" CN In our case we use the last CN present in the DN. Reported by David - Woodhouse. https://bugzilla.mozilla.org/show_bug.cgi?id=307234#c2 - -2014-08-11 Nikos Mavrogiannopoulos - - * src/benchmark-cipher.c: gnutls-cli: more organized printing of - cipher benchmark output - -2014-08-11 Nikos Mavrogiannopoulos - - * src/benchmark-tls.c: gnutls-cli: removed salsa20 from the - benchmarked ciphers - -2014-08-11 Nikos Mavrogiannopoulos - - * m4/hooks.m4: bumped current and age version to allow 3.3.x - releases with new symbols - -2014-08-11 Nikos Mavrogiannopoulos - - * lib/x509/pkcs12_encr.c: _gnutls_pkcs12_string_to_key(): enforce a - block size of 64-bytes - -2014-08-11 Nikos Mavrogiannopoulos - - * lib/algorithms.h, lib/algorithms/mac.c, lib/libgnutls.map: - mac_to_entry -> _gnutls_mac_to_entry - -2014-08-11 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: gnutls_pkcs11_obj_flags_get_str: mention UNWRAP - -2014-08-11 Nikos Mavrogiannopoulos - - * lib/x509/pkcs12.c: pkcs12: added check for null OID in - gnutls_pkcs12_generate_mac2 - -2014-08-10 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-08-10 Nikos Mavrogiannopoulos - - * tests/pkcs12_encode.c: tests: check gnutls_pkcs12_generate_mac2() - -2014-08-10 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs12.h, lib/libgnutls.map, - lib/x509/pkcs12.c: pkcs12: added gnutls_pkcs12_generate_mac2() That allows a choice on the MAC algorithm to be used. - -2014-08-10 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-08-10 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: --p12-info will provide information on - the MAC algorithm - -2014-08-10 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs12.h, lib/libgnutls.map, - lib/x509/pkcs12.c: pkcs12: added gnutls_pkcs12_mac_info to obtain - information on the MAC - -2014-08-10 Nikos Mavrogiannopoulos - - * lib/libgnutls.map, tests/pkcs12_s2k.c: tests: updated string to - keys tests for new internal API - -2014-08-10 Nikos Mavrogiannopoulos - - * tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12: - tests: test the decoding of a PKCS #12 structure with SHA256 MAC - -2014-08-10 Nikos Mavrogiannopoulos - - * lib/algorithms.h, lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, - lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: pkcs12: Allow - verification with structures that support other than HMAC-SHA1 MACs. - -2014-08-10 Nikos Mavrogiannopoulos - - * tests/gc.c: tests: remove test for nettle's pbkdf2; this is tested - in nettle - -2014-08-10 Nikos Mavrogiannopoulos - - * lib/x509/pkcs12.c: updated doc for gnutls_pkcs12_simple_parse() - -2014-08-09 Nikos Mavrogiannopoulos - - * tests/suite/testdane: testdane: re-enabled DANE checks and added - checks on SMTP - -2014-08-09 Nikos Mavrogiannopoulos - - * src/danetool.c: danetool: obtain certificate only once - -2014-08-09 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11: - modified prototype and doc to be recognized by doc parser - -2014-08-09 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-08-09 Nikos Mavrogiannopoulos - - * src/cli-debug-args.def, src/danetool-args.def, src/socket.c: - danetool/gnutls-cli-debug: added support for imap starttls - -2014-08-09 Nikos Mavrogiannopoulos - - * src/cli-debug-args.def, src/cli-debug.c: gnutls-cli-debug: - supports SMTP starttls - -2014-08-09 Nikos Mavrogiannopoulos - - * src/danetool-args.def, src/danetool.c, src/socket.c, src/socket.h: - danetool: supports SMTP starttls - -2014-08-09 Nikos Mavrogiannopoulos - - * src/danetool-args.def, src/danetool.c, src/socket.c: danetool: - improvements in information presentation - -2014-08-09 Nikos Mavrogiannopoulos - - * libdane/dane.c: libdane: disable debugging mode - -2014-08-08 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c: updated documentation for - gnutls_handshake() - -2014-08-08 Nikos Mavrogiannopoulos - - * src/Makefile.am, src/cli.c, src/danetool.c, - src/ocsptool-common.c, src/socket.c, src/socket.h, - tests/suite/testdane: danetool: if the certificate to verify against - is not provide it try to obtain it - -2014-08-08 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-08-08 Nikos Mavrogiannopoulos - - * lib/x509/Makefile.am, lib/x509/pbkdf2-sha1.c, - lib/x509/pbkdf2-sha1.h, lib/x509/privkey_openssl.c, - lib/x509/privkey_pkcs8.c, tests/gc.c: pbkdf2: removed internal - implementation, use nettle's - -2014-08-08 Nikos Mavrogiannopoulos - - * lib/gnutls_pk.c: protect _gnutls_params_get_rsa_raw() from - crashing when exporting an RSA public key That could happen in case of PKCS #11 abstract keys. - -2014-08-08 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: corrected typo - -2014-08-08 Nikos Mavrogiannopoulos - - * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: - p11tool: added --info parameter That allows obtaining information on a specific object. - -2014-08-08 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: pkcs11: added - GNUTLS_PKCS11_OBJ_ATTR_MATCH flag This flag allows listing only the tokens that match the URL. That - is, this performs an object URL comparison, rather than a token URL - usage. - -2014-08-08 Nikos Mavrogiannopoulos - - * src/p11tool.c: p11tool: only print the debugging message in - debuglevel > 4 - -2014-08-08 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: pkcs11: check CKA_UNWRAP as well for enabling - GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP - -2014-08-07 Nikos Mavrogiannopoulos - - * doc/cha-intro-tls.texi: removed reference to UMAC - -2014-08-07 Nikos Mavrogiannopoulos - - * doc/cha-intro-tls.texi: removed references to SALSA20 - -2014-08-07 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: doc update - -2014-08-07 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11: testpkcs11: rearranged checks to avoid - wrong deletions - -2014-08-07 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: pkcs11: simplified pkcs11_privkey handling A PKCS #11 always holds an open session to the key. - -2014-08-07 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, - src/pkcs11.c: gnutls_pkcs11_flags_get_str -> - gnutls_pkcs11_obj_flags_get_str - -2014-08-07 Nikos Mavrogiannopoulos - - * tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-get-issuer.c: - tests: ensure that no environment variables confuse softhsm - -2014-08-07 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11: testpkcs11: test the trusted and ca flags - being set - -2014-08-07 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, - lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/p11tool.c, src/pkcs11.c: - pkcs11: added new functions to query the object's flags gnutls_pkcs11_obj_get_flags() allows obtaining an object's flags, - and gnutls_pkcs11_flags_get_str() allows printing them. - -2014-08-07 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h: pkcs11.h: introduced - gnutls_pkcs11_obj_flags - -2014-08-07 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11: testpkcs11: exit if - export_pubkey_of_privkey fails - -2014-08-06 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-08-06 Nikos Mavrogiannopoulos - - * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: - p11tool: simplify the passing of flags and pass the key wrapping - flag - -2014-08-06 Nikos Mavrogiannopoulos - - * README: README: removed gmplib 4.2.2 reference - -2014-08-06 Nikos Mavrogiannopoulos - - * src/benchmark-tls.c: gnutls-cli: TLS benchmark parameters were - updated - -2014-08-06 Nikos Mavrogiannopoulos - - * lib/gnutls_privkey.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: - _gnutls_privkey_get_mpis: extended to work for PKCS #11 keys - -2014-08-06 Nikos Mavrogiannopoulos - - * lib/pkcs11.c, lib/pkcs11_privkey.c: doc update - -2014-08-06 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, - lib/pkcs11_privkey.c, src/pkcs11.c: changed semantics of - gnutls_pkcs11_privkey_get_pubkey; named - gnutls_pkcs11_privkey_export_pubkey - -2014-08-06 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_get_pubkey: return - GNUTLS_E_INVALID_REQUEST on invalid params - -2014-08-06 Nikos Mavrogiannopoulos - - * src/p11tool.c: p11tool: activate the --batch option - -2014-08-06 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11: testpkcs11: Test the export of public key - -2014-08-06 Wolfgang Meyer zu Bergsten - - * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: - add public key export to p11tool Signed-off-by: Wolfgang Meyer zu Bergsten - -2014-08-04 Wolfgang Meyer zu Bergsten - - * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, - lib/pkcs11_privkey.c: add pubkey export from private key in pkcs11 - subsystem There are cases where we need to export the public key of private - key at a later time. Previously, the public key was only available - immediately after creation of a key pair. This patch allows to - retrieve the public key of a private key at any time after creation. Signed-off-by: Wolfgang Meyer zu Bergsten - -2014-08-06 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: documented flags format - -2014-08-04 Wolfgang Meyer zu Bergsten - - * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: improve - compatibility in pkcs11 key generation * add key wrap/unwrap key usage * explicitly set public exponent in template Signed-off-by: Wolfgang Meyer zu Bergsten - -2014-08-06 Nikos Mavrogiannopoulos - - * src/cli-debug.c, src/tests.c: gnutls-cli-debug: added AES and - CAMELLIA to the list of default ciphers - -2014-08-06 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: doc update - -2014-08-06 Nikos Mavrogiannopoulos - - * doc/cha-gtls-app.texi: mention profile in security parameters - table - -2014-08-05 Nikos Mavrogiannopoulos - - * devel/DCO/people-dco.txt: Added people who have sent a DCO for - gnutls - -2014-08-05 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-08-05 Nikos Mavrogiannopoulos - - * lib/x509/privkey_pkcs8.c: pkcs12: fixes in decryption with null - password - -2014-08-05 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: free unused variables - -2014-08-05 Nikos Mavrogiannopoulos - - * tests/pkcs8-decode/Makefile.am, - tests/pkcs8-decode/suppressions.valgrind: added missing file - -2014-08-05 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: print more information on PKCS #12 - structures. use gnutls_pkcs12_bag_enc_info to print more information on - encrypted PKCS #12 structures. - -2014-08-05 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/pkcs12.h, lib/libgnutls.map, - lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c, - lib/x509/x509_int.h: added new function to obtain information on a - PKCS #12 encrypted bag New function: gnutls_pkcs12_bag_enc_info() - -2014-08-05 Nikos Mavrogiannopoulos - - * lib/x509/privkey_pkcs8.c: doc update - -2014-08-05 Nikos Mavrogiannopoulos - - * src/certtool.c: certtool: default pkcs-cipher is now 3des as in - PKCS #12 - -2014-08-05 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/x509.h, lib/x509/privkey_pkcs8.c, - src/certtool.c: gnutls_pkcs8_info: will return OID value even on - unsupported structures - -2014-08-05 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c, lib/x509/x509.c: doc: replaced non-0 with - non-zero - -2014-08-04 Nikos Mavrogiannopoulos - - * NEWS, src/certtool-args.def: doc update - -2014-08-04 Nikos Mavrogiannopoulos - - * lib/x509/privkey_pkcs8.c: simplified decrypt_data() and initialize - parameters on decryption - -2014-08-04 Nikos Mavrogiannopoulos - - * lib/x509/privkey_pkcs8.c: further increase iteration count - -2014-08-04 Nikos Mavrogiannopoulos - - * src/certtool.c, tests/pkcs8-decode/Makefile.am, - tests/pkcs8-decode/openssl-3des.p8.txt, - tests/pkcs8-decode/openssl-aes128.p8.txt, - tests/pkcs8-decode/openssl-aes256.p8.txt, tests/pkcs8-decode/pkcs8: - certtool: improved PKCS #8 information printing - -2014-08-04 Nikos Mavrogiannopoulos - - * tests/pkcs8-decode/Makefile.am, - tests/pkcs8-decode/openssl-3des.p8, - tests/pkcs8-decode/openssl-3des.p8.txt, - tests/pkcs8-decode/openssl-aes128.p8, - tests/pkcs8-decode/openssl-aes128.p8.txt, - tests/pkcs8-decode/openssl-aes256.p8, - tests/pkcs8-decode/openssl-aes256.p8.txt, tests/pkcs8-decode/pkcs8: - tests: added more PKCS #8 decoding tests - -2014-08-04 Nikos Mavrogiannopoulos - - * lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: small fixes and - optimizations in PKCS #8 information - -2014-08-04 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-08-04 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool.c: certtool: added --p8-info - option - -2014-08-04 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/x509.h, lib/libgnutls.map, - lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: added new functions - to obtain information on PKCS #8 structures. Added gnutls_pkcs8_info(), gnutls_pkcs_schema_get_name(), and - gnutls_pkcs_schema_get_oid(). - -2014-08-04 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c, - lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: PKCS #8 encryption - support was made more compact and manageable - -2014-08-04 Nikos Mavrogiannopoulos - - * lib/x509/pkcs12.c: pkcs12: increased the number of iterations for - MAC - -2014-08-04 Nikos Mavrogiannopoulos - - * lib/atfork.c: removed debugging info - -2014-07-31 Nikos Mavrogiannopoulos - - * lib/atfork.h, lib/nettle/rnd-common.c, lib/system.h, - lib/x509/verify-high2.c: several windows compilation fixes - -2014-07-31 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/gnutls.h.in: gnutls.h: use _SYM_EXPORT to - export other than function symbols - -2014-07-29 Nikos Mavrogiannopoulos - - * src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3, - src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c, - src/libopts/ao-strs.c, src/libopts/ao-strs.h, - src/libopts/autoopts.c, src/libopts/autoopts.h, - src/libopts/autoopts/options.h, src/libopts/autoopts/project.h, - src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c, - src/libopts/check.c, src/libopts/compat/compat.h, - src/libopts/compat/windows-config.h, src/libopts/configfile.c, - src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c, - src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c, - src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c, - src/libopts/load.c, src/libopts/m4/libopts.m4, - src/libopts/m4/liboptschk.m4, src/libopts/makeshell.c, - src/libopts/nested.c, src/libopts/numeric.c, - src/libopts/option-value-type.c, src/libopts/option-value-type.h, - src/libopts/option-xat-attribute.c, - src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c, - src/libopts/parse-duration.h, src/libopts/pgusage.c, - src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c, - src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c, - src/libopts/stack.c, src/libopts/streqvcmp.c, - src/libopts/text_mmap.c, src/libopts/time.c, - src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c: - updated to libopts 5.18.3 - -2014-07-29 Nikos Mavrogiannopoulos - - * build-aux/config.rpath, build-aux/gendocs.sh, - doc/gendocs_template, gl/m4/gnulib-common.m4, gl/m4/intl.m4, - gl/m4/po.m4, gl/m4/printf.m4, gl/m4/valgrind-tests.m4, - gl/tests/fcntl.in.h, maint.mk, src/gl/error.c, src/gl/m4/dup2.m4, - src/gl/m4/gnulib-common.m4, src/gl/m4/printf.m4, src/gl/mktime.c, - src/gl/select.c, src/gl/xalloc.h: updated gnulib - -2014-07-29 Nikos Mavrogiannopoulos - - * lib/x509/pkcs12.c: updated documentation for - gnutls_pkcs12_simple_parse - -2014-07-29 Nikos Mavrogiannopoulos - - * NEWS, configure.ac: master now holds the 3.4.0 release - -2014-07-29 Nikos Mavrogiannopoulos - - * configure.ac, lib/Makefile.am, lib/atfork.c, lib/atfork.h, - lib/gnutls_global.c, lib/nettle/rnd-fips.c, lib/nettle/rnd.c, - lib/pkcs11.c: Use pthread_atfork() and variants to detect fork - -2014-07-28 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-07-28 Nikos Mavrogiannopoulos - - * lib/Makefile.am, lib/inet_pton.c, lib/system.h, - lib/x509/rfc2818_hostname.c: Added replacements of inet_aton and - inet_pton on systems they are not present gnulib is avoided due to keep the gnulib network replacements out of - the library. - -2014-07-28 Nikos Mavrogiannopoulos - - * doc/cha-cert-auth.texi: Added text on PKCS #11 verification - -2014-07-27 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in, - lib/includes/gnutls/ocsp.h, lib/includes/gnutls/pkcs11.h, - lib/includes/gnutls/x509.h: removed comma at the end of enumerations That patch allows compilers that don't support C99 syntax to compile - applications that use a header of gnutls. Report and patch Ryan - Schmidt. - -2014-07-27 Nikos Mavrogiannopoulos - - * Makefile.am, configure.ac, doc/Makefile.am: check for sed in - configure.ac and use the output variable in Makefiles - -2014-07-24 Nikos Mavrogiannopoulos - - * lib/gnutls_handshake.c: doc update - -2014-07-23 Nikos Mavrogiannopoulos - - * tests/dane.c: tests: dane: add flag DANE_F_IGNORE_LOCAL_RESOLVER - to dane_state_init That prevents unbound from complaining in systems where no DNSSEC - functionality is present. - -2014-07-23 Nikos Mavrogiannopoulos - - * libdane/dane.c: doc update - -2014-07-23 Nikos Mavrogiannopoulos - - * tests/Makefile.am: tests: added libdane/includes to includes dir - -2014-07-23 Nikos Mavrogiannopoulos - - * NEWS: released 3.3.6 - -2014-07-23 Nikos Mavrogiannopoulos - - * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: Added - missing functions - -2014-07-22 Nikos Mavrogiannopoulos - - * m4/hooks.m4: bumped library version - -2014-07-22 Nikos Mavrogiannopoulos - - * libdane/dane.c: libdane: simplified initialization of variables. - -2014-07-22 Nikos Mavrogiannopoulos - - * libdane/dane.c: libdane: bogus and secure values are always - initialized in dane_query_to_raw_tlsa - -2014-07-22 Nikos Mavrogiannopoulos - - * tests/dane.c: tests: eliminated leak from dane check - -2014-07-22 Nikos Mavrogiannopoulos - - * libdane/dane.c: libdane: use gnutls_malloc() and doc update - -2014-07-22 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/dane.c: Added self test for DANE raw - functions - -2014-07-22 Nikos Mavrogiannopoulos - - * src/danetool-args.def, src/danetool.c: danetool: added option to - print the raw entries. - -2014-07-22 Nikos Mavrogiannopoulos - - * libdane/dane.c: doc update - -2014-07-22 Nikos Mavrogiannopoulos - - * lib/libgnutls.map: moved _gnutls_prf_raw to FIPS140 symbols - -2014-07-22 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/aes-gcm-x86-pclmul.c, - lib/accelerated/x86/aes-padlock.c: Added sanity check on padlock AES - IV set. - -2014-07-22 Nikos Mavrogiannopoulos - - * lib/gnutls_state.c, lib/libgnutls.map: fips140-2: Added - _gnutls_prf_raw() which can calculate the TLS PRF without depending - on a session structure. - -2014-07-22 Nikos Mavrogiannopoulos - - * lib/fips.c: fips140-2: do not check the libtasn1's integrity - -2014-07-22 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c: RSA-PSK ciphersuites are only - allowed in TLS 1.0. That is because they implement the EncryptedPreMasterSecret encoding - according to RFC 4279, which uses the TLS 1.0 (RFC 2246) encoding, - and there can be ambiguities when using that over SSL 3.0. See: - http://lists.gnupg.org/pipermail/gnutls-help/2014-July/003546.html - -2014-07-22 Nikos Mavrogiannopoulos - - * lib/gnutls_priority.c: gnutls_priority_init: set err_pos prior to - any action That allows a valid err_pos, even on a memory allocation error. - Reported by Dan Fandrich. - -2014-07-22 Nikos Mavrogiannopoulos - - * doc/TODO: updated TODO - -2014-07-22 Nikos Mavrogiannopoulos - - * lib/algorithms/ciphersuites.c: minimum version was changed to TLS - 1.0 for ciphersuites with SHA2 These ciphersuites could not be used with SSL 3.0 that only defines - usage of MD5 or SHA1 MACs. Reported by Manuel Pegourie-Gonnard. - -2014-07-21 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: ignore CKR_CRYPTOKI_ALREADY_INITIALIZED when - returned on reinitialization - -2014-07-21 Nikos Mavrogiannopoulos - - * tests/Makefile.am, tests/x509cert-dir/ca.pem, tests/x509cert-tl.c: - tests: x509cert-tl checks gnutls_x509_trust_list_add_trust_dir() - -2014-07-21 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c: doc update - -2014-07-21 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-07-21 Nikos Mavrogiannopoulos - - * lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in, - lib/libgnutls.map: Added gnutls_certificate_set_x509_trust_dir() - -2014-07-21 Nikos Mavrogiannopoulos - - * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/system.c, - lib/x509/verify-high2.c: Added - gnutls_x509_trust_list_add_trust_dir() This essentially exports the functionality to read from a directory - with trusted certificates. - -2014-07-21 Nikos Mavrogiannopoulos - - * configure.ac, lib/system.c: Allow specifying a directory as trust - store - -2014-07-11 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-07-10 Simon Arlott - - * libdane/dane.c, libdane/includes/gnutls/dane.h, - libdane/libdane.map: libdane: add function dane_query_to_raw_tlsa This function converts a dane_query_t into the parameters needed for - dane_raw_tlsa() to make it easy to copy the results of the - (synchronous) lookup query from one process to another. This code allocates an unnecessary extra NULL entry for - dane_data_len to avoid trying to malloc 0 bytes if q->data_entries - is 0 (it is possible for malloc/calloc to return NULL when requested - to allocate 0 bytes). Signed-off-by: Simon Arlott - -2014-07-08 Nikos Mavrogiannopoulos - - * lib/fips.c: FIPS140-2 tests: no need for MD5 check - -2014-07-08 Nikos Mavrogiannopoulos - - * lib/fips.c: FIPS140-2 tests: removed redundant checks We keep on check per cipher which is required, and avoid multiple - (and time-consuming) tests. - -2014-07-08 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/x86-common.c: Allow specifying - GNUTLS_CPUID_OVERRIDE in either hex or decimal. - -2014-07-08 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-07-08 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/x86-common.c: Added option to disable any cpu - optimizations - -2014-07-08 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/x86-common.c, - lib/accelerated/x86/x86-common.h: simplified housekeeping of CPUID - registers - -2014-07-08 Nikos Mavrogiannopoulos - - * lib/accelerated/x86/x86-common.c: Allow overriding the detected - CPUID using the GNUTLS_CPUID_OVERRIDE environment variable - -2014-07-08 Nikos Mavrogiannopoulos - - * lib/x509/privkey.c: FIPS140-2 tests: Added pairwise consistency - check for RSA encryption - -2014-07-08 Nikos Mavrogiannopoulos - - * lib/crypto-selftests-pk.c: FIPS140-2 tests: check with DSA-2048 - and DSA-3072 bit keys, as well as SHA256. - -2014-07-08 Nikos Mavrogiannopoulos - - * lib/crypto-selftests-pk.c: FIPS140-2 tests: check with RSA-2048 - and RSA-3072 bit keys - -2014-07-08 Nikos Mavrogiannopoulos - - * lib/crypto-selftests-pk.c: tests: check RSA with SHA256 - -2014-07-08 Nikos Mavrogiannopoulos - - * lib/crypto-selftests-pk.c: FIPS140-2 mode: test whether RSA - encrypted data differ from plaintext - -2014-07-07 Nikos Mavrogiannopoulos - - * lib/nettle/cipher.c: FIPS140-2 mode: enforce the minimum GCM IV - size required by SP800-38D (section 8.2) - -2014-07-07 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-07-07 Nikos Mavrogiannopoulos - - * src/certtool-args.def, src/certtool-common.c, - src/certtool-common.h, src/certtool.c, src/p11tool-args.def, - src/p11tool.c: p11tool/certtool: Added --curve parameter. The curve parameter allows to explicitly specify the curve to use - when generating a key. - -2014-07-07 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-07-07 Nikos Mavrogiannopoulos - - * lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c, - lib/pkcs11_write.c, lib/x509/key_encode.c, lib/x509/x509_int.h: set - CKA_EC_PARAMS when generating an ECDSA key - -2014-07-07 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: only print warning about key sizes in RSA - keys - -2014-07-07 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: make brief output more brief - -2014-07-07 Nikos Mavrogiannopoulos - - * lib/nettle/mpi.c, lib/nettle/pk.c: mpi: use zeroize_key() instead - of memset() - -2014-07-06 Nikos Mavrogiannopoulos - - * libdane/dane.c: dane: Skip DANE entries that may contain unknown - info That would allow skipping any future entries without failing. - Reported by Simon Arlott. - -2014-07-06 Nikos Mavrogiannopoulos - - * libdane/dane.c: dane: Added sanity check in dane_verify_crt_raw() That allows calling the function will an empty chain. Reported by - Simon Arlott. - -2014-07-06 Nikos Mavrogiannopoulos - - * doc/examples/ex-cert-select-pkcs11.c, - doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c, - doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c, - doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c, - doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c, - doc/examples/ex-serv-x509.c: examples: mention that - gnutls_global_init() is optional - -2014-07-06 Nikos Mavrogiannopoulos - - * doc/cha-tokens.texi: doc: mention and link to trust storage module - -2014-07-06 Nikos Mavrogiannopoulos - - * doc/cha-bib.texi, doc/cha-tokens.texi: doc update - -2014-07-04 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-07-04 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: pkcs11: Removed length check of attribute as - a sanity check for valid keys. There can be keys where the id or label is empty and thus with zero - length. - -2014-07-04 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: Increased number of attributes - -2014-07-03 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-07-03 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: try to restart on session errors, to avoid - having a failed call. - -2014-07-03 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: corrected pkcs11 reinitialization - -2014-07-03 Nikos Mavrogiannopoulos - - * lib/pkcs11_privkey.c: If we get a PKCS #11 session error, - invalidate the cached session. - -2014-07-03 Nikos Mavrogiannopoulos - - * lib/pkcs11.c: set the maximum value when printing - library_description - -2014-07-03 Nikos Mavrogiannopoulos - - * lib/pkcs11.c, lib/pkcs11_privkey.c: On fork invalidate the PKCS - #11 privkey cached session - -2014-07-03 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-07-03 Nikos Mavrogiannopoulos - - * src/pkcs11.c: p11tool: don't outsmart user and override login type Unfortunately tokens vary on their requirements for writing trusted - and private objects, and there is no one-size fits all policy. Thus - allow a proper failure and warn the user that so-login may be - required. - -2014-07-03 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11: testpkcs11: Try to write the trusted - object both by so-pin and normal pin - -2014-07-02 Nikos Mavrogiannopoulos - - * tests/suite/testpkcs11: tests: testpkcs11: temp parameters are - deleted after generation - -2014-07-02 Nikos Mavrogiannopoulos - - * configure.ac, m4/hooks.m4: bumped version - -2014-07-02 Nikos Mavrogiannopoulos - - * tests/suite/Makefile.am: tests: added testpkcs11.sc-hsm - -2014-07-02 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-07-02 Nikos Mavrogiannopoulos - - * src/p11tool-args.def, src/pkcs11.c: p11tool: use GNUTLS_PIN and - GNUTLS_SO_PIN when setting the PINs of an initialized token. - -2014-07-02 Nikos Mavrogiannopoulos - - * tests/slow/gendh.c: tests: gendh: increased the DH prime size to - allow usage under FIPS140-2 mode - -2014-07-02 Nikos Mavrogiannopoulos - - * src/common.c: tools: when in batch mode and no PIN, print a note - about using the environment variables - -2014-07-02 Nikos Mavrogiannopoulos - - * tests/crq_key_id.c: tests: crq_key_id: increased generated DSA key - size and changed hash to SHA256 That allows the test to operate under the FIPS140-2 mode. - -2014-07-02 Nikos Mavrogiannopoulos - - * tests/crq_key_id.c: tests: improved error reporting in crq_key_id - -2014-07-02 Nikos Mavrogiannopoulos - - * doc/cha-upgrade.texi: doc: properly terminate table - -2014-07-02 Nikos Mavrogiannopoulos - - * lib/nettle/int/dsa-keygen-fips186.c: removed pbits=1024, qbits=160 - from the acceptable bit sizes in FIPS140-2 DSA parameter generation. - -2014-07-02 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-07-02 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-07-02 Nikos Mavrogiannopoulos - - * src/certtool.c, src/common.c, src/common.h, src/danetool.c, - src/pkcs11.c, src/serv.c: tools: PIN callback will respect batch - mode and will not ask for PIN. - -2014-07-02 Nikos Mavrogiannopoulos - - * src/certtool-common.h, src/p11tool-args.def, src/p11tool.c, - src/p11tool.h, src/pkcs11.c: p11tool: Ask for label if not - specified. Added --batch parameter to disable interaction. - -2014-07-02 Nikos Mavrogiannopoulos - - * src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: If there is - only a single token available, don't bother complaining about - specifying the correct URL - -2014-07-02 Nikos Mavrogiannopoulos - - * lib/nettle/int/drbg-aes.h: updated comment - -2014-07-01 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-07-01 Nikos Mavrogiannopoulos - - * src/certtool-args.def: certtool: document that URLs are supported - -2014-07-01 Nikos Mavrogiannopoulos - - * src/p11tool-args.def: p11tool: document GNUTLS_SO_PIN env variable - -2014-07-01 Nikos Mavrogiannopoulos - - * tests/suite/Makefile.am, tests/suite/testpkcs11, - tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm, - tests/suite/testpkcs11.softhsm: tests: improved testpkcs11 suite - -2014-07-01 Nikos Mavrogiannopoulos - - * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: - gnutls_pkcs11_privkey_generate2(): corrected public key extraction - (for ECDSA keys) - -2014-07-01 Nikos Mavrogiannopoulos - - * src/common.c: p11tool/certtool: use GNUTLS_SO_PIN for reading - security officer's PIN - -2014-07-01 Nikos Mavrogiannopoulos - - * src/certtool-common.h, src/p11tool-args.def, src/p11tool.c, - src/pkcs11.c: p11tool: added options --set-pin and --set-so-pin These allow for an non-interactive --initialize process. - -2014-06-30 Nikos Mavrogiannopoulos - - * lib/x509/rfc2818_hostname.c: Added explicit documentation on IPv4 - and IPv6 address matching. - -2014-06-29 Nikos Mavrogiannopoulos - - * tests/long-session-id.c: tests: long-session-id: ignore SIGPIPE - -2014-06-29 Nikos Mavrogiannopoulos - - * doc/cha-upgrade.texi: doc: Added text on upgrading to 3.3.x from - 3.2.x - -2014-06-27 Nikos Mavrogiannopoulos - - * lib/x509/rfc2818_hostname.c: do not exit the loop in case a name - doesn't fit into our buffer. - -2014-06-27 Nikos Mavrogiannopoulos - - * lib/x509/rfc2818_hostname.c: when verifying an IP, also verify it - as a hostname There are several misconfigured servers that placed their IP as a - DNS name. Pointed out by David Woodhouse. - -2014-06-27 Nikos Mavrogiannopoulos - - * lib/x509/output.c: supress warnings - -2014-06-27 Nikos Mavrogiannopoulos - - * NEWS: doc update - -2014-06-27 Nikos Mavrogiannopoulos - - * configure.ac, lib/x509/rfc2818_hostname.c: check of inet_pton - instead for AF_INET6 - -2014-06-27 Nikos Mavrogiannopoulos - - * configure.ac, lib/x509/output.c: Use inet_ntop() for printing IP - addresses. The old dumb code is used in systems that don't have that function. - -2014-06-27 Nikos Mavrogiannopoulos - - * tests/hostname-check.c: tests: Added test cases for IPv4/6 - matching. - -2014-06-27 Nikos Mavrogiannopoulos - - * lib/x509/rfc2818_hostname.c: gnutls_x509_crt_check_hostname() - checks text ip addresses as well. That aligns the documentation with the implementation. Reported by - David Woodhouse. - -2014-06-27 Nikos Mavrogiannopoulos - - * lib/gnutls_str.c: initialize str to NULL - -2014-06-26 Nikos Mavrogiannopoulos - - * lib/x509/crl.c: fixed documentation - 2014-06-26 Nikos Mavrogiannopoulos * tests/cert-tests/aki, tests/cert-tests/pathlen, @@ -22354,18 +11994,8 @@ 2012-11-07 Nikos Mavrogiannopoulos - * NEWS, lib/gnutls_cert.c, lib/gnutls_x509.c, - lib/includes/gnutls/gnutls.h.in: Removed - GNUTLS_CERT_REVOCATION_DATA_INVALID and no longer fail on OCSP - parsing errors. - -2012-11-07 Nikos Mavrogiannopoulos - - * doc/cha-cert-auth.texi, doc/cha-tokens.texi: doc update - -2012-11-07 Nikos Mavrogiannopoulos - - * gnutls-cli-debug uses server name indication. + * Removed GNUTLS_CERT_REVOCATION_DATA_INVALID and no longer fail on + OCSP parsing errors. ----- diff --git a/GNUmakefile b/GNUmakefile index 6617eec..4ab6429 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -5,7 +5,7 @@ # It is necessary if you want to build targets usually of interest # only to the maintainer. -# Copyright (C) 2001, 2003, 2006-2015 Free Software Foundation, Inc. +# Copyright (C) 2001, 2003, 2006-2014 Free Software Foundation, Inc. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/Makefile.am b/Makefile.am index 4ab3c5c..71a7d83 100644 --- a/Makefile.am +++ b/Makefile.am @@ -27,13 +27,10 @@ if ENABLE_DANE SUBDIRS += libdane endif -SUBDIRS += po -if ENABLE_TOOLS -SUBDIRS += src/gl src -else -SUBDIRS += src/gl +SUBDIRS += po src +if ENABLE_DOC +SUBDIRS += doc endif - if ENABLE_TESTS SUBDIRS += tests endif @@ -42,37 +39,11 @@ if HAVE_GUILE SUBDIRS += guile endif -if ENABLE_DOC -SUBDIRS += doc -endif - ACLOCAL_AMFLAGS = -I m4 -I gl/m4 -I src/libopts/m4 -I src/gl/m4 EXTRA_DIST = cfg.mk maint.mk .clcopying -README-alpha: README.md - cp $^ $@ - chmod 444 $@ - -TMPFILE="abi-temp.xml" - -abi-check: - @rm -f $(TMPFILE) - @echo "Checking libgnutls ABI" - @echo "$(VERSION)" >$(TMPFILE) - @echo "$(srcdir)/lib/includes/gnutls" >>$(TMPFILE) - @echo "$(builddir)/lib/includes/gnutls" >>$(TMPFILE) - @echo "$(builddir)/lib/.libs" >>$(TMPFILE) - test ! -f "$(srcdir)/devel/ABI-$$(uname -m).dump" || \ - abi-compliance-checker -abi -lib gnutls -old "$(srcdir)/devel/ABI-$$(uname -m).dump" -new $(TMPFILE) -skip-symbols $(srcdir)/devel/abi-unchecked-symbols - @echo "Checking libgnutls-dane ABI" - @echo "$(VERSION)" >$(TMPFILE) - @echo "$(srcdir)/libdane/includes/gnutls" >>$(TMPFILE) - @echo "$(builddir)/libdane/.libs" >>$(TMPFILE) - test ! -f "$(srcdir)/devel/ABI-dane-$$(uname -m).dump" || abi-compliance-checker -abi -lib gnutls-dane -old "$(srcdir)/devel/ABI-dane-$$(uname -m).dump" -new $(TMPFILE) - @rm -f $(TMPFILE) - -dist-hook: abi-check +dist-hook: make -C doc/ compare-makefile make -C doc/ compare-exported make -C doc/manpages compare-makefile @@ -81,20 +52,20 @@ dist-hook: abi-check @echo "symbols added or removed are correct and copy symbols.last.tmp as" @echo "symbols.last" @echo "*****************************************************************" - objdump -T $(srcdir)/lib/.libs/libgnutls.so.30 | grep -v ' \*UND\*' | awk '{print $$7 "@" $$6;}' | grep -v GNUTLS_FIPS140 | grep -v GNUTLS_PRIVATE | sort -u >symbols.last.tmp + objdump -T $(srcdir)/lib/.libs/libgnutls.so.28 | grep -v ' \*UND\*' | awk '{print $$7 "@" $$6;}' | sort -u >symbols.last.tmp diff -u symbols.last symbols.last.tmp >/dev/null 2>&1 rm -f symbols.last.tmp rm -f ChangeLog make ChangeLog cp -f ChangeLog $(distdir)/ - $(SED) 's/\@VERSION\@/$(VERSION)/g' -i $(distdir)/src/args-std.def - $(SED) 's/\@YEAR\@/$(YEAR)/g' -i $(distdir)/src/args-std.def - $(SED) 's/\@PACKAGE_BUGREPORT\@/$(PACKAGE_BUGREPORT)/g' -i $(distdir)/src/args-std.def + sed 's/\@VERSION\@/$(VERSION)/g' -i $(distdir)/src/args-std.def + sed 's/\@YEAR\@/$(YEAR)/g' -i $(distdir)/src/args-std.def + sed 's/\@PACKAGE_BUGREPORT\@/$(PACKAGE_BUGREPORT)/g' -i $(distdir)/src/args-std.def cd $(distdir)/src/ && for i in *.def;do \ if test x"$$i" = x"args-std.def";then continue; fi; \ autogen $$i; \ cp $$i $$i.tmp; \ - $(SED) -i 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $$i.tmp; \ + sed -i 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $$i.tmp; \ autogen -Tagman-cmd.tpl $$i.tmp; \ rm -f $$i.tmp; \ mv -f *.1 ../doc/manpages/; \ @@ -102,11 +73,4 @@ dist-hook: abi-check cd $(distdir)/src/ && for i in *-args.c *-args.h;do \ mv $$i $$i.bak; \ done - @echo "*****************************************************************" - @echo "Checking whether included libopts matches the system's. If the" - @echo "check fails upgrade the included libopts." - @echo "*****************************************************************" - test "`autoopts-config libsrc|cut -d '-' -f 2|sed 's/.tar.gz//'`" = "`cat src/libopts/autoopts/options.h |grep OPTIONS_VERSION_STRING|cut -d '"' -f 2|sed 's/:/./g'`" touch $(distdir)/doc/*.html $(distdir)/doc/*.pdf $(distdir)/doc/*.info - -.PHONY: abi-check diff --git a/Makefile.in b/Makefile.in index 428779f..92db14d 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -34,17 +34,7 @@ # along with this file; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -108,12 +98,28 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @ENABLE_DANE_TRUE@am__append_1 = libdane -@ENABLE_TOOLS_TRUE@am__append_2 = src/gl src -@ENABLE_TOOLS_FALSE@am__append_3 = src/gl -@ENABLE_TESTS_TRUE@am__append_4 = tests -@HAVE_GUILE_TRUE@am__append_5 = guile -@ENABLE_DOC_TRUE@am__append_6 = doc +@ENABLE_DOC_TRUE@am__append_2 = doc +@ENABLE_TESTS_TRUE@am__append_3 = tests +@HAVE_GUILE_TRUE@am__append_4 = guile subdir = . +DIST_COMMON = INSTALL NEWS README AUTHORS ChangeLog \ + $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(top_srcdir)/configure $(am__configure_deps) \ + $(srcdir)/config.h.in $(top_srcdir)/doc/doxygen/Doxyfile.in \ + $(top_srcdir)/lib/includes/gnutls/gnutls.h.in ABOUT-NLS \ + COPYING COPYING.LESSER THANKS build-aux/ar-lib \ + build-aux/compile build-aux/config.guess \ + build-aux/config.rpath build-aux/config.sub build-aux/depcomp \ + build-aux/install-sh build-aux/mdate-sh build-aux/missing \ + build-aux/texinfo.tex build-aux/ylwrap ltmain.sh \ + build-aux/ltmain.sh $(top_srcdir)/build-aux/ar-lib \ + $(top_srcdir)/build-aux/compile \ + $(top_srcdir)/build-aux/config.guess \ + $(top_srcdir)/build-aux/config.rpath \ + $(top_srcdir)/build-aux/config.sub \ + $(top_srcdir)/build-aux/install-sh \ + $(top_srcdir)/build-aux/ltmain.sh \ + $(top_srcdir)/build-aux/missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/bison.m4 \ @@ -147,7 +153,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ $(top_srcdir)/src/gl/m4/xalloc.m4 \ $(top_srcdir)/src/libopts/m4/libopts.m4 \ - $(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \ $(top_srcdir)/gl/m4/00gnulib.m4 \ $(top_srcdir)/gl/m4/absolute-header.m4 \ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/base64.m4 \ @@ -224,8 +229,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ - $(am__configure_deps) $(am__DIST_COMMON) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d @@ -288,23 +291,7 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags CSCOPE = cscope -DIST_SUBDIRS = gl lib extra libdane po src/gl src tests guile doc -am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \ - $(top_srcdir)/build-aux/ar-lib $(top_srcdir)/build-aux/compile \ - $(top_srcdir)/build-aux/config.guess \ - $(top_srcdir)/build-aux/config.rpath \ - $(top_srcdir)/build-aux/config.sub \ - $(top_srcdir)/build-aux/install-sh \ - $(top_srcdir)/build-aux/ltmain.sh \ - $(top_srcdir)/build-aux/missing \ - $(top_srcdir)/doc/doxygen/Doxyfile.in \ - $(top_srcdir)/lib/includes/gnutls/gnutls.h.in ABOUT-NLS \ - AUTHORS COPYING COPYING.LESSER ChangeLog INSTALL NEWS README \ - THANKS build-aux/ar-lib build-aux/compile \ - build-aux/config.guess build-aux/config.rpath \ - build-aux/config.sub build-aux/depcomp build-aux/install-sh \ - build-aux/ltmain.sh build-aux/mdate-sh build-aux/missing \ - build-aux/texinfo.tex build-aux/ylwrap +DIST_SUBDIRS = gl lib extra libdane po src doc tests guile DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -341,8 +328,8 @@ am__relativize = \ done; \ reldir="$$dir2" GZIP_ENV = --best -DIST_ARCHIVES = $(distdir).tar.xz -DIST_TARGETS = dist-xz +DIST_ARCHIVES = $(distdir).tar.lz $(distdir).tar.xz +DIST_TARGETS = dist-lzip dist-xz distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' @@ -397,7 +384,6 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ -ENABLE_PADLOCK = @ENABLE_PADLOCK@ ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ ENOLINK_VALUE = @ENOLINK_VALUE@ EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ @@ -557,7 +543,6 @@ GNULIB_PUTCHAR = @GNULIB_PUTCHAR@ GNULIB_PUTENV = @GNULIB_PUTENV@ GNULIB_PUTS = @GNULIB_PUTS@ GNULIB_PWRITE = @GNULIB_PWRITE@ -GNULIB_QSORT_R = @GNULIB_QSORT_R@ GNULIB_RAISE = @GNULIB_RAISE@ GNULIB_RANDOM = @GNULIB_RANDOM@ GNULIB_RANDOM_R = @GNULIB_RANDOM_R@ @@ -620,7 +605,6 @@ GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@ GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@ GNULIB_TIMEGM = @GNULIB_TIMEGM@ GNULIB_TIME_R = @GNULIB_TIME_R@ -GNULIB_TIME_RZ = @GNULIB_TIME_RZ@ GNULIB_TMPFILE = @GNULIB_TMPFILE@ GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@ GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@ @@ -770,7 +754,6 @@ HAVE_LCHMOD = @HAVE_LCHMOD@ HAVE_LCHOWN = @HAVE_LCHOWN@ HAVE_LIBDL = @HAVE_LIBDL@ HAVE_LIBICONV = @HAVE_LIBICONV@ -HAVE_LIBNSL = @HAVE_LIBNSL@ HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ HAVE_LIBRT = @HAVE_LIBRT@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -778,7 +761,6 @@ HAVE_LINK = @HAVE_LINK@ HAVE_LINKAT = @HAVE_LINKAT@ HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ HAVE_LSTAT = @HAVE_LSTAT@ -HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ HAVE_MBRLEN = @HAVE_MBRLEN@ HAVE_MBRTOWC = @HAVE_MBRTOWC@ HAVE_MBSINIT = @HAVE_MBSINIT@ @@ -869,7 +851,6 @@ HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ HAVE_TIMEGM = @HAVE_TIMEGM@ -HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ HAVE_UNISTD_H = @HAVE_UNISTD_H@ HAVE_UNLINKAT = @HAVE_UNLINKAT@ @@ -945,8 +926,6 @@ LIBICONV_PREFIX = @LIBICONV_PREFIX@ LIBIDN_CFLAGS = @LIBIDN_CFLAGS@ LIBIDN_LIBS = @LIBIDN_LIBS@ LIBINTL = @LIBINTL@ -LIBNSL = @LIBNSL@ -LIBNSL_PREFIX = @LIBNSL_PREFIX@ LIBOBJS = @LIBOBJS@ LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ LIBOPTS_DIR = @LIBOPTS_DIR@ @@ -971,7 +950,6 @@ LTALLOCA = @LTALLOCA@ LTLIBDL = @LTLIBDL@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ -LTLIBNSL = @LTLIBNSL@ LTLIBOBJS = @LTLIBOBJS@ LTLIBPTHREAD = @LTLIBPTHREAD@ LTLIBRT = @LTLIBRT@ @@ -1151,12 +1129,10 @@ REPLACE_PTSNAME = @REPLACE_PTSNAME@ REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ REPLACE_PUTENV = @REPLACE_PUTENV@ REPLACE_PWRITE = @REPLACE_PWRITE@ -REPLACE_QSORT_R = @REPLACE_QSORT_R@ REPLACE_RAISE = @REPLACE_RAISE@ REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ REPLACE_READ = @REPLACE_READ@ REPLACE_READLINK = @REPLACE_READLINK@ -REPLACE_READLINKAT = @REPLACE_READLINKAT@ REPLACE_REALLOC = @REPLACE_REALLOC@ REPLACE_REALPATH = @REPLACE_REALPATH@ REPLACE_REMOVE = @REPLACE_REMOVE@ @@ -1188,7 +1164,6 @@ REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ REPLACE_SYMLINK = @REPLACE_SYMLINK@ -REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ REPLACE_TIMEGM = @REPLACE_TIMEGM@ REPLACE_TMPFILE = @REPLACE_TMPFILE@ REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ @@ -1221,11 +1196,9 @@ STDALIGN_H = @STDALIGN_H@ STDBOOL_H = @STDBOOL_H@ STDDEF_H = @STDDEF_H@ STDINT_H = @STDINT_H@ -STDNORETURN_H = @STDNORETURN_H@ STRIP = @STRIP@ SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ -TROUSERS_LIB = @TROUSERS_LIB@ TSS_CFLAGS = @TSS_CFLAGS@ TSS_LIBS = @TSS_LIBS@ UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ @@ -1233,7 +1206,6 @@ UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ UNBOUND_LIBS = @UNBOUND_LIBS@ UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ -UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ USE_NLS = @USE_NLS@ @@ -1310,7 +1282,6 @@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -1320,12 +1291,10 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ DISTCHECK_CONFIGURE_FLAGS = --enable-gtk-doc --disable-valgrind-tests -SUBDIRS = gl lib extra $(am__append_1) po $(am__append_2) \ - $(am__append_3) $(am__append_4) $(am__append_5) \ - $(am__append_6) +SUBDIRS = gl lib extra $(am__append_1) po src $(am__append_2) \ + $(am__append_3) $(am__append_4) ACLOCAL_AMFLAGS = -I m4 -I gl/m4 -I src/libopts/m4 -I src/gl/m4 EXTRA_DIST = cfg.mk maint.mk .clcopying -TMPFILE = "abi-temp.xml" all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -1345,6 +1314,7 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu Makefile +.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1572,7 +1542,6 @@ dist-gzip: distdir dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 $(am__post_remove_distdir) - dist-lzip: distdir tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz $(am__post_remove_distdir) @@ -1581,15 +1550,15 @@ dist-xz: distdir $(am__post_remove_distdir) dist-tarZ: distdir - @echo WARNING: "Support for distribution archives compressed with" \ - "legacy program 'compress' is deprecated." >&2 + @echo WARNING: "Support for shar distribution archives is" \ + "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir - @echo WARNING: "Support for shar distribution archives is" \ - "deprecated." >&2 + @echo WARNING: "Support for distribution archives compressed with" \ + "legacy program 'compress' is deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__post_remove_distdir) @@ -1625,17 +1594,17 @@ distcheck: dist esac chmod -R a-w $(distdir) chmod u+w $(distdir) - mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst + mkdir $(distdir)/_build $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ - && $(am__cd) $(distdir)/_build/sub \ - && ../../configure \ + && $(am__cd) $(distdir)/_build \ + && ../configure \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ - --srcdir=../.. --prefix="$$dc_install_base" \ + --srcdir=.. --prefix="$$dc_install_base" \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ @@ -1812,30 +1781,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am -.PRECIOUS: Makefile - -README-alpha: README.md - cp $^ $@ - chmod 444 $@ - -abi-check: - @rm -f $(TMPFILE) - @echo "Checking libgnutls ABI" - @echo "$(VERSION)" >$(TMPFILE) - @echo "$(srcdir)/lib/includes/gnutls" >>$(TMPFILE) - @echo "$(builddir)/lib/includes/gnutls" >>$(TMPFILE) - @echo "$(builddir)/lib/.libs" >>$(TMPFILE) - test ! -f "$(srcdir)/devel/ABI-$$(uname -m).dump" || \ - abi-compliance-checker -abi -lib gnutls -old "$(srcdir)/devel/ABI-$$(uname -m).dump" -new $(TMPFILE) -skip-symbols $(srcdir)/devel/abi-unchecked-symbols - @echo "Checking libgnutls-dane ABI" - @echo "$(VERSION)" >$(TMPFILE) - @echo "$(srcdir)/libdane/includes/gnutls" >>$(TMPFILE) - @echo "$(builddir)/libdane/.libs" >>$(TMPFILE) - test ! -f "$(srcdir)/devel/ABI-dane-$$(uname -m).dump" || abi-compliance-checker -abi -lib gnutls-dane -old "$(srcdir)/devel/ABI-dane-$$(uname -m).dump" -new $(TMPFILE) - @rm -f $(TMPFILE) - -dist-hook: abi-check +dist-hook: make -C doc/ compare-makefile make -C doc/ compare-exported make -C doc/manpages compare-makefile @@ -1844,20 +1791,20 @@ dist-hook: abi-check @echo "symbols added or removed are correct and copy symbols.last.tmp as" @echo "symbols.last" @echo "*****************************************************************" - objdump -T $(srcdir)/lib/.libs/libgnutls.so.30 | grep -v ' \*UND\*' | awk '{print $$7 "@" $$6;}' | grep -v GNUTLS_FIPS140 | grep -v GNUTLS_PRIVATE | sort -u >symbols.last.tmp + objdump -T $(srcdir)/lib/.libs/libgnutls.so.28 | grep -v ' \*UND\*' | awk '{print $$7 "@" $$6;}' | sort -u >symbols.last.tmp diff -u symbols.last symbols.last.tmp >/dev/null 2>&1 rm -f symbols.last.tmp rm -f ChangeLog make ChangeLog cp -f ChangeLog $(distdir)/ - $(SED) 's/\@VERSION\@/$(VERSION)/g' -i $(distdir)/src/args-std.def - $(SED) 's/\@YEAR\@/$(YEAR)/g' -i $(distdir)/src/args-std.def - $(SED) 's/\@PACKAGE_BUGREPORT\@/$(PACKAGE_BUGREPORT)/g' -i $(distdir)/src/args-std.def + sed 's/\@VERSION\@/$(VERSION)/g' -i $(distdir)/src/args-std.def + sed 's/\@YEAR\@/$(YEAR)/g' -i $(distdir)/src/args-std.def + sed 's/\@PACKAGE_BUGREPORT\@/$(PACKAGE_BUGREPORT)/g' -i $(distdir)/src/args-std.def cd $(distdir)/src/ && for i in *.def;do \ if test x"$$i" = x"args-std.def";then continue; fi; \ autogen $$i; \ cp $$i $$i.tmp; \ - $(SED) -i 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $$i.tmp; \ + sed -i 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $$i.tmp; \ autogen -Tagman-cmd.tpl $$i.tmp; \ rm -f $$i.tmp; \ mv -f *.1 ../doc/manpages/; \ @@ -1865,15 +1812,8 @@ dist-hook: abi-check cd $(distdir)/src/ && for i in *-args.c *-args.h;do \ mv $$i $$i.bak; \ done - @echo "*****************************************************************" - @echo "Checking whether included libopts matches the system's. If the" - @echo "check fails upgrade the included libopts." - @echo "*****************************************************************" - test "`autoopts-config libsrc|cut -d '-' -f 2|sed 's/.tar.gz//'`" = "`cat src/libopts/autoopts/options.h |grep OPTIONS_VERSION_STRING|cut -d '"' -f 2|sed 's/:/./g'`" touch $(distdir)/doc/*.html $(distdir)/doc/*.pdf $(distdir)/doc/*.info -.PHONY: abi-check - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/NEWS b/NEWS index 8ddf672..3272691 100644 --- a/NEWS +++ b/NEWS @@ -1,609 +1,8 @@ GnuTLS NEWS -- History of user-visible changes. -*- outline -*- -Copyright (C) 2000-2015 Free Software Foundation, Inc. -Copyright (C) 2013-2015 Nikos Mavrogiannopoulos +Copyright (C) 2000-2014 Free Software Foundation, Inc. +Copyright (C) 2013, 2014 Nikos Mavrogiannopoulos See the end for copying conditions. -* Version 3.4.11 (released 2016-04-11) - -** libgnutls: Fixes in gnutls_record_get/set_state() with DTLS. Reported - by Fridolin Pokorny. - -** libgnutls: Fixes in DSA key generation under PKCS #11. Report and patches - by Jan Vcelak. - -** libgnutls: Corrected behavior of ALPN extension parsing during session - resumption. Report and patches by Yuriy M. Kaminskiy. - -** libgnutls: Corrected regression (since 3.4.0) in gnutls_server_name_set() - which caused it not to accept non-null-terminated hostnames. Reported - by Tim Ruehsen. - -** libgnutls: Corrected printing of the IP Adress name constraints. - -** ocsptool: use HTTP/1.0 for requests. This avoids issue with servers - serving chunk encoding which ocsptool doesn't support. Reported by Thomas - Klute. - -** certtool: do not require a CA for OCSP signing tag. This follows the - recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate OCSP - signing to another certificate without requiring it to be a CA. Reported - by Thomas Klute. - - -** API and ABI modifications: -No changes since last version. - - -* Version 3.4.10 (released 2016-03-03) - -** libgnutls: Eliminated issues preventing buffers more than 2^32 bytes - to be used with hashing functions. - -** libgnutls: Corrected leaks and other issues in gnutls_x509_crt_list_import(). - -** libgnutls: Fixes in DSA key handling for PKCS #11. Report and patches - by Jan Vcelak. - -** libgnutls: Several fixes to prevent relying on undefined behavior of C - (found with libubsan). - -** API and ABI modifications: -No changes since last version. - - -* Version 3.4.9 (released 2016-02-03) - -** libgnutls: Corrected ALPN protocol negotiation. Before GnuTLS would negotiate - the last commonly supported protocol, rather than the first. Reported by - Remi Denis-Courmont (#63). - -** libgnutls: Tolerate empty DN fields in informational output functions. - -** libgnutls: Corrected regression causes by incorrect fix in - gnutls_x509_ext_export_key_usage() at 3.4.8 release. - -** API and ABI modifications: -No changes since last version. - - -* Version 3.4.8 (released 2016-01-08) - -** libgnutls: Corrected memory leak in gnutls_pubkey_import_privkey() when - used with PKCS #11 keys. - -** libgnutls: For DSA and ECDSA keys in PKCS #11 objects, import - their public keys from either a public key object or a certificate. - That is, because private keys do not contain all the required - parameters for a direct import. Reported by Jan Vcelak. - -** libgnutls: Fixed issue when writing ECDSA private keys in PKCS #11 - tokens. - -** libgnutls: Fixed out-of-bounds read in gnutls_x509_ext_export_key_usage(), - report and patch by Tim Kosse. - -** libgnutls: The CHACHA20-POLY1305 ciphersuites were updated to conform to - draft-ietf-tls-chacha20-poly1305-02. - -** libgnutls: Several fixes in PKCS #7 signing which improve compatibility - with the MacOSX tools. Reported by sskaje (#59). - -** libgnutls: The max-record extension not negotiated on DTLS. This resolves - issue with the max-record being negotiated but ignored. - -** certtool: Added the --p7-include-cert and --p7-show-data options. - -** API and ABI modifications: -gnutls_pkcs7_get_embedded_data: Added - - -* Version 3.4.7 (released 2015-11-22) - -** libgnutls: Properly require TLS 1.2 in all CBC-SHA256 and CBC-SHA384 - ciphersuites. This solves an interoperability issue with openssl. - Reported by Viktor Dukhovni. - -** libgnutls: Corrected the setting of salt size in gnutls_pkcs12_mac_info(). - -** libgnutls: On a rehandshake allow switching from anonymous to ECDHE and - DHE ciphersuites. - -** libgnutls: Corrected regression from 3.3.x which prevented ARCFOUR128 - from using arbitrary key sizes. Reported by Andreas Schneider. - -** libgnutls: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs skipping - the implicit global initialization. - -** gnutls.pc: Don't include libtool specific options to link flags. - Reported by Dan Kegel. - -** tools: Better support for FTP AUTH TLS negotiation - -** API and ABI modifications: -gnutls_x509_crt_set_issuer_unique_id: Added -gnutls_x509_crt_set_subject_unique_id: Added -gnutls_certificate_set_flags: Added -GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH: Added - - -* Version 3.4.6 (released 2015-10-20) - -** libgnutls: Added new simple verification functions. That avoids the need - to install a callback to perform certificate verification. See - doc/examples/ex-client-x509.c for usage. - -** libgnutls: Introduced the security parameter 'future' which is at - the 256-bit level of security, and 'ultra' was aligned to its documented - size at 192-bits. - -** libgnutls: When writing a certificate into a PKCS #11 token, ensure - that CKA_SERIAL_NUMBER and CKA_ISSUER are written. Reported by Sumit - Bose. - -** libgnutls: Allow the presence of legacy ciphers and key exchanges in - priority strings and consider them a no-op. - -** libgnutls: Handle the extended master secret as a mandatory extension. - That fixes incompatibility issues with Chromium (#45). Reported by - Hubert Kario. - -** libgnutls: Added the ability to copy a public key into a PKCS #11 - token. - -** tools: Added support for LDAP and XMPP negotiation for STARTTLS. - -** p11tool: Allow writing a public key into a PKCS #11 token. - -** certtool: Key generation security level was switched to HIGH. That - is, by default the tool generates 3072 bit keys for RSA and DSA. - -** API and ABI modifications: -gnutls_session_set_verify_function: Added -gnutls_session_set_verify_cert: Added -gnutls_session_set_verify_cert2: Added -gnutls_session_get_verify_cert_status: Added -gnutls_pkcs11_copy_pubkey: Added - - -* Version 3.4.5 (released 2015-09-12) - -** libgnutls: When re-importing CRLs to a trust list ensure that there - no duplicate entries. - -** certtool: Removed any arbitrary limits imposed on input file sizes - and maximum number of certificates imported. - -** certtool: Allow specifying fixed dates on CRL generation. - -** gnutls-cli-debug: Added check for inappropriate fallback support - (RFC7507). - -** API and ABI modifications: -No changes since last version. - - -* Version 3.4.4 (released 2015-08-10) - -** libgnutls: added high level API (gnutls_prf_rfc5705) to access - the PRF as specified by RFC5705. Suggestion and original patch - by Rick van Rein. - -** libgnutls: Link to trousers (TPM library) dynamically when this - functionality is requested. - -** libgnutls: Fix issue with server side sending the status request - extension even when not requested. Reported by Jeremy Harris. - -** libgnutls: Added support for RFC7507 by introducing the %FALLBACK_SCSV - priority string option. Patch by Alessandro Ghedini. - -** libgnutls: gnutls_pkcs11_privkey_generate2() will store the generated - public key, unless the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY flag is - specified. - -** libgnutls: Corrected regression from 3.4.3 in loading PKCS #8 keys as - fallback. Reported by Daniel Berrange. - -** libgnutls: Allow the parsing of very long DNs. Also fixes double free - in DN decoding [GNUTLS-SA-2015-3]. - -** API and ABI modifications: -gnutls_prf_rfc5705: Added -gnutls_hex_encode2: Added -gnutls_hex_decode2: Added - - -* Version 3.4.3 (released 2015-07-12) - -** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for - dates prior to 2050. - -** libgnutls: Force 16-byte alignment to all input to ciphers (previously it - was done only when cryptodev was enabled). - -** libgnutls: Removed support for pthread_atfork() as it has undefined - semantics when used with dlopen(), and may lead to a crash. - -** libgnutls: corrected failure when importing plain files - with gnutls_x509_privkey_import2(), and a password was provided. - -** libgnutls: Don't reject certificates if a CA has the URI or IP address - name constraints, and the end certificate doesn't have an IP address - name or a URI set. - -** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites. - -** p11tool: Added --list-token-urls option, and print the token module name - in list-tokens. - -** API and ABI modifications: -gnutls_ecc_curve_get_oid: Added -gnutls_digest_get_oid: Added -gnutls_pk_get_oid: Added -gnutls_sign_get_oid: Added -gnutls_ecc_curve_get_id: Added -gnutls_oid_to_digest: Added -gnutls_oid_to_pk: Added -gnutls_oid_to_sign: Added -gnutls_oid_to_ecc_curve: Added -gnutls_pkcs7_get_signature_count: Added - - -* Version 3.4.2 (released 2015-06-16) - -** libgnutls: DTLS blocking API is more robust against infinite blocking, -and will notify of more possible timeouts. - -** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported -by Manuel Pegourie-Gonnard. - -** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That -allows to disable SIGPIPE for writes done within gnutls. - -** libgnutls: Enhanced the PKCS #7 API to allow signing and verification -of structures. API moved to gnutls/pkcs7.h header. - -** certtool: Added options to generate PKCS #7 bundles and signed -structures. - -** API and ABI modifications: -gnutls_x509_dn_get_str: Added -gnutls_pkcs11_get_raw_issuer_by_subject_key_id: Added -gnutls_x509_trust_list_get_issuer_by_subject_key_id: Added -gnutls_x509_crt_verify_data2: Added -gnutls_pkcs7_get_crt_raw2: Added -gnutls_pkcs7_signature_info_deinit: Added -gnutls_pkcs7_get_signature_info: Added -gnutls_pkcs7_verify_direct: Added -gnutls_pkcs7_verify: Added -gnutls_pkcs7_get_crl_raw2: Added -gnutls_pkcs7_sign: Added -gnutls_pkcs7_attrs_deinit: Added -gnutls_pkcs7_add_attr: Added -gnutls_pkcs7_get_attr: Added -gnutls_pkcs7_print: Added - - -* Version 3.4.1 (released 2015-05-03) - -** libgnutls: gnutls_certificate_get_ours: will return the certificate even -if a callback was used to send it. - -** libgnutls: Check for invalid length in the X.509 version field. Without -the check certificates with invalid length would be detected as having an -arbitrary version. Reported by Hanno Böck. - -** libgnutls: Handle DNS name constraints with a leading dot. Patch by -Fotis Loukos. - -** libgnutls: Updated system-keys support for windows to compile in more -versions of mingw. Patch by Tim Kosse. - -** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by -Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. - -** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout -by default. That caused issues with non-blocking programs. - -** certtool: It can generate SHA256 key IDs. - -** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos. - -** configure: re-enabled the --enable-local-libopts flag - -** API and ABI modifications: -gnutls_x509_crt_get_pk_ecc_raw: Added - - -* Version 3.4.0 (released 2015-04-08) - -** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251) -ciphersuites. The former are enabled by default, the latter need to be -explicitly enabled, since they reduce the overall security level. - -** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following -draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. -That is currently provided as technology preview and is not enabled by -default, since there are no assigned ciphersuite points by IETF and there -is no guarrantee of compatibility between draft versions. The ciphersuite -priority string to enable it is "+CHACHA20-POLY1305". - -** libgnutls: Added support for encrypt-then-authenticate in CBC -ciphersuites (RFC7366 -taking into account its errata text). This is -enabled by default and can be disabled using the %NO_ETM priority -string. - -** libgnutls: Added support for the extended master secret -(triple-handshake fix) following draft-ietf-tls-session-hash-02. - -** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). - -** libgnutls: SSL 3.0 is no longer included in the default priorities -list. It has to be explicitly enabled, e.g., with a string like -"NORMAL:+VERS-SSL3.0". - -** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities -list. It has to be explicitly enabled, e.g., with a string like -"NORMAL:+ARCFOUR-128". - -** libgnutls: DSA signatures and DHE-DSS are no longer included in the -default priorities list. They have to be explicitly enabled, e.g., with -a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The -DSA ciphersuites were dropped because they had no deployment at all -on the internet, to justify their inclusion. - -** libgnutls: The priority string EXPORT was completely removed. The string -was already defunc as support for the EXPORT ciphersuites was removed in -GnuTLS 3.2.0. - -** libgnutls: Added API to utilize system specific private keys in -"gnutls/system-keys.h". It is currently provided as technology preview -and is restricted to windows CNG keys. - -** libgnutls: gnutls_x509_crt_check_hostname() and friends will use -RFC6125 comparison of hostnames. That introduces a dependency on libidn. - -** libgnutls: Depend on p11-kit 0.23.1 to comply with the final -PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21). - -** libgnutls: Depend on nettle 3.1. - -** libgnutls: Use getrandom() or getentropy() when available. That -avoids the complexity of file descriptor handling and issues with -applications closing all open file descriptors on startup. - -** libgnutls: Use pthread_atfork() to detect fork when available. - -** libgnutls: If a key purpose (extended key usage) is specified for verification, -it is applied into intermediate certificates. The verification result -GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. - -** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in -combination with PKCS #11, or TPM URLs, it will utilize the provided -password as PIN if required. That removes the requirement for the -application to set a callback for PINs in that case. - -** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are -restricted to the corresponding protocols only, and the VERS-ALL -string is introduced to catch all possible protocols. - -** libgnutls: Added helper functions to obtain information on PKCS #8 -structures. - -** libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t -will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED. - -** libgnutls: Added functions to export and set the record state. That -allows for gnutls_record_send() and recv() to be offloaded (to kernel, -hardware or any other subsystem). - -** libgnutls: Added the ability to register application specific URL -types, which express certificates and keys using gnutls_register_custom_url(). - -** libgnutls: Added API to override existing ciphers, digests and MACs, e.g., -to override AES-GCM using a system-specific accelerator. That is, (crypto.h) -gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(), -gnutls_crypto_register_mac(), and gnutls_crypto_register_digest(). - -** libgnutls: Added gnutls_ext_register() to register custom extensions. -Contributed by Thierry Quemerais. - -** libgnutls: Added gnutls_supplemental_register() to register custom -supplemental data handshake messages. Contributed by Thierry Quemerais. - -** libgnutls-openssl: it is no longer built by default. - - -** certtool: Added --p8-info option, which will print PKCS #8 information -even if the password is not available. - -** certtool: --key-info option will print PKCS #8 encryption information -when available. - -** certtool: Added the --key-id and --fingerprint options. - -** certtool: Added the --verify-hostname, --verify-email and --verify-purpose -options to be used in certificate chain verification, to simulate verification -for specific hostname and key purpose (extended key usage). - -** certtool: --p12-info option will print PKCS #12 MAC and cipher information -when available. - -** certtool: it will print the A-label (ACE) names in addition to UTF-8. - -** p11tool: added options --set-id and --set-label. - -** gnutls-cli: added options --priority-list and --save-cert. - -** guile: Deprecated priority API has been removed. The old priority API, -which had been deprecated for some time, is now gone; use 'set-session-priorities!' -instead. - -** guile: Remove RSA parameters and related procedures. This API had been -deprecated. - -** guile: Fix compilation on MinGW. Previously only the static version of the -'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. - -** API and ABI modifications: -gnutls_record_get_state: Added -gnutls_record_set_state: Added -gnutls_aead_cipher_init: Added -gnutls_aead_cipher_decrypt: Added -gnutls_aead_cipher_encrypt: Added -gnutls_aead_cipher_deinit: Added -gnutls_pkcs12_generate_mac2: Added -gnutls_pkcs12_mac_info: Added -gnutls_pkcs12_bag_enc_info: Added -gnutls_pkcs8_info: Added -gnutls_pkcs_schema_get_name: Added -gnutls_pkcs_schema_get_oid: Added -gnutls_pcert_export_x509: Added -gnutls_pcert_export_openpgp: Added -gnutls_pcert_import_x509_list: Added -gnutls_pkcs11_privkey_cpy: Added -gnutls_x509_crq_get_signature_algorithm: Added -gnutls_x509_trust_list_iter_get_ca: Added -gnutls_x509_trust_list_iter_deinit: Added -gnutls_x509_trust_list_get_issuer_by_dn: Added -gnutls_pkcs11_get_raw_issuer_by_dn: Added -gnutls_certificate_get_trust_list: Added -gnutls_privkey_export_x509: Added -gnutls_privkey_export_pkcs11: Added -gnutls_privkey_export_openpgp: Added -gnutls_privkey_import_ext3: Added -gnutls_certificate_get_x509_key: Added -gnutls_certificate_get_x509_crt: Added -gnutls_certificate_get_openpgp_key: Added -gnutls_certificate_get_openpgp_crt: Added -gnutls_record_discard_queued: Added -gnutls_session_ext_master_secret_status: Added -gnutls_priority_string_list: Added -gnutls_dh_params_import_raw2: Added -gnutls_memset: Added -gnutls_memcmp: Added -gnutls_pkcs12_bag_set_privkey: Added -gnutls_ocsp_resp_get_responder_raw_id: Added -gnutls_system_key_iter_deinit: Added -gnutls_system_key_iter_get_info: Added -gnutls_system_key_delete: Added -gnutls_system_key_add_x509: Added -gnutls_system_recv_timeout: Added -gnutls_register_custom_url: Added -gnutls_pkcs11_obj_list_import_url3: Added -gnutls_pkcs11_obj_list_import_url4: Added -gnutls_pkcs11_obj_set_info: Added -gnutls_crypto_register_cipher: Added -gnutls_crypto_register_aead_cipher: Added -gnutls_crypto_register_mac: Added -gnutls_crypto_register_digest: Added -gnutls_ext_register: Added -gnutls_supplemental_register: Added -gnutls_supplemental_recv: Added -gnutls_supplemental_send: Added -gnutls_openpgp_crt_check_email: Added -gnutls_x509_crt_check_email: Added -gnutls_handshake_set_hook_function: Modified -gnutls_pkcs11_privkey_generate3: Added -gnutls_pkcs11_copy_x509_crt2: Added -gnutls_pkcs11_copy_x509_privkey2: Added -gnutls_pkcs11_obj_list_import_url: Removed -gnutls_pkcs11_obj_list_import_url2: Removed -gnutls_certificate_client_set_retrieve_function: Removed -gnutls_certificate_server_set_retrieve_function: Removed -gnutls_certificate_set_rsa_export_params: Removed -gnutls_certificate_type_set_priority: Removed -gnutls_cipher_set_priority: Removed -gnutls_compression_set_priority: Removed -gnutls_kx_set_priority: Removed -gnutls_mac_set_priority: Removed -gnutls_protocol_set_priority: Removed -gnutls_rsa_export_get_modulus_bits: Removed -gnutls_rsa_export_get_pubkey: Removed -gnutls_rsa_params_cpy: Removed -gnutls_rsa_params_deinit: Removed -gnutls_rsa_params_export_pkcs1: Removed -gnutls_rsa_params_export_raw: Removed -gnutls_rsa_params_generate2: Removed -gnutls_rsa_params_import_pkcs1: Removed -gnutls_rsa_params_import_raw: Removed -gnutls_rsa_params_init: Removed -gnutls_sign_callback_get: Removed -gnutls_sign_callback_set: Removed -gnutls_x509_crt_verify_data: Removed -gnutls_x509_crt_verify_hash: Removed -gnutls_pubkey_get_verify_algorithm: Removed -gnutls_x509_crt_get_verify_algorithm: Removed -gnutls_pubkey_verify_hash: Removed -gnutls_pubkey_verify_data: Removed -gnutls_record_set_max_empty_records: Removed - -guile: -set-session-cipher-priority!: Removed -set-session-mac-priority!: Removed -set-session-compression-method-priority!: Removed -set-session-kx-priority!: Removed -set-session-protocol-priority!: Removed -set-session-certificate-type-priority!: Removed -set-session-default-priority!: Removed -set-session-default-export-priority!: Removed -make-rsa-parameters: Removed -rsa-parameters?: Removed -set-certificate-credentials-rsa-export-parameters!: Removed -pkcs1-import-rsa-parameters: Removed -pkcs1-export-rsa-parameters: Removed - - - -* Version 3.3.6 (released 2014-07-23) - -** libgnutls: Use inet_ntop to print IP addresses when available - -** libgnutls: gnutls_x509_crt_check_hostname and friends will also check -IP addresses, and match documented behavior. Reported by David Woodhouse. - -** libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024 -bit parameters. - -** libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens -being usable after a reinitialization. - -** libgnutls: fixed PKCS #11 private key operations after a fork. - -** libgnutls: fixed PKCS #11 ECDSA key generation. - -** libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to -explicitly enable/disable the use of certain CPU capabilities. Note that CPU -detection cannot be overriden, i.e., VIA options cannot be enabled on an Intel -CPU. The currently available options are: - 0x1: Disable all run-time detected optimizations - 0x2: Enable AES-NI - 0x4: Enable SSSE3 - 0x8: Enable PCLMUL - 0x100000: Enable VIA padlock - 0x200000: Enable VIA PHE - 0x400000: Enable VIA PHE SHA512 - -** libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott. - -** p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set. - -** p11tool: ask for label when one isn't provided. - -** p11tool: added --batch parameter to disable any interactivity. - -** p11tool: will not implicitly enable so-login for certain types of -objects. That avoids issues with tokens that require different login -types. - -** certtool/p11tool: Added the --curve parameter which allows to explicitly -specify the curve to use. - -** API and ABI modifications: -gnutls_certificate_set_x509_trust_dir: Added -gnutls_x509_trust_list_add_trust_dir: Added - - * Version 3.3.5 (released 2014-06-26) ** libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit(). diff --git a/README b/README index 6ab8d56..637e5de 100644 --- a/README +++ b/README @@ -1,14 +1,15 @@ -GnuTLS README -- Important introductory notes -============================================= +GnuTLS README -- Important introductory notes. +Copyright (C) 2000-2012 Free Software Foundation, Inc. +See the end of this document for copying conditions. GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure Sockets Layer) protocol. GnuTLS is a GNU project. Additional -information can be found at . +information can be found at +and . README -====== - +------ This README is targeted for users of the library who build from sources but do not necessarily develop. If you are interested in developing and contributing to the GnuTLS project, please @@ -17,47 +18,48 @@ http://www.gnutls.org/manual/html_node/Contributing.html. COMPILATION -=========== - +----------- A typical command sequence for building the library is shown below. A complete list of options available for configure can be found by running './configure --help'. -``` cd gnutls- ./configure --prefix=/usr make make check sudo make install -``` The commands above build and install the static archive (libgnutls.a), the shared object (libgnutls.so), and additional binaries such as certtool and gnutls-cli. The library depends on libnettle and gmplib. -* gmplib: for big number arithmetic, http://gmplib.org/ -* nettle: for cryptographic algorithms, http://www.lysator.liu.se/~nisse/nettle/ + * gmplib: for big number arithmetic + http://gmplib.org/ + * nettle: for cryptographic algorithms + http://www.lysator.liu.se/~nisse/nettle/ Versions 2.10.3 and prior used libgcrypt as the default cryptographic library. Optionally it may use the following libraries: -* libtasn1: For ASN.1 parsing (a copy is included, if not found), http://www.gnu.org/software/libtasn1/ -* p11-kit: for smart card support, http://p11-glue.freedesktop.org/p11-kit.html -* libtspi: for Trusted Platform Module (TPM) support, http://trousers.sourceforge.net/ -* libunbound: For DNSSEC/DANE support, http://unbound.net/ -* libz: For compression support, http://www.zlib.net/ -* libidn: For supporting internationalized DNS names, http://www.gnu.org/software/libidn/ + * libtasn1: For ASN.1 parsing (a copy is included, if not found) + http://www.gnu.org/software/libtasn1/ + * p11-kit: for smart card support + http://p11-glue.freedesktop.org/p11-kit.html + * libtspi: for Trusted Platform Module (TPM) support, + http://trousers.sourceforge.net/ + * libunbound: For DNSSEC/DANE support, + http://unbound.net/ + * libz: For compression support. + http://www.zlib.net/ To configure libnettle for installation and use by GnuTLS, a typical command sequence would be: -``` cd nettle- ./configure --prefix=/usr --disable-openssl --enable-shared make sudo make install -``` For the Nettle project, --enable-shared will instruct automake and friends to build and install both the static archive (libnettle.a) @@ -72,22 +74,19 @@ and zlib, may be required. DOCUMENTATION -============= - +------------- See the documentation in doc/ and online at http://www.gnutls.org/manual. EXAMPLES -======== - +-------- See the examples in doc/examples/ and online at 'How To Use GnuTLS in Applications' at http://www.gnutls.org/manual. SECURITY ADVISORIES -=================== - +------------------- The project collects and publishes information on past security incidents and vulnerabilities. Open information exchange, including information which is [sometimes] suppressed in non-open or non-free @@ -96,36 +95,36 @@ http://www.gnutls.org/security.html. MAILING LISTS -============= - +------------- The GnuTLS project maintains mailing lists for users, developers, and commits. Please see http://www.gnutls.org/lists.html. LICENSING -========= - +--------- Since GnuTLS version 3.1.10, the core library has been released under the GNU Lesser General Public License (LGPL) version 2.1 or later. Note, however, that version 6.0.0 and later of the gmplib library used by GnuTLS are distributed under a LGPLv3+ or GPLv2+ dual license, and -as such binaries of this library need to adhere to either LGPLv3+ or -GPLv2+ license. +as such binaries of this library need to be distributed under either +LGPLv3+ or GPLv2+ license. If this is undesirable older versions +of the gmplib which are under LGPLv2.1 (e.g., version 4.2.1) may be +used instead. (gmplib versions between 4.2.2 through 5.1.3 were +licensed under LGPLv3+ only). The GNU LGPL applies to the main GnuTLS library, while the included applications as well as gnutls-openssl library are under the GNU GPL version 3. The gnutls library is -located in the lib/ and libdane/ directories, while the applications -in src/ and, the gnutls-openssl library is at extra/. +located in the lib/ directory, while the applications in src/ and +gnutls-openssl library is at extra/. For any copyright year range specified as YYYY-ZZZZ in this package note that the range specifies every single year in that closed interval. BUGS -==== - +---- Thorough testing is very important and expensive. Often, the developers do not have access to a particular piece of hardware or configuration to reproduce a scenario. Notifying the developers about a @@ -144,21 +143,18 @@ Additional information can be found at the project's manual. PATCHES -======= - +------- Patches are welcome and encouraged. Patches can be submitted through the bug tracking system or the mailing list. When submitting patches, please -be sure to use sources from the git repository, and preferably from the +be sure to use sources from the git repository, and preferrably from the master branch. To create a patch for the project from a local git repository, please use the following commands. 'gnutls' should be the local directory of a previous git clone. -``` cd gnutls git add the-file-you-modified.c another-file.c git commit the-file-you-modified.c another-file.c git format-patch -``` For more information on use of Git, visit http://git-scm.com/ diff --git a/aclocal.m4 b/aclocal.m4 index 9574282..ac7c4f6 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.15 -*- Autoconf -*- +# generated automatically by aclocal 1.14.1 -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2013 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -20,7 +20,7 @@ You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -# Copyright (C) 2002-2014 Free Software Foundation, Inc. +# Copyright (C) 2002-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -32,10 +32,10 @@ To do so, use the procedure documented by the package, typically 'autoreconf'.]) # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.15' +[am__api_version='1.14' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.15], [], +m4_if([$1], [1.14.1], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -51,12 +51,12 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.15])dnl +[AM_AUTOMAKE_VERSION([1.14.1])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) -# Copyright (C) 2011-2014 Free Software Foundation, Inc. +# Copyright (C) 2011-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -118,7 +118,7 @@ AC_SUBST([AR])dnl # Figure out how to run the assembler. -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -138,7 +138,7 @@ _AM_IF_OPTION([no-dependencies],, [_AM_DEPENDENCIES([CCAS])])dnl # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -183,14 +183,15 @@ _AM_IF_OPTION([no-dependencies],, [_AM_DEPENDENCIES([CCAS])])dnl # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], -[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl -# Expand $ac_aux_dir to an absolute path. -am_aux_dir=`cd "$ac_aux_dir" && pwd` +[dnl Rely on autoconf to set up CDPATH properly. +AC_PREREQ([2.50])dnl +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir && pwd` ]) # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2014 Free Software Foundation, Inc. +# Copyright (C) 1997-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -221,7 +222,7 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -412,7 +413,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -488,7 +489,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -578,8 +579,8 @@ AC_REQUIRE([AC_PROG_MKDIR_P])dnl # # AC_SUBST([mkdir_p], ['$(MKDIR_P)']) -# We need awk for the "check" target (and possibly the TAP driver). The -# system "awk" is bad on some platforms. +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl @@ -653,9 +654,6 @@ END AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) fi fi -dnl The trailing newline in this macro's definition is deliberate, for -dnl backward compatibility and to allow trailing 'dnl'-style comments -dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. ]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not @@ -685,7 +683,7 @@ for _am_header in $config_headers :; do done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -696,7 +694,7 @@ echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_co # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -if test x"${install_sh+set}" != xset; then +if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -706,7 +704,7 @@ if test x"${install_sh+set}" != xset; then fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2014 Free Software Foundation, Inc. +# Copyright (C) 2003-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -727,7 +725,7 @@ AC_SUBST([am__leading_dot])]) # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -777,7 +775,7 @@ rm -f confinc confmf # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2014 Free Software Foundation, Inc. +# Copyright (C) 1997-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -814,7 +812,7 @@ else fi ]) -# Copyright (C) 2003-2014 Free Software Foundation, Inc. +# Copyright (C) 2003-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -848,7 +846,7 @@ esac # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -877,7 +875,7 @@ AC_DEFUN([_AM_SET_OPTIONS], AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -924,7 +922,7 @@ AC_LANG_POP([C])]) # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -943,7 +941,7 @@ AC_DEFUN([AM_RUN_LOG], # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1024,7 +1022,7 @@ AC_CONFIG_COMMANDS_PRE( rm -f conftest.file ]) -# Copyright (C) 2009-2014 Free Software Foundation, Inc. +# Copyright (C) 2009-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1084,7 +1082,7 @@ AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1112,7 +1110,7 @@ fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2014 Free Software Foundation, Inc. +# Copyright (C) 2006-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1131,7 +1129,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2014 Free Software Foundation, Inc. +# Copyright (C) 2004-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1294,7 +1292,6 @@ m4_include([src/gl/m4/timespec.m4]) m4_include([src/gl/m4/tm_gmtoff.m4]) m4_include([src/gl/m4/xalloc.m4]) m4_include([src/libopts/m4/libopts.m4]) -m4_include([src/libopts/m4/stdnoreturn.m4]) m4_include([gl/m4/00gnulib.m4]) m4_include([gl/m4/absolute-header.m4]) m4_include([gl/m4/alloca.m4]) diff --git a/build-aux/config.rpath b/build-aux/config.rpath index a3e25c8..ab6fd99 100755 --- a/build-aux/config.rpath +++ b/build-aux/config.rpath @@ -2,7 +2,7 @@ # Output a system dependent set of variables, describing how to set the # run time search path of shared libraries in an executable. # -# Copyright 1996-2015 Free Software Foundation, Inc. +# Copyright 1996-2014 Free Software Foundation, Inc. # Taken from GNU libtool, 2001 # Originally by Gordon Matzigkeit , 1996 # @@ -367,7 +367,11 @@ else dgux*) hardcode_libdir_flag_spec='-L$libdir' ;; - freebsd2.[01]*) + freebsd2.2*) + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + ;; + freebsd2*) hardcode_direct=yes hardcode_minus_L=yes ;; @@ -544,11 +548,13 @@ case "$host_os" in dgux*) library_names_spec='$libname$shrext' ;; - freebsd[23].*) - library_names_spec='$libname$shrext$versuffix' - ;; freebsd* | dragonfly*) - library_names_spec='$libname$shrext' + case "$host_os" in + freebsd[123]*) + library_names_spec='$libname$shrext$versuffix' ;; + *) + library_names_spec='$libname$shrext' ;; + esac ;; gnu*) library_names_spec='$libname$shrext' diff --git a/build-aux/gendocs.sh b/build-aux/gendocs.sh index c8ca1bb..f9ec9df 100755 --- a/build-aux/gendocs.sh +++ b/build-aux/gendocs.sh @@ -2,9 +2,10 @@ # gendocs.sh -- generate a GNU manual in many formats. This script is # mentioned in maintain.texi. See the help message below for usage details. -scriptversion=2015-05-05.16 +scriptversion=2013-10-10.09 -# Copyright 2003-2015 Free Software Foundation, Inc. +# Copyright 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 +# Free Software Foundation, Inc. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -20,16 +21,17 @@ scriptversion=2015-05-05.16 # along with this program. If not, see . # # Original author: Mohit Agarwal. -# Send bug reports and any other correspondence to bug-gnulib@gnu.org. +# Send bug reports and any other correspondence to bug-texinfo@gnu.org. # # The latest version of this script, and the companion template, is -# available from the Gnulib repository: +# available from Texinfo CVS: +# http://savannah.gnu.org/cgi-bin/viewcvs/texinfo/texinfo/util/gendocs.sh +# http://savannah.gnu.org/cgi-bin/viewcvs/texinfo/texinfo/util/gendocs_template # -# http://git.savannah.gnu.org/cgit/gnulib.git/tree/build-aux/gendocs.sh -# http://git.savannah.gnu.org/cgit/gnulib.git/tree/doc/gendocs_template +# An up-to-date copy is also maintained in Gnulib (gnu.org/software/gnulib). # TODO: -# - image importing was only implemented for HTML generated by +# - image importation was only implemented for HTML generated by # makeinfo. But it should be simple enough to adjust. # - images are not imported in the source tarball. All the needed # formats (PDF, PNG, etc.) should be included. @@ -37,12 +39,12 @@ scriptversion=2015-05-05.16 prog=`basename "$0"` srcdir=`pwd` -scripturl="http://git.savannah.gnu.org/cgit/gnulib.git/plain/build-aux/gendocs.sh" -templateurl="http://git.savannah.gnu.org/cgit/gnulib.git/plain/doc/gendocs_template" +scripturl="http://savannah.gnu.org/cgi-bin/viewcvs/~checkout~/texinfo/texinfo/util/gendocs.sh" +templateurl="http://savannah.gnu.org/cgi-bin/viewcvs/~checkout~/texinfo/texinfo/util/gendocs_template" : ${SETLANG="env LANG= LC_MESSAGES= LC_ALL= LANGUAGE="} : ${MAKEINFO="makeinfo"} -: ${TEXI2DVI="texi2dvi"} +: ${TEXI2DVI="texi2dvi -t @finalout"} : ${DOCBOOK2HTML="docbook2html"} : ${DOCBOOK2PDF="docbook2pdf"} : ${DOCBOOK2TXT="docbook2txt"} @@ -54,7 +56,7 @@ unset use_texi2html version="gendocs.sh $scriptversion -Copyright 2015 Free Software Foundation, Inc. +Copyright 2013 Free Software Foundation, Inc. There is NO warranty. You may redistribute this software under the terms of the GNU General Public License. For more information about these matters, see the files named COPYING." @@ -73,16 +75,11 @@ Options: -o OUTDIR write files into OUTDIR, instead of manual/. -I DIR append DIR to the Texinfo search path. --common ARG pass ARG in all invocations. - --html ARG pass ARG to makeinfo or texi2html for HTML targets, - instead of --css-ref=/software/gnulib/manual.css. + --html ARG pass ARG to makeinfo or texi2html for HTML targets. --info ARG pass ARG to makeinfo for Info, instead of --no-split. --no-ascii skip generating the plain text output. - --no-html skip generating the html output. - --no-info skip generating the info output. - --no-tex skip generating the dvi and pdf output. --source ARG include ARG in tar archive of sources. --split HOW make split HTML by node, section, chapter; default node. - --tex ARG pass ARG to texi2dvi for DVI and PDF, instead of -t @finalout. --texi2html use texi2html to make HTML target, with all split versions. --docbook convert through DocBook too (xml, txt, html, pdf). @@ -134,7 +131,7 @@ locale, since that's the language of most Texinfo manuals. If you happen to have a non-English manual and non-English web site, see the SETLANG setting in the source. -Email bug reports or enhancement requests to bug-gnulib@gnu.org. +Email bug reports or enhancement requests to bug-texinfo@gnu.org. " MANUAL_TITLE= @@ -142,18 +139,14 @@ PACKAGE= EMAIL=webmasters@gnu.org # please override with --email commonarg= # passed to all makeinfo/texi2html invcations. dirargs= # passed to all tools (-I dir). -dirs= # -I directories. -htmlarg=--css-ref=/software/gnulib/manual.css +dirs= # -I's directories. +htmlarg= infoarg=--no-split generate_ascii=true -generate_html=true -generate_info=true -generate_tex=true outdir=manual source_extra= split=node srcfile= -texarg="-t @finalout" while test $# -gt 0; do case $1 in @@ -166,12 +159,8 @@ while test $# -gt 0; do --html) shift; htmlarg=$1;; --info) shift; infoarg=$1;; --no-ascii) generate_ascii=false;; - --no-html) generate_ascii=false;; - --no-info) generate_info=false;; - --no-tex) generate_tex=false;; --source) shift; source_extra=$1;; --split) shift; split=$1;; - --tex) shift; texarg=$1;; --texi2html) use_texi2html=1;; --help) echo "$usage"; exit 0;; @@ -232,9 +221,8 @@ calcsize() # copy_images OUTDIR HTML-FILE... # ------------------------------- -# Copy all the images needed by the HTML-FILEs into OUTDIR. -# Look for them in . and the -I directories; this is simpler than what -# makeinfo supports with -I, but hopefully it will suffice. +# Copy all the images needed by the HTML-FILEs into OUTDIR. Look +# for them in the -I directories. copy_images() { local odir @@ -244,7 +232,7 @@ copy_images() BEGIN { \$me = '$prog'; \$odir = '$odir'; - @dirs = qw(. $dirs); + @dirs = qw($dirs); } " -e ' /${srcdir}/$PACKAGE-db.xml" @@ -457,8 +431,7 @@ if test -n "$docbook"; then mv $PACKAGE-db.pdf "$outdir/" fi -# -printf "\nMaking index.html for $PACKAGE...\n" +printf "\nMaking index file...\n" if test -z "$use_texi2html"; then CONDS="/%%IF *HTML_SECTION%%/,/%%ENDIF *HTML_SECTION%%/d;\ /%%IF *HTML_CHAPTER%%/,/%%ENDIF *HTML_CHAPTER%%/d" diff --git a/build-aux/pmccabe2html b/build-aux/pmccabe2html index 1898432..81dd932 100644 --- a/build-aux/pmccabe2html +++ b/build-aux/pmccabe2html @@ -1,6 +1,6 @@ # pmccabe2html - AWK script to convert pmccabe output to html -*- awk -*- -# Copyright (C) 2007-2015 Free Software Foundation, Inc. +# Copyright (C) 2007-2014 Free Software Foundation, Inc. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/build-aux/snippet/arg-nonnull.h b/build-aux/snippet/arg-nonnull.h index 0d55e2b..9ee8b15 100644 --- a/build-aux/snippet/arg-nonnull.h +++ b/build-aux/snippet/arg-nonnull.h @@ -1,5 +1,5 @@ /* A C macro for declaring that specific arguments must not be NULL. - Copyright (C) 2009-2015 Free Software Foundation, Inc. + Copyright (C) 2009-2014 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published diff --git a/build-aux/snippet/c++defs.h b/build-aux/snippet/c++defs.h index 585b38a..67b1233 100644 --- a/build-aux/snippet/c++defs.h +++ b/build-aux/snippet/c++defs.h @@ -1,5 +1,5 @@ /* C++ compatible function declaration macros. - Copyright (C) 2010-2015 Free Software Foundation, Inc. + Copyright (C) 2010-2014 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published diff --git a/build-aux/snippet/warn-on-use.h b/build-aux/snippet/warn-on-use.h index 90f4985..1c4d7bd 100644 --- a/build-aux/snippet/warn-on-use.h +++ b/build-aux/snippet/warn-on-use.h @@ -1,5 +1,5 @@ /* A C macro for emitting warnings if a function is used. - Copyright (C) 2010-2015 Free Software Foundation, Inc. + Copyright (C) 2010-2014 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published diff --git a/build-aux/useless-if-before-free b/build-aux/useless-if-before-free index 82a09b3..4c76c75 100755 --- a/build-aux/useless-if-before-free +++ b/build-aux/useless-if-before-free @@ -10,7 +10,7 @@ my $VERSION = '2012-01-06 07:23'; # UTC # If you change this file with Emacs, please let the write hook # do its job. Otherwise, update this string manually. -# Copyright (C) 2008-2015 Free Software Foundation, Inc. +# Copyright (C) 2008-2014 Free Software Foundation, Inc. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/build-aux/vc-list-files b/build-aux/vc-list-files index 3bf93c3..b2bca54 100755 --- a/build-aux/vc-list-files +++ b/build-aux/vc-list-files @@ -4,7 +4,7 @@ # Print a version string. scriptversion=2011-05-16.22; # UTC -# Copyright (C) 2006-2015 Free Software Foundation, Inc. +# Copyright (C) 2006-2014 Free Software Foundation, Inc. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/cfg.mk b/cfg.mk index 4947d4d..527e5f8 100644 --- a/cfg.mk +++ b/cfg.mk @@ -85,7 +85,7 @@ bootstrap: autoreconf .submodule.stamp # The only non-lgpl modules used are: gettime progname timespec. Those # are not used (and must not be used) in the library) glimport: - ../gnulib/gnulib-tool --dir=. --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --lgpl=2 --add-import + ../gnulib/gnulib-tool --dir=. --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --add-import --lgpl=2 ../gnulib/gnulib-tool --dir=. --local-dir=src/gl/override --lib=libgnu_gpl --source-base=src/gl --m4-base=src/gl/m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --add-import # Code Coverage @@ -159,9 +159,6 @@ web: sed 's/\@VERSION\@/$(VERSION)/g' -i $(htmldir)/manual/html_node/*.html $(htmldir)/manual/gnutls.html -cd doc && make gnutls.epub && cp gnutls.epub ../$(htmldir)/manual/ cd doc/latex && make gnutls.pdf && cp gnutls.pdf ../../$(htmldir)/manual/ - make -C doc gnutls-guile.html gnutls-guile.pdf - cd doc && makeinfo --html --split=node -o ../$(htmldir)/manual/gnutls-guile/ --css-include=./texinfo.css gnutls-guile.texi - cd doc && cp gnutls-guile.pdf gnutls-guile.html ../$(htmldir)/manual/ #cd doc/doxygen && doxygen && cd ../.. && cp -v doc/doxygen/html/* $(htmldir)/devel/doxygen/ && cd doc/doxygen/latex && make refman.pdf && cd ../../../ && cp doc/doxygen/latex/refman.pdf $(htmldir)/devel/doxygen/$(PACKAGE).pdf -cp -v doc/reference/html/*.html doc/reference/html/*.png doc/reference/html/*.devhelp doc/reference/html/*.css $(htmldir)/reference/ #cp -v doc/cyclo/cyclo-$(PACKAGE).html $(htmldir)/cyclo/ @@ -196,15 +193,12 @@ asm-sources: $(ASM_SOURCES_ELF) $(ASM_SOURCES_COFF) $(ASM_SOURCES_MACOSX) lib/ac asm-sources-clean: rm -f $(ASM_SOURCES_ELF) $(ASM_SOURCES_COFF) $(ASM_SOURCES_MACOSX) lib/accelerated/x86/files.mk -X86_FILES=XXX/aesni-x86.s XXX/cpuid-x86.s XXX/sha1-ssse3-x86.s \ +X86_FILES=XXX/aesni-x86.s XXX/cpuid-x86.s XXX/e_padlock-x86.s XXX/sha1-ssse3-x86.s \ XXX/sha256-ssse3-x86.s XXX/sha512-ssse3-x86.s XXX/aes-ssse3-x86.s -X86_64_FILES=XXX/aesni-x86_64.s XXX/cpuid-x86_64.s XXX/ghash-x86_64.s \ +X86_64_FILES=XXX/aesni-x86_64.s XXX/cpuid-x86_64.s XXX/e_padlock-x86_64.s XXX/ghash-x86_64.s \ XXX/sha1-ssse3-x86_64.s XXX/sha512-ssse3-x86_64.s XXX/aes-ssse3-x86_64.s -X86_PADLOCK_FILES=XXX/e_padlock-x86.s -X86_64_PADLOCK_FILES=XXX/e_padlock-x86_64.s - X86_FILES_ELF := $(subst XXX,elf,$(X86_FILES)) X86_FILES_COFF := $(subst XXX,coff,$(X86_FILES)) X86_FILES_MACOSX := $(subst XXX,macosx,$(X86_FILES)) @@ -212,13 +206,6 @@ X86_64_FILES_ELF := $(subst XXX,elf,$(X86_64_FILES)) X86_64_FILES_COFF := $(subst XXX,coff,$(X86_64_FILES)) X86_64_FILES_MACOSX := $(subst XXX,macosx,$(X86_64_FILES)) -X86_PADLOCK_FILES_ELF := $(subst XXX,elf,$(X86_PADLOCK_FILES)) -X86_PADLOCK_FILES_COFF := $(subst XXX,coff,$(X86_PADLOCK_FILES)) -X86_PADLOCK_FILES_MACOSX := $(subst XXX,macosx,$(X86_PADLOCK_FILES)) -X86_64_PADLOCK_FILES_ELF := $(subst XXX,elf,$(X86_64_PADLOCK_FILES)) -X86_64_PADLOCK_FILES_COFF := $(subst XXX,coff,$(X86_64_PADLOCK_FILES)) -X86_64_PADLOCK_FILES_MACOSX := $(subst XXX,macosx,$(X86_64_PADLOCK_FILES)) - lib/accelerated/x86/files.mk: $(ASM_SOURCES_ELF) echo X86_FILES_ELF=$(X86_FILES_ELF) > $@.tmp echo X86_FILES_COFF=$(X86_FILES_COFF) >> $@.tmp @@ -226,12 +213,6 @@ lib/accelerated/x86/files.mk: $(ASM_SOURCES_ELF) echo X86_64_FILES_ELF=$(X86_64_FILES_ELF) >> $@.tmp echo X86_64_FILES_COFF=$(X86_64_FILES_COFF) >> $@.tmp echo X86_64_FILES_MACOSX=$(X86_64_FILES_MACOSX) >> $@.tmp - echo X86_PADLOCK_FILES_ELF=$(X86_PADLOCK_FILES_ELF) >> $@.tmp - echo X86_PADLOCK_FILES_COFF=$(X86_PADLOCK_FILES_COFF) >> $@.tmp - echo X86_PADLOCK_FILES_MACOSX=$(X86_PADLOCK_FILES_MACOSX) >> $@.tmp - echo X86_64_PADLOCK_FILES_ELF=$(X86_64_PADLOCK_FILES_ELF) >> $@.tmp - echo X86_64_PADLOCK_FILES_COFF=$(X86_64_PADLOCK_FILES_COFF) >> $@.tmp - echo X86_64_PADLOCK_FILES_MACOSX=$(X86_64_PADLOCK_FILES_MACOSX) >> $@.tmp mv $@.tmp $@ # Appro's code diff --git a/config.h.in b/config.h.in index b06e279..6ded4d8 100644 --- a/config.h.in +++ b/config.h.in @@ -42,9 +42,6 @@ /* use the given CRL file */ #undef DEFAULT_CRL_FILE -/* use the given directory as default trust store */ -#undef DEFAULT_TRUST_STORE_DIR - /* use the given file default trust store */ #undef DEFAULT_TRUST_STORE_FILE @@ -87,15 +84,15 @@ /* use openpgp authentication */ #undef ENABLE_OPENPGP -/* Enable padlock acceleration */ -#undef ENABLE_PADLOCK - /* Build PKCS#11 support */ #undef ENABLE_PKCS11 /* enable PSK authentication */ #undef ENABLE_PSK +/* enable RSA-EXPORT */ +#undef ENABLE_RSA_EXPORT + /* Self checks are included in the library */ #undef ENABLE_SELF_CHECKS @@ -128,10 +125,6 @@ whether the gnulib module fscanf shall be considered present. */ #undef GNULIB_FSCANF -/* Define to 1 if printf and friends should be labeled with attribute - "__gnu_printf__" instead of "__printf__" */ -#undef GNULIB_PRINTF_ATTRIBUTE_FLAVOR_GNU - /* Define to a C preprocessor expression that evaluates to 1 or 0, depending whether the gnulib module scanf shall be considered present. */ #undef GNULIB_SCANF @@ -547,9 +540,6 @@ /* Define to 1 if you have the `getdelim' function. */ #undef HAVE_GETDELIM -/* Enable the OpenBSD getentropy function */ -#undef HAVE_GETENTROPY - /* Define to 1 if you have the `gethostbyname' function. */ #undef HAVE_GETHOSTBYNAME @@ -629,9 +619,6 @@ /* Define if you have the libiconv library. */ #undef HAVE_LIBICONV -/* Build IDNA support */ -#undef HAVE_LIBIDN - /* Define to 1 if you have the `intl' library (-lintl). */ #undef HAVE_LIBINTL @@ -641,9 +628,6 @@ /* nettle is enabled */ #undef HAVE_LIBNETTLE -/* Define if you have the libnsl library. */ -#undef HAVE_LIBNSL - /* Define if you have the libpthread library. */ #undef HAVE_LIBPTHREAD @@ -656,9 +640,6 @@ /* Define to 1 if you have the header file. */ #undef HAVE_LIMITS_H -/* Enable the Linux getrandom function */ -#undef HAVE_LINUX_GETRANDOM - /* Define to 1 if you have the `localtime' function. */ #undef HAVE_LOCALTIME @@ -736,9 +717,6 @@ /* Define to 1 if you have the `pthread_mutex_lock' function. */ #undef HAVE_PTHREAD_MUTEX_LOCK -/* Define to 1 if the system has the type `ptrdiff_t'. */ -#undef HAVE_PTRDIFF_T - /* Define to 1 if you have the `putenv' function. */ #undef HAVE_PUTENV @@ -1635,9 +1613,6 @@ /* Define to 1 if you have the `vasprintf' function. */ #undef HAVE_VASPRINTF -/* Have va_copy() */ -#undef HAVE_VA_COPY - /* Define to 1 if you have the `vfork' function. */ #undef HAVE_VFORK @@ -1704,12 +1679,6 @@ /* Define to 1 if you have the `__fsetlocking' function. */ #undef HAVE___FSETLOCKING -/* Define to 1 if you have the `__register_atfork' function. */ -#undef HAVE___REGISTER_ATFORK - -/* Have __va_copy() */ -#undef HAVE___VA_COPY - /* Define as const if the declaration of iconv() needs const. */ #undef ICONV_CONST @@ -1788,8 +1757,8 @@ 'sig_atomic_t'. */ #undef SIG_ATOMIC_T_SUFFIX -/* The size of `char *', as computed by sizeof. */ -#undef SIZEOF_CHAR_P +/* The size of `char*', as computed by sizeof. */ +#undef SIZEOF_CHARP /* The size of `int', as computed by sizeof. */ #undef SIZEOF_INT @@ -1848,9 +1817,6 @@ /* Define to 1 if your declares `struct tm'. */ #undef TM_IN_SYS_TIME -/* the location of the trousers library */ -#undef TROUSERS_LIB - /* The DNSSEC root key file */ #undef UNBOUND_ROOT_KEY_FILE @@ -1866,10 +1832,6 @@ #ifndef _GNU_SOURCE # undef _GNU_SOURCE #endif -/* Use GNU style printf and scanf. */ -#ifndef __USE_MINGW_ANSI_STDIO -# undef __USE_MINGW_ANSI_STDIO -#endif /* Enable threading extensions on Solaris. */ #ifndef _POSIX_PTHREAD_SEMANTICS # undef _POSIX_PTHREAD_SEMANTICS @@ -1983,28 +1945,13 @@ 'reference to static identifier "f" in extern inline function'. This bug was observed with Sun C 5.12 SunOS_i386 2011/11/16. - Suppress extern inline (with or without __attribute__ ((__gnu_inline__))) - on configurations that mistakenly use 'static inline' to implement - functions or macros in standard C headers like . For example, - if isdigit is mistakenly implemented via a static inline function, - a program containing an extern inline function that calls isdigit - may not work since the C standard prohibits extern inline functions - from calling static functions. This bug is known to occur on: - - OS X 10.8 and earlier; see: - http://lists.gnu.org/archive/html/bug-gnulib/2012-12/msg00023.html - - DragonFly; see - http://muscles.dragonflybsd.org/bulk/bleeding-edge-potential/latest-per-pkg/ah-tty-0.3.12.log - - FreeBSD; see: - http://lists.gnu.org/archive/html/bug-gnulib/2014-07/msg00104.html - + Suppress the use of extern inline on problematic Apple configurations. + OS X 10.8 and earlier mishandle it; see, e.g., + . OS X 10.9 has a macro __header_inline indicating the bug is fixed for C and for clang but remains for g++; see . - Assume DragonFly and FreeBSD will be similar. */ -#if (((defined __APPLE__ && defined __MACH__) \ - || defined __DragonFly__ || defined __FreeBSD__) \ + Perhaps Apple will fix this some day. */ +#if (defined __APPLE__ \ && (defined __header_inline \ ? (defined __cplusplus && defined __GNUC_STDC_INLINE__ \ && ! defined __clang__) \ @@ -2012,19 +1959,19 @@ && (defined __GNUC__ || defined __cplusplus)) \ || (defined _FORTIFY_SOURCE && 0 < _FORTIFY_SOURCE \ && defined __GNUC__ && ! defined __cplusplus)))) -# define _GL_EXTERN_INLINE_STDHEADER_BUG +# define _GL_EXTERN_INLINE_APPLE_BUG #endif #if ((__GNUC__ \ ? defined __GNUC_STDC_INLINE__ && __GNUC_STDC_INLINE__ \ : (199901L <= __STDC_VERSION__ \ && !defined __HP_cc \ && !(defined __SUNPRO_C && __STDC__))) \ - && !defined _GL_EXTERN_INLINE_STDHEADER_BUG) + && !defined _GL_EXTERN_INLINE_APPLE_BUG) # define _GL_INLINE inline # define _GL_EXTERN_INLINE extern inline # define _GL_EXTERN_INLINE_IN_USE #elif (2 < __GNUC__ + (7 <= __GNUC_MINOR__) && !defined __STRICT_ANSI__ \ - && !defined _GL_EXTERN_INLINE_STDHEADER_BUG) + && !defined _GL_EXTERN_INLINE_APPLE_BUG) # if defined __GNUC_GNU_INLINE__ && __GNUC_GNU_INLINE__ /* __gnu_inline__ suppresses a GCC 4.2 diagnostic. */ # define _GL_INLINE extern inline __attribute__ ((__gnu_inline__)) @@ -2038,19 +1985,17 @@ # define _GL_EXTERN_INLINE static _GL_UNUSED #endif -/* In GCC 4.6 (inclusive) to 5.1 (exclusive), - suppress bogus "no previous prototype for 'FOO'" - and "no previous declaration for 'FOO'" diagnostics, - when FOO is an inline function in the header; see - and - . */ -#if __GNUC__ == 4 && 6 <= __GNUC_MINOR__ +#if 4 < __GNUC__ + (6 <= __GNUC_MINOR__) # if defined __GNUC_STDC_INLINE__ && __GNUC_STDC_INLINE__ # define _GL_INLINE_HEADER_CONST_PRAGMA # else # define _GL_INLINE_HEADER_CONST_PRAGMA \ _Pragma ("GCC diagnostic ignored \"-Wsuggest-attribute=const\"") # endif + /* Suppress GCC's bogus "no previous prototype for 'FOO'" + and "no previous declaration for 'FOO'" diagnostics, + when FOO is an inline function in the header; see + . */ # define _GL_INLINE_HEADER_BEGIN \ _Pragma ("GCC diagnostic push") \ _Pragma ("GCC diagnostic ignored \"-Wmissing-prototypes\"") \ @@ -2145,16 +2090,6 @@ is a misnomer outside of parameter lists. */ #define _UNUSED_PARAMETER_ _GL_UNUSED -/* gcc supports the "unused" attribute on possibly unused labels, and - g++ has since version 4.5. Note to support C++ as well as C, - _GL_UNUSED_LABEL should be used with a trailing ; */ -#if !defined __cplusplus || __GNUC__ > 4 \ - || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) -# define _GL_UNUSED_LABEL _GL_UNUSED -#else -# define _GL_UNUSED_LABEL -#endif - /* The __pure__ attribute was added in gcc 2.96. */ #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96) # define _GL_ATTRIBUTE_PURE __attribute__ ((__pure__)) diff --git a/configure b/configure index 0d33578..3b20877 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for GnuTLS 3.4.11. +# Generated by GNU Autoconf 2.69 for GnuTLS 3.3.5. # # Report bugs to . # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='GnuTLS' PACKAGE_TARNAME='gnutls' -PACKAGE_VERSION='3.4.11' -PACKAGE_STRING='GnuTLS 3.4.11' +PACKAGE_VERSION='3.3.5' +PACKAGE_STRING='GnuTLS 3.3.5' PACKAGE_BUGREPORT='bugs@gnutls.org' PACKAGE_URL='' @@ -650,6 +650,8 @@ LIBOBJS YEAR ENABLE_CRYWRAP_FALSE ENABLE_CRYWRAP_TRUE +LIBIDN_LIBS +LIBIDN_CFLAGS NEEDS_LIBRT_FALSE NEEDS_LIBRT_TRUE LIBGNUTLS_CFLAGS @@ -678,10 +680,6 @@ NEED_LIBOPTS_TRUE INSTALL_LIBOPTS_FALSE INSTALL_LIBOPTS_TRUE POSIX_SHELL -GL_GENERATE_STDNORETURN_H_FALSE -GL_GENERATE_STDNORETURN_H_TRUE -STDNORETURN_H -TROUSERS_LIB ENABLE_TROUSERS_FALSE ENABLE_TROUSERS_TRUE TSS_CFLAGS @@ -696,14 +694,6 @@ UNBOUND_CFLAGS UNBOUND_LIBS ENABLE_SELF_CHECKS_FALSE ENABLE_SELF_CHECKS_TRUE -ENABLE_NON_SUITEB_CURVES_FALSE -ENABLE_NON_SUITEB_CURVES_TRUE -HAVE_BUGGY_LIBIDN_FALSE -HAVE_BUGGY_LIBIDN_TRUE -HAVE_LIBIDN_FALSE -HAVE_LIBIDN_TRUE -LIBIDN_LIBS -LIBIDN_CFLAGS FIPS140_LIBS LIBDL_PREFIX LTLIBDL @@ -730,8 +720,6 @@ LN_S WERROR_CFLAGS WARN_CFLAGS WSTACK_CFLAGS -WANT_TEST_SUITE_FALSE -WANT_TEST_SUITE_TRUE ggltests_WITNESS NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H NEXT_SIGNAL_H @@ -906,7 +894,6 @@ VALGRIND HAVE_UNISTD_H NEXT_AS_FIRST_DIRECTIVE_UNISTD_H NEXT_UNISTD_H -UNISTD_H_DEFINES_STRUCT_TIMESPEC PTHREAD_H_DEFINES_STRUCT_TIMESPEC SYS_TIME_H_DEFINES_STRUCT_TIMESPEC TIME_H_DEFINES_STRUCT_TIMESPEC @@ -922,7 +909,6 @@ HAVE_TIMEGM HAVE_STRPTIME HAVE_NANOSLEEP HAVE_DECL_LOCALTIME_R -GNULIB_TIME_RZ GNULIB_TIME_R GNULIB_TIMEGM GNULIB_STRPTIME @@ -999,7 +985,6 @@ GL_GENERATE_STDDEF_H_FALSE GL_GENERATE_STDDEF_H_TRUE STDDEF_H HAVE_WCHAR_T -HAVE_MAX_ALIGN_T REPLACE_NULL HAVE__BOOL GL_GENERATE_STDBOOL_H_FALSE @@ -1106,7 +1091,6 @@ REPLACE_SETENV REPLACE_REALPATH REPLACE_REALLOC REPLACE_RANDOM_R -REPLACE_QSORT_R REPLACE_PUTENV REPLACE_PTSNAME_R REPLACE_PTSNAME @@ -1158,7 +1142,6 @@ GNULIB_REALPATH GNULIB_REALLOC_POSIX GNULIB_RANDOM_R GNULIB_RANDOM -GNULIB_QSORT_R GNULIB_PUTENV GNULIB_PTSNAME_R GNULIB_PTSNAME @@ -1177,6 +1160,7 @@ GNULIB_CANONICALIZE_FILE_NAME GNULIB_CALLOC_POSIX GNULIB_ATOLL GNULIB__EXIT +SED HAVE_LD_VERSION_SCRIPT_FALSE HAVE_LD_VERSION_SCRIPT_TRUE HAVE_LD_OUTPUT_DEF_FALSE @@ -1185,7 +1169,6 @@ NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H NEXT_SYS_TIME_H REPLACE_STRUCT_TIMEVAL REPLACE_GETTIMEOFDAY -HAVE_TIMEZONE_T HAVE_SYS_TIME_H HAVE_STRUCT_TIMEVAL HAVE_GETTIMEOFDAY @@ -1364,10 +1347,6 @@ GL_COND_LIBTOOL_FALSE GL_COND_LIBTOOL_TRUE LIBICONV_PREFIX HAVE_LIBICONV -LIBNSL_PREFIX -LTLIBNSL -LIBNSL -HAVE_LIBNSL LIBPTHREAD_PREFIX LTLIBPTHREAD LIBPTHREAD @@ -1411,6 +1390,8 @@ GTKDOC_REBASE GTKDOC_CHECK ENABLE_TESTS_FALSE ENABLE_TESTS_TRUE +ENABLE_DOC_FALSE +ENABLE_DOC_TRUE LIBSOCKET HAVE_WINSOCK2_H UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS @@ -1420,11 +1401,9 @@ REPLACE_USLEEP REPLACE_UNLINKAT REPLACE_UNLINK REPLACE_TTYNAME_R -REPLACE_SYMLINKAT REPLACE_SYMLINK REPLACE_SLEEP REPLACE_RMDIR -REPLACE_READLINKAT REPLACE_READLINK REPLACE_READ REPLACE_PWRITE @@ -1556,6 +1535,8 @@ ENABLE_SRP_FALSE ENABLE_SRP_TRUE ENABLE_HEARTBEAT_FALSE ENABLE_HEARTBEAT_TRUE +ENABLE_RSA_EXPORT_FALSE +ENABLE_RSA_EXPORT_TRUE ENABLE_ALPN_FALSE ENABLE_ALPN_TRUE ENABLE_DTLS_SRTP_FALSE @@ -1572,6 +1553,7 @@ HOGWEED_LIBS HOGWEED_CFLAGS NETTLE_LIBS NETTLE_CFLAGS +PKG_CONFIG DLL_VERSION CRYWRAP_PATCHLEVEL CXX_LT_AGE @@ -1599,17 +1581,14 @@ ASM_X86_32_FALSE ASM_X86_32_TRUE ASM_X86_64_FALSE ASM_X86_64_TRUE -ENABLE_PADLOCK_FALSE -ENABLE_PADLOCK_TRUE -ENABLE_PADLOCK ELF_FALSE ELF_TRUE MACOSX_FALSE MACOSX_TRUE WINDOWS_FALSE WINDOWS_TRUE -ANDROID_FALSE -ANDROID_TRUE +WANT_TEST_SUITE_FALSE +WANT_TEST_SUITE_TRUE ENABLE_CXX_FALSE ENABLE_CXX_TRUE NUMBER_VERSION @@ -1617,11 +1596,6 @@ PATCH_VERSION MINOR_VERSION MAJOR_VERSION AUTOGEN -ENABLE_TOOLS_FALSE -ENABLE_TOOLS_TRUE -ENABLE_DOC_FALSE -ENABLE_DOC_TRUE -SED YFLAGS YACC am__fastdepCXX_FALSE @@ -1659,7 +1633,6 @@ CPPFLAGS LDFLAGS CFLAGS CC -PKG_CONFIG AM_BACKSLASH AM_DEFAULT_VERBOSITY AM_DEFAULT_V @@ -1714,7 +1687,6 @@ infodir docdir oldincludedir includedir -runstatedir localstatedir sharedstatedir sysconfdir @@ -1740,15 +1712,13 @@ enable_option_checking enable_silent_rules enable_dependency_tracking enable_largefile -enable_doc -enable_tools enable_cxx enable_hardware_acceleration -enable_padlock with_nettle_mini with_included_libtasn1 enable_dtls_srtp_support enable_alpn_support +enable_rsa_export enable_heartbeat_support enable_srp_authentication enable_psk_authentication @@ -1760,6 +1730,7 @@ enable_cryptodev enable_ocsp enable_session_tickets enable_openssl_compatibility +enable_doc enable_tests with_html_dir enable_gtk_doc @@ -1772,7 +1743,6 @@ with_libiconv_prefix with_libintl_prefix with_librt_prefix with_libpthread_prefix -with_libnsl_prefix enable_ld_version_script enable_valgrind_tests enable_gcc_warnings @@ -1785,14 +1755,12 @@ enable_libtool_lock enable_self_checks enable_fips140_mode with_libdl_prefix -with_idn enable_non_suiteb_curves enable_libdane with_unbound_root_key_file with_system_priority_file with_p11_kit with_tpm -with_trousers_lib enable_local_libopts enable_libopts_install with_autoopts_config @@ -1804,7 +1772,6 @@ enable_optional_args with_zlib with_libz_prefix with_default_trust_store_pkcs11 -with_default_trust_store_dir with_default_trust_store_file with_default_crl_file with_default_blacklist_file @@ -1815,7 +1782,6 @@ enable_crywrap ac_precious_vars='build_alias host_alias target_alias -PKG_CONFIG CC CFLAGS LDFLAGS @@ -1829,6 +1795,7 @@ CXXFLAGS CCC YACC YFLAGS +PKG_CONFIG NETTLE_CFLAGS NETTLE_LIBS HOGWEED_CFLAGS @@ -1838,10 +1805,10 @@ GMP_LIBS LIBTASN1_CFLAGS LIBTASN1_LIBS CXXCPP -LIBIDN_CFLAGS -LIBIDN_LIBS P11_KIT_CFLAGS -P11_KIT_LIBS' +P11_KIT_LIBS +LIBIDN_CFLAGS +LIBIDN_LIBS' # Initialize some variables set by options. @@ -1880,7 +1847,6 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' -runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -2133,15 +2099,6 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; - -runstatedir | --runstatedir | --runstatedi | --runstated \ - | --runstate | --runstat | --runsta | --runst | --runs \ - | --run | --ru | --r) - ac_prev=runstatedir ;; - -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ - | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ - | --run=* | --ru=* | --r=*) - runstatedir=$ac_optarg ;; - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -2279,7 +2236,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir runstatedir + libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -2392,7 +2349,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures GnuTLS 3.4.11 to adapt to many kinds of systems. +\`configure' configures GnuTLS 3.3.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -2432,7 +2389,6 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -2463,7 +2419,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of GnuTLS 3.4.11:";; + short | recursive ) echo "Configuration of GnuTLS 3.3.5:";; esac cat <<\_ACEOF @@ -2478,16 +2434,14 @@ Optional Features: --disable-dependency-tracking speeds up one-time build --disable-largefile omit support for large files - --disable-doc don't generate any documentation - --disable-tools don't compile any tools --disable-cxx unconditionally disable the C++ library --disable-hardware-acceleration unconditionally disable hardware acceleration - --disable-padlock unconditionally disable padlock acceleration --disable-dtls-srtp-support disable support for the DTLS-SRTP extension --disable-alpn-support disable support for the Application Layer Protocol Negotiation (ALPN) extension + --disable-rsa-export disable the RSA-EXPORT support --disable-heartbeat-support disable support for the heartbeat extension --disable-srp-authentication @@ -2504,8 +2458,9 @@ Optional Features: --disable-ocsp disable OCSP support --disable-session-tickets disable session tickets support - --enable-openssl-compatibility - enable the OpenSSL compatibility library + --disable-openssl-compatibility + disable the OpenSSL compatibility support + --disable-doc don't generate any documentation --disable-tests don't compile or run any tests --enable-gtk-doc use gtk-doc to build documentation [[default=no]] --enable-gtk-doc-html build documentation in html format [[default=yes]] @@ -2515,9 +2470,8 @@ Optional Features: --enable-ld-version-script enable linker version script (default is enabled when possible) - --disable-valgrind-tests - don't try to run self tests under valgrind - --disable-gcc-warnings turn off lots of GCC warnings (for developers) + --enable-valgrind-tests run self tests under valgrind + --enable-gcc-warnings turn on lots of GCC warnings (for developers) --enable-static[=PKGS] build static libraries [default=no] --enable-shared[=PKGS] build shared libraries [default=yes] --enable-fast-install[=PKGS] @@ -2553,8 +2507,6 @@ Optional Packages: --without-librt-prefix don't search for librt in includedir and libdir --with-libpthread-prefix[=DIR] search for libpthread in DIR/include and DIR/lib --without-libpthread-prefix don't search for libpthread in includedir and libdir - --with-libnsl-prefix[=DIR] search for libnsl in DIR/include and DIR/lib - --without-libnsl-prefix don't search for libnsl in includedir and libdir --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use both] --with-gnu-ld assume the C compiler uses GNU ld [default=no] @@ -2562,14 +2514,12 @@ Optional Packages: (or the compiler's sysroot if not specified). --with-libdl-prefix[=DIR] search for libdl in DIR/include and DIR/lib --without-libdl-prefix don't search for libdl in includedir and libdir - --without-idn disable support for libidn --with-unbound-root-key-file specify the unbound root key file --with-system-priority-file specify the system priority file --without-p11-kit Build without p11-kit and PKCS#11 support --without-tpm Disable TPM (trousers) support. - --with-trousers-lib=LIB set the location of the trousers library --with-autoopts-config specify the config-info script --with-regex-header a reg expr header is specified --with-libregex libregex installation prefix @@ -2580,8 +2530,6 @@ Optional Packages: --without-libz-prefix don't search for libz in includedir and libdir --with-default-trust-store-pkcs11=URI use the given pkcs11 uri as default trust store - --with-default-trust-store-dir=DIR - use the given directory as default trust store --with-default-trust-store-file=FILE use the given file default trust store --with-default-crl-file=FILE @@ -2592,7 +2540,6 @@ Optional Packages: care) Some influential environment variables: - PKG_CONFIG path to pkg-config utility CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a @@ -2611,6 +2558,7 @@ Some influential environment variables: YFLAGS The list of arguments that will be passed by default to $YACC. This script will default YFLAGS to the empty string to avoid a default value of `-d' given by some make applications. + PKG_CONFIG path to pkg-config utility NETTLE_CFLAGS C compiler flags for NETTLE, overriding pkg-config NETTLE_LIBS linker flags for NETTLE, overriding pkg-config @@ -2625,13 +2573,13 @@ Some influential environment variables: LIBTASN1_LIBS linker flags for LIBTASN1, overriding pkg-config CXXCPP C++ preprocessor - LIBIDN_CFLAGS - C compiler flags for LIBIDN, overriding pkg-config - LIBIDN_LIBS linker flags for LIBIDN, overriding pkg-config P11_KIT_CFLAGS C compiler flags for P11_KIT, overriding pkg-config P11_KIT_LIBS linker flags for P11_KIT, overriding pkg-config + LIBIDN_CFLAGS + C compiler flags for LIBIDN, overriding pkg-config + LIBIDN_LIBS linker flags for LIBIDN, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. @@ -2699,7 +2647,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -GnuTLS configure 3.4.11 +GnuTLS configure 3.3.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3529,7 +3477,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by GnuTLS $as_me 3.4.11, which was +It was created by GnuTLS $as_me 3.3.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4012,7 +3960,7 @@ case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac -am__api_version='1.15' +am__api_version='1.14' # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or @@ -4184,8 +4132,8 @@ test "$program_suffix" != NONE && ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` -# Expand $ac_aux_dir to an absolute path. -am_aux_dir=`cd "$ac_aux_dir" && pwd` +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir && pwd` if test x"${MISSING+set}" != xset; then case $am_aux_dir in @@ -4204,7 +4152,7 @@ else $as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi -if test x"${install_sh+set}" != xset; then +if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -4498,7 +4446,7 @@ fi # Define the identity of the package. PACKAGE='gnutls' - VERSION='3.4.11' + VERSION='3.3.5' cat >>confdefs.h <<_ACEOF @@ -4532,8 +4480,8 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} # mkdir_p='$(MKDIR_P)' -# We need awk for the "check" target (and possibly the TAP driver). The -# system "awk" is bad on some platforms. +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' @@ -4640,122 +4588,6 @@ $as_echo "*** *** Checking for compilation programs... " >&6; } - - -if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. -set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PKG_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -PKG_CONFIG=$ac_cv_path_PKG_CONFIG -if test -n "$PKG_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 -$as_echo "$PKG_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_path_PKG_CONFIG"; then - ac_pt_PKG_CONFIG=$PKG_CONFIG - # Extract the first word of "pkg-config", so it can be a program name with args. -set dummy pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $ac_pt_PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG -if test -n "$ac_pt_PKG_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 -$as_echo "$ac_pt_PKG_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_pt_PKG_CONFIG" = x; then - PKG_CONFIG="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - PKG_CONFIG=$ac_pt_PKG_CONFIG - fi -else - PKG_CONFIG="$ac_cv_path_PKG_CONFIG" -fi - -fi -if test -n "$PKG_CONFIG"; then - _pkg_min_version=0.9.0 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 -$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } - if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - PKG_CONFIG="" - fi - -fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -6192,12 +6024,12 @@ else fi if test -z "$ARFLAGS"; then - ARFLAGS='cr' + ARFLAGS='cru' fi fi else if test -z "$ARFLAGS"; then - ARFLAGS='cr' + ARFLAGS='cru' fi fi @@ -6492,8 +6324,6 @@ $as_echo "$ac_cv_safe_to_define___extensions__" >&6; } $as_echo "#define _GNU_SOURCE 1" >>confdefs.h - $as_echo "#define __USE_MINGW_ANSI_STDIO 1" >>confdefs.h - $as_echo "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h @@ -6899,6 +6729,7 @@ fi # Code from module getline: # Code from module getline-tests: # Code from module getpagesize: + # Code from module gettext: # Code from module gettext-h: # Code from module gettimeofday: # Code from module gettimeofday-tests: @@ -6983,6 +6814,8 @@ fi # Code from module time: # Code from module time-tests: # Code from module time_r: + # Code from module u64: + # Code from module u64-tests: # Code from module unistd: # Code from module unistd-tests: # Code from module useless-if-before-free: @@ -7028,9 +6861,6 @@ fi # Code from module fseeko: # Code from module fstat: - # Code from module ftell: - # Code from module ftello: - # Code from module getaddrinfo: # Code from module getdelim: # Code from module getline: @@ -7051,7 +6881,6 @@ fi # Code from module malloc-posix: # Code from module malloca: # Code from module memchr: - # Code from module minmax: # Code from module mktime: # Code from module msvc-inval: # Code from module msvc-nothrow: @@ -7060,7 +6889,6 @@ fi # Code from module netinet_in: # Code from module parse-datetime: # Code from module progname: - # Code from module read-file: # Code from module realloc-posix: # Code from module recv: # Code from module recvfrom: @@ -7845,110 +7673,7 @@ fi done test -n "$YACC" || YACC="yacc" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 -$as_echo_n "checking for a sed that does not truncate output... " >&6; } -if ${ac_cv_path_SED+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ - for ac_i in 1 2 3 4 5 6 7; do - ac_script="$ac_script$as_nl$ac_script" - done - echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed - { ac_script=; unset ac_script;} - if test -z "$SED"; then - ac_path_SED_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in sed gsed; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_SED" || continue -# Check for GNU ac_path_SED and select it if it is found. - # Check for GNU $ac_path_SED -case `"$ac_path_SED" --version 2>&1` in -*GNU*) - ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo '' >> "conftest.nl" - "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_SED_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_SED="$ac_path_SED" - ac_path_SED_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_SED_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_SED"; then - as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 - fi -else - ac_cv_path_SED=$SED -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 -$as_echo "$ac_cv_path_SED" >&6; } - SED="$ac_cv_path_SED" - rm -f conftest.sed - - -# Check whether --enable-doc was given. -if test "${enable_doc+set}" = set; then : - enableval=$enable_doc; enable_doc=$enableval -else - enable_doc=yes -fi - - if test "$enable_doc" != "no"; then - ENABLE_DOC_TRUE= - ENABLE_DOC_FALSE='#' -else - ENABLE_DOC_TRUE='#' - ENABLE_DOC_FALSE= -fi - - -# Check whether --enable-tools was given. -if test "${enable_tools+set}" = set; then : - enableval=$enable_tools; enable_tools=$enableval -else - enable_tools=yes -fi - - if test "$enable_tools" != "no"; then - ENABLE_TOOLS_TRUE= - ENABLE_TOOLS_FALSE='#' -else - ENABLE_TOOLS_TRUE='#' - ENABLE_TOOLS_FALSE= -fi - - -if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then - # Extract the first word of "autogen", so it can be a program name with args. +# Extract the first word of "autogen", so it can be a program name with args. set dummy autogen; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } @@ -7987,8 +7712,8 @@ fi - if test x"$AUTOGEN" = "x/bin/true"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: +if test x"$AUTOGEN" = "x/bin/true"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: *** *** autogen not found. Will not link against libopts. *** " >&5 @@ -7996,8 +7721,7 @@ $as_echo "$as_me: WARNING: *** *** autogen not found. Will not link against libopts. *** " >&2;} - included_libopts=yes - fi +enable_local_libopts=yes fi # For includes/gnutls/gnutls.h.in. @@ -8214,45 +7938,27 @@ else ENABLE_CXX_FALSE= fi + if test -f tests/suite/mini-eagain2.c; then + WANT_TEST_SUITE_TRUE= + WANT_TEST_SUITE_FALSE='#' +else + WANT_TEST_SUITE_TRUE='#' + WANT_TEST_SUITE_FALSE= +fi + -use_accel=yes case "$host" in - *android*) - have_android=yes - have_elf=yes - ;; *mingw32* | *mingw64*) have_win=yes ;; *darwin*) have_macosx=yes ;; - *solaris*) - use_accel=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: -*** -*** In solaris hardware acceleration is disabled by default due to issues -*** with the assembler. Use --enable-hardware-acceleration to enable it. -*** " >&5 -$as_echo "$as_me: WARNING: -*** -*** In solaris hardware acceleration is disabled by default due to issues -*** with the assembler. Use --enable-hardware-acceleration to enable it. -*** " >&2;} - ;; *) have_elf=yes ;; esac - if test "$have_android" = yes; then - ANDROID_TRUE= - ANDROID_FALSE='#' -else - ANDROID_TRUE='#' - ANDROID_FALSE= -fi - if test "$have_win" = yes; then WINDOWS_TRUE= WINDOWS_FALSE='#' @@ -8281,12 +7987,13 @@ fi # Check whether --enable-hardware-acceleration was given. if test "${enable_hardware_acceleration+set}" = set; then : enableval=$enable_hardware_acceleration; use_accel=$enableval +else + use_accel=yes fi hw_accel=none -use_padlock=no if test "$use_accel" != "no"; then case $host_cpu in i?86 | x86_64 | amd64) @@ -8307,7 +8014,6 @@ done else hw_accel="x86" fi - use_padlock=yes ;; *) ;; @@ -8315,26 +8021,6 @@ esac fi -# Check whether --enable-padlock was given. -if test "${enable_padlock+set}" = set; then : - enableval=$enable_padlock; use_padlock=$enableval -fi - - -if test "$use_padlock" != "no"; then - -$as_echo "#define ENABLE_PADLOCK 1" >>confdefs.h - - -fi - if test "$use_padlock" = "yes"; then - ENABLE_PADLOCK_TRUE= - ENABLE_PADLOCK_FALSE='#' -else - ENABLE_PADLOCK_TRUE='#' - ENABLE_PADLOCK_FALSE= -fi - if test x"$hw_accel" = x"x86-64"; then ASM_X86_64_TRUE= ASM_X86_64_FALSE='#' @@ -8376,77 +8062,133 @@ else fi -enable_getrandom=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getrandom" >&5 -$as_echo_n "checking for getrandom... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include -int -main () -{ - getrandom(0, 0, 0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define HAVE_LINUX_GETRANDOM 1" >>confdefs.h +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS - enable_getrandom=getrandom + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getentropy" >&5 -$as_echo_n "checking for getentropy... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include -int -main () -{ - - getentropy(0, 0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define HAVE_GETENTROPY 1" >>confdefs.h +fi +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS - enable_getrandom=getentropy + ;; +esac +fi +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +$as_echo "$ac_pt_PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKG_CONFIG=$ac_pt_PKG_CONFIG + fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" +fi + +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + PKG_CONFIG="" + fi + +fi # Library code modified: REVISION++ # Interfaces changed/added/removed: CURRENT++ REVISION=0 # Interfaces added: AGE++ # Interfaces removed: AGE=0 (+bump all symbol versions in .map) - LT_CURRENT=36 + LT_CURRENT=66 - LT_REVISION=3 + LT_REVISION=0 - LT_AGE=6 + LT_AGE=38 LT_SSL_CURRENT=27 @@ -8494,12 +8236,12 @@ if test -n "$PKG_CONFIG"; then pkg_cv_NETTLE_CFLAGS="$NETTLE_CFLAGS" else if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nettle >= 3.1\""; } >&5 - ($PKG_CONFIG --exists --print-errors "nettle >= 3.1") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nettle >= 2.7\""; } >&5 + ($PKG_CONFIG --exists --print-errors "nettle >= 2.7") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_NETTLE_CFLAGS=`$PKG_CONFIG --cflags "nettle >= 3.1" 2>/dev/null` + pkg_cv_NETTLE_CFLAGS=`$PKG_CONFIG --cflags "nettle >= 2.7" 2>/dev/null` else pkg_failed=yes fi @@ -8512,12 +8254,12 @@ if test -n "$PKG_CONFIG"; then pkg_cv_NETTLE_LIBS="$NETTLE_LIBS" else if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nettle >= 3.1\""; } >&5 - ($PKG_CONFIG --exists --print-errors "nettle >= 3.1") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nettle >= 2.7\""; } >&5 + ($PKG_CONFIG --exists --print-errors "nettle >= 2.7") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_NETTLE_LIBS=`$PKG_CONFIG --libs "nettle >= 3.1" 2>/dev/null` + pkg_cv_NETTLE_LIBS=`$PKG_CONFIG --libs "nettle >= 2.7" 2>/dev/null` else pkg_failed=yes fi @@ -8536,9 +8278,9 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - NETTLE_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "nettle >= 3.1"` + NETTLE_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "nettle >= 2.7"` else - NETTLE_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "nettle >= 3.1"` + NETTLE_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "nettle >= 2.7"` fi # Put the nasty error message in config.log where it belongs echo "$NETTLE_PKG_ERRORS" >&5 @@ -8548,14 +8290,14 @@ $as_echo "no" >&6; } as_fn_error $? " *** - *** Libnettle 3.1 was not found. + *** Libnettle 2.7 was not found. " "$LINENO" 5 elif test $pkg_failed = untried; then as_fn_error $? " *** - *** Libnettle 3.1 was not found. + *** Libnettle 2.7 was not found. " "$LINENO" 5 else @@ -8575,12 +8317,12 @@ if test -n "$PKG_CONFIG"; then pkg_cv_HOGWEED_CFLAGS="$HOGWEED_CFLAGS" else if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"hogweed >= 3.1\""; } >&5 - ($PKG_CONFIG --exists --print-errors "hogweed >= 3.1") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"hogweed >= 2.7\""; } >&5 + ($PKG_CONFIG --exists --print-errors "hogweed >= 2.7") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_HOGWEED_CFLAGS=`$PKG_CONFIG --cflags "hogweed >= 3.1" 2>/dev/null` + pkg_cv_HOGWEED_CFLAGS=`$PKG_CONFIG --cflags "hogweed >= 2.7" 2>/dev/null` else pkg_failed=yes fi @@ -8593,12 +8335,12 @@ if test -n "$PKG_CONFIG"; then pkg_cv_HOGWEED_LIBS="$HOGWEED_LIBS" else if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"hogweed >= 3.1\""; } >&5 - ($PKG_CONFIG --exists --print-errors "hogweed >= 3.1") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"hogweed >= 2.7\""; } >&5 + ($PKG_CONFIG --exists --print-errors "hogweed >= 2.7") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_HOGWEED_LIBS=`$PKG_CONFIG --libs "hogweed >= 3.1" 2>/dev/null` + pkg_cv_HOGWEED_LIBS=`$PKG_CONFIG --libs "hogweed >= 2.7" 2>/dev/null` else pkg_failed=yes fi @@ -8617,9 +8359,9 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - HOGWEED_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "hogweed >= 3.1"` + HOGWEED_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "hogweed >= 2.7"` else - HOGWEED_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "hogweed >= 3.1"` + HOGWEED_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "hogweed >= 2.7"` fi # Put the nasty error message in config.log where it belongs echo "$HOGWEED_PKG_ERRORS" >&5 @@ -8726,7 +8468,6 @@ fi -LIBTASN1_MINIMUM=4.3 # Check whether --with-included-libtasn1 was given. if test "${with_included_libtasn1+set}" = set; then : @@ -8746,12 +8487,12 @@ if test -n "$PKG_CONFIG"; then pkg_cv_LIBTASN1_CFLAGS="$LIBTASN1_CFLAGS" else if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libtasn1 >= \$LIBTASN1_MINIMUM\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libtasn1 >= $LIBTASN1_MINIMUM") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libtasn1 >= 3.4\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libtasn1 >= 3.4") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_LIBTASN1_CFLAGS=`$PKG_CONFIG --cflags "libtasn1 >= $LIBTASN1_MINIMUM" 2>/dev/null` + pkg_cv_LIBTASN1_CFLAGS=`$PKG_CONFIG --cflags "libtasn1 >= 3.4" 2>/dev/null` else pkg_failed=yes fi @@ -8764,12 +8505,12 @@ if test -n "$PKG_CONFIG"; then pkg_cv_LIBTASN1_LIBS="$LIBTASN1_LIBS" else if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libtasn1 >= \$LIBTASN1_MINIMUM\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libtasn1 >= $LIBTASN1_MINIMUM") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libtasn1 >= 3.4\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libtasn1 >= 3.4") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_LIBTASN1_LIBS=`$PKG_CONFIG --libs "libtasn1 >= $LIBTASN1_MINIMUM" 2>/dev/null` + pkg_cv_LIBTASN1_LIBS=`$PKG_CONFIG --libs "libtasn1 >= 3.4" 2>/dev/null` else pkg_failed=yes fi @@ -8788,9 +8529,9 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - LIBTASN1_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libtasn1 >= $LIBTASN1_MINIMUM"` + LIBTASN1_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libtasn1 >= 3.4"` else - LIBTASN1_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libtasn1 >= $LIBTASN1_MINIMUM"` + LIBTASN1_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libtasn1 >= 3.4"` fi # Put the nasty error message in config.log where it belongs echo "$LIBTASN1_PKG_ERRORS" >&5 @@ -8808,10 +8549,14 @@ $as_echo "yes" >&6; } : fi if test "$included_libtasn1" = yes; then - as_fn_error $? " + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: + *** + *** Libtasn1 was not found. Will use the included one. + " >&5 +$as_echo "$as_me: WARNING: *** - *** Libtasn1 $LIBTASN1_MINIMUM was not found. To use the included on use --with-included-libtasn1 - " "$LINENO" 5 + *** Libtasn1 was not found. Will use the included one. + " >&2;} fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use the included minitasn1" >&5 @@ -8924,6 +8669,35 @@ else fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable RSA-EXPORT support" >&5 +$as_echo_n "checking whether to disable RSA-EXPORT support... " >&6; } + # Check whether --enable-rsa-export was given. +if test "${enable_rsa_export+set}" = set; then : + enableval=$enable_rsa_export; ac_enable_rsa_export=$enableval +else + ac_enable_rsa_export=yes +fi + + if test x$ac_enable_rsa_export != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define ENABLE_RSA_EXPORT 1" >>confdefs.h + + else + ac_full=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + if test "$ac_enable_rsa_export" != "no"; then + ENABLE_RSA_EXPORT_TRUE= + ENABLE_RSA_EXPORT_FALSE='#' +else + ENABLE_RSA_EXPORT_TRUE='#' + ENABLE_RSA_EXPORT_FALSE= +fi + + ac_enable_heartbeat=yes { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable TLS heartbeat support" >&5 $as_echo_n "checking whether to disable TLS heartbeat support... " >&6; } @@ -9461,11 +9235,9 @@ $as_echo "#define GNUTLS_POINTER_TO_INT_CAST (long long)" >>confdefs.h REPLACE_PWRITE=0; REPLACE_READ=0; REPLACE_READLINK=0; - REPLACE_READLINKAT=0; REPLACE_RMDIR=0; REPLACE_SLEEP=0; REPLACE_SYMLINK=0; - REPLACE_SYMLINKAT=0; REPLACE_TTYNAME_R=0; REPLACE_UNLINK=0; REPLACE_UNLINKAT=0; @@ -9694,7 +9466,7 @@ $as_echo_n "checking whether to build OpenSSL compatibility layer... " >&6; } if test "${enable_openssl_compatibility+set}" = set; then : enableval=$enable_openssl_compatibility; enable_openssl=$enableval else - enable_openssl=no + enable_openssl=yes fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_openssl" >&5 @@ -9718,16 +9490,29 @@ fi +# Check whether --enable-doc was given. +if test "${enable_doc+set}" = set; then : + enableval=$enable_doc; enable_doc=$enableval +else + enable_doc=yes +fi + + if test "$enable_doc" != "no"; then + ENABLE_DOC_TRUE= + ENABLE_DOC_FALSE='#' +else + ENABLE_DOC_TRUE='#' + ENABLE_DOC_FALSE= +fi + + # Check whether --enable-tests was given. if test "${enable_tests+set}" = set; then : enableval=$enable_tests; enable_tests=$enableval else - enable_tests=$enable_tools + enable_tests=yes fi -if test "$enable_tests" = "yes" && test "$enable_tools" = "no"; then - true #AC_MSG_ERROR([Cannot enable tests while disabling tools]) -fi if test "$enable_tests" != "no"; then ENABLE_TESTS_TRUE= ENABLE_TESTS_FALSE='#' @@ -12217,7 +12002,7 @@ $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h esac -for ac_func in fork inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid clock_gettime iconv localtime vasprintf +for ac_func in fork getrusage getpwuid_r nanosleep daemon getpid clock_gettime iconv localtime vasprintf do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -12229,67 +12014,6 @@ _ACEOF fi done -if test "$ac_cv_func_vasprintf" != "yes";then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for va_copy" >&5 -$as_echo_n "checking for va_copy... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include - va_list a; -int -main () -{ - - va_list b; - va_copy(b,a); - va_end(b); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - -$as_echo "#define HAVE_VA_COPY 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: va_copy" >&5 -$as_echo "va_copy" >&6; } -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include - va_list a; -int -main () -{ - - va_list b; - __va_copy(b,a); - va_end(b); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - -$as_echo "#define HAVE___VA_COPY 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: __va_copy" >&5 -$as_echo "__va_copy" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error $? "Your system lacks vasprintf() and va_copy()" "$LINENO" 5 -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi - if test "$ac_cv_func_fork" != "no"; then HAVE_FORK_TRUE= HAVE_FORK_FALSE='#' @@ -12299,18 +12023,6 @@ else fi -for ac_func in __register_atfork -do : - ac_fn_c_check_func "$LINENO" "__register_atfork" "ac_cv_func___register_atfork" -if test "x$ac_cv_func___register_atfork" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE___REGISTER_ATFORK 1 -_ACEOF - -fi -done - - @@ -13984,7 +13696,7 @@ $as_echo "$LIBRT" >&6; } gnutls_needs_librt=yes fi -if test "$ac_cv_func_inet_pton" != "yes";then +if test "$ac_cv_func_clock_gettime" != "yes";then @@ -14012,9 +13724,9 @@ if test "$ac_cv_func_inet_pton" != "yes";then prefix="$acl_save_prefix" -# Check whether --with-libnsl-prefix was given. -if test "${with_libnsl_prefix+set}" = set; then : - withval=$with_libnsl_prefix; +# Check whether --with-librt-prefix was given. +if test "${with_librt_prefix+set}" = set; then : + withval=$with_librt_prefix; if test "X$withval" = "Xno"; then use_additional=no else @@ -14043,15 +13755,15 @@ if test "${with_libnsl_prefix+set}" = set; then : fi - LIBNSL= - LTLIBNSL= - INCNSL= - LIBNSL_PREFIX= - HAVE_LIBNSL= + LIBRT= + LTLIBRT= + INCRT= + LIBRT_PREFIX= + HAVE_LIBRT= rpathdirs= ltrpathdirs= names_already_handled= - names_next_round='nsl ' + names_next_round='rt ' while test -n "$names_next_round"; do names_this_round="$names_next_round" names_next_round= @@ -14070,9 +13782,9 @@ fi if test -n "$value"; then if test "$value" = yes; then eval value=\"\$LIB$uppername\" - test -z "$value" || LIBNSL="${LIBNSL}${LIBNSL:+ }$value" + test -z "$value" || LIBRT="${LIBRT}${LIBRT:+ }$value" eval value=\"\$LTLIB$uppername\" - test -z "$value" || LTLIBNSL="${LTLIBNSL}${LTLIBNSL:+ }$value" + test -z "$value" || LTLIBRT="${LTLIBRT}${LTLIBRT:+ }$value" else : fi @@ -14129,7 +13841,7 @@ fi fi fi if test "X$found_dir" = "X"; then - for x in $LDFLAGS $LTLIBNSL; do + for x in $LDFLAGS $LTLIBRT; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" @@ -14188,12 +13900,12 @@ fi done fi if test "X$found_dir" != "X"; then - LTLIBNSL="${LTLIBNSL}${LTLIBNSL:+ }-L$found_dir -l$name" + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }-L$found_dir -l$name" if test "X$found_so" != "X"; then if test "$enable_rpath" = no \ || test "X$found_dir" = "X/usr/$acl_libdirstem" \ || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then - LIBNSL="${LIBNSL}${LIBNSL:+ }$found_so" + LIBRT="${LIBRT}${LIBRT:+ }$found_so" else haveit= for x in $ltrpathdirs; do @@ -14206,10 +13918,10 @@ fi ltrpathdirs="$ltrpathdirs $found_dir" fi if test "$acl_hardcode_direct" = yes; then - LIBNSL="${LIBNSL}${LIBNSL:+ }$found_so" + LIBRT="${LIBRT}${LIBRT:+ }$found_so" else if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then - LIBNSL="${LIBNSL}${LIBNSL:+ }$found_so" + LIBRT="${LIBRT}${LIBRT:+ }$found_so" haveit= for x in $rpathdirs; do if test "X$x" = "X$found_dir"; then @@ -14222,7 +13934,7 @@ fi fi else haveit= - for x in $LDFLAGS $LIBNSL; do + for x in $LDFLAGS $LIBRT; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" @@ -14238,36 +13950,36 @@ fi fi done if test -z "$haveit"; then - LIBNSL="${LIBNSL}${LIBNSL:+ }-L$found_dir" + LIBRT="${LIBRT}${LIBRT:+ }-L$found_dir" fi if test "$acl_hardcode_minus_L" != no; then - LIBNSL="${LIBNSL}${LIBNSL:+ }$found_so" + LIBRT="${LIBRT}${LIBRT:+ }$found_so" else - LIBNSL="${LIBNSL}${LIBNSL:+ }-l$name" + LIBRT="${LIBRT}${LIBRT:+ }-l$name" fi fi fi fi else if test "X$found_a" != "X"; then - LIBNSL="${LIBNSL}${LIBNSL:+ }$found_a" + LIBRT="${LIBRT}${LIBRT:+ }$found_a" else - LIBNSL="${LIBNSL}${LIBNSL:+ }-L$found_dir -l$name" + LIBRT="${LIBRT}${LIBRT:+ }-L$found_dir -l$name" fi fi additional_includedir= case "$found_dir" in */$acl_libdirstem | */$acl_libdirstem/) basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` - if test "$name" = 'nsl'; then - LIBNSL_PREFIX="$basedir" + if test "$name" = 'rt'; then + LIBRT_PREFIX="$basedir" fi additional_includedir="$basedir/include" ;; */$acl_libdirstem2 | */$acl_libdirstem2/) basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` - if test "$name" = 'nsl'; then - LIBNSL_PREFIX="$basedir" + if test "$name" = 'rt'; then + LIBRT_PREFIX="$basedir" fi additional_includedir="$basedir/include" ;; @@ -14283,7 +13995,7 @@ fi fi fi if test -z "$haveit"; then - for x in $CPPFLAGS $INCNSL; do + for x in $CPPFLAGS $INCRT; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" @@ -14300,560 +14012,7 @@ fi done if test -z "$haveit"; then if test -d "$additional_includedir"; then - INCNSL="${INCNSL}${INCNSL:+ }-I$additional_includedir" - fi - fi - fi - fi - fi - if test -n "$found_la"; then - save_libdir="$libdir" - case "$found_la" in - */* | *\\*) . "$found_la" ;; - *) . "./$found_la" ;; - esac - libdir="$save_libdir" - for dep in $dependency_libs; do - case "$dep" in - -L*) - additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` - if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ - && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then - haveit= - if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ - || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then - if test -n "$GCC"; then - case $host_os in - linux* | gnu* | k*bsd*-gnu) haveit=yes;; - esac - fi - fi - if test -z "$haveit"; then - haveit= - for x in $LDFLAGS $LIBNSL; do - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - if test "X$x" = "X-L$additional_libdir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - if test -d "$additional_libdir"; then - LIBNSL="${LIBNSL}${LIBNSL:+ }-L$additional_libdir" - fi - fi - haveit= - for x in $LDFLAGS $LTLIBNSL; do - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - if test "X$x" = "X-L$additional_libdir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - if test -d "$additional_libdir"; then - LTLIBNSL="${LTLIBNSL}${LTLIBNSL:+ }-L$additional_libdir" - fi - fi - fi - fi - ;; - -R*) - dir=`echo "X$dep" | sed -e 's/^X-R//'` - if test "$enable_rpath" != no; then - haveit= - for x in $rpathdirs; do - if test "X$x" = "X$dir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - rpathdirs="$rpathdirs $dir" - fi - haveit= - for x in $ltrpathdirs; do - if test "X$x" = "X$dir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - ltrpathdirs="$ltrpathdirs $dir" - fi - fi - ;; - -l*) - names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` - ;; - *.la) - names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` - ;; - *) - LIBNSL="${LIBNSL}${LIBNSL:+ }$dep" - LTLIBNSL="${LTLIBNSL}${LTLIBNSL:+ }$dep" - ;; - esac - done - fi - else - LIBNSL="${LIBNSL}${LIBNSL:+ }-l$name" - LTLIBNSL="${LTLIBNSL}${LTLIBNSL:+ }-l$name" - fi - fi - fi - done - done - if test "X$rpathdirs" != "X"; then - if test -n "$acl_hardcode_libdir_separator"; then - alldirs= - for found_dir in $rpathdirs; do - alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" - done - acl_save_libdir="$libdir" - libdir="$alldirs" - eval flag=\"$acl_hardcode_libdir_flag_spec\" - libdir="$acl_save_libdir" - LIBNSL="${LIBNSL}${LIBNSL:+ }$flag" - else - for found_dir in $rpathdirs; do - acl_save_libdir="$libdir" - libdir="$found_dir" - eval flag=\"$acl_hardcode_libdir_flag_spec\" - libdir="$acl_save_libdir" - LIBNSL="${LIBNSL}${LIBNSL:+ }$flag" - done - fi - fi - if test "X$ltrpathdirs" != "X"; then - for found_dir in $ltrpathdirs; do - LTLIBNSL="${LTLIBNSL}${LTLIBNSL:+ }-R$found_dir" - done - fi - - - - - - - - ac_save_CPPFLAGS="$CPPFLAGS" - - for element in $INCNSL; do - haveit= - for x in $CPPFLAGS; do - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - if test "X$x" = "X$element"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" - fi - done - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libnsl" >&5 -$as_echo_n "checking for libnsl... " >&6; } -if ${ac_cv_libnsl+:} false; then : - $as_echo_n "(cached) " >&6 -else - - ac_save_LIBS="$LIBS" - case " $LIBNSL" in - *" -l"*) LIBS="$LIBS $LIBNSL" ;; - *) LIBS="$LIBNSL $LIBS" ;; - esac - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -inet_pton(0,0,0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_libnsl=yes -else - ac_cv_libnsl='no' -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - LIBS="$ac_save_LIBS" - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libnsl" >&5 -$as_echo "$ac_cv_libnsl" >&6; } - if test "$ac_cv_libnsl" = yes; then - HAVE_LIBNSL=yes - -$as_echo "#define HAVE_LIBNSL 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libnsl" >&5 -$as_echo_n "checking how to link with libnsl... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBNSL" >&5 -$as_echo "$LIBNSL" >&6; } - else - HAVE_LIBNSL=no - CPPFLAGS="$ac_save_CPPFLAGS" - LIBNSL= - LTLIBNSL= - LIBNSL_PREFIX= - fi - - - - - - - -fi - -if test "$ac_cv_func_clock_gettime" != "yes";then - - - - - - - - - - - - - - use_additional=yes - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - - eval additional_includedir=\"$includedir\" - eval additional_libdir=\"$libdir\" - - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - -# Check whether --with-librt-prefix was given. -if test "${with_librt_prefix+set}" = set; then : - withval=$with_librt_prefix; - if test "X$withval" = "Xno"; then - use_additional=no - else - if test "X$withval" = "X"; then - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - - eval additional_includedir=\"$includedir\" - eval additional_libdir=\"$libdir\" - - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - else - additional_includedir="$withval/include" - additional_libdir="$withval/$acl_libdirstem" - if test "$acl_libdirstem2" != "$acl_libdirstem" \ - && ! test -d "$withval/$acl_libdirstem"; then - additional_libdir="$withval/$acl_libdirstem2" - fi - fi - fi - -fi - - LIBRT= - LTLIBRT= - INCRT= - LIBRT_PREFIX= - HAVE_LIBRT= - rpathdirs= - ltrpathdirs= - names_already_handled= - names_next_round='rt ' - while test -n "$names_next_round"; do - names_this_round="$names_next_round" - names_next_round= - for name in $names_this_round; do - already_handled= - for n in $names_already_handled; do - if test "$n" = "$name"; then - already_handled=yes - break - fi - done - if test -z "$already_handled"; then - names_already_handled="$names_already_handled $name" - uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'` - eval value=\"\$HAVE_LIB$uppername\" - if test -n "$value"; then - if test "$value" = yes; then - eval value=\"\$LIB$uppername\" - test -z "$value" || LIBRT="${LIBRT}${LIBRT:+ }$value" - eval value=\"\$LTLIB$uppername\" - test -z "$value" || LTLIBRT="${LTLIBRT}${LTLIBRT:+ }$value" - else - : - fi - else - found_dir= - found_la= - found_so= - found_a= - eval libname=\"$acl_libname_spec\" # typically: libname=lib$name - if test -n "$acl_shlibext"; then - shrext=".$acl_shlibext" # typically: shrext=.so - else - shrext= - fi - if test $use_additional = yes; then - dir="$additional_libdir" - if test -n "$acl_shlibext"; then - if test -f "$dir/$libname$shrext"; then - found_dir="$dir" - found_so="$dir/$libname$shrext" - else - if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then - ver=`(cd "$dir" && \ - for f in "$libname$shrext".*; do echo "$f"; done \ - | sed -e "s,^$libname$shrext\\\\.,," \ - | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ - | sed 1q ) 2>/dev/null` - if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then - found_dir="$dir" - found_so="$dir/$libname$shrext.$ver" - fi - else - eval library_names=\"$acl_library_names_spec\" - for f in $library_names; do - if test -f "$dir/$f"; then - found_dir="$dir" - found_so="$dir/$f" - break - fi - done - fi - fi - fi - if test "X$found_dir" = "X"; then - if test -f "$dir/$libname.$acl_libext"; then - found_dir="$dir" - found_a="$dir/$libname.$acl_libext" - fi - fi - if test "X$found_dir" != "X"; then - if test -f "$dir/$libname.la"; then - found_la="$dir/$libname.la" - fi - fi - fi - if test "X$found_dir" = "X"; then - for x in $LDFLAGS $LTLIBRT; do - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - case "$x" in - -L*) - dir=`echo "X$x" | sed -e 's/^X-L//'` - if test -n "$acl_shlibext"; then - if test -f "$dir/$libname$shrext"; then - found_dir="$dir" - found_so="$dir/$libname$shrext" - else - if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then - ver=`(cd "$dir" && \ - for f in "$libname$shrext".*; do echo "$f"; done \ - | sed -e "s,^$libname$shrext\\\\.,," \ - | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ - | sed 1q ) 2>/dev/null` - if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then - found_dir="$dir" - found_so="$dir/$libname$shrext.$ver" - fi - else - eval library_names=\"$acl_library_names_spec\" - for f in $library_names; do - if test -f "$dir/$f"; then - found_dir="$dir" - found_so="$dir/$f" - break - fi - done - fi - fi - fi - if test "X$found_dir" = "X"; then - if test -f "$dir/$libname.$acl_libext"; then - found_dir="$dir" - found_a="$dir/$libname.$acl_libext" - fi - fi - if test "X$found_dir" != "X"; then - if test -f "$dir/$libname.la"; then - found_la="$dir/$libname.la" - fi - fi - ;; - esac - if test "X$found_dir" != "X"; then - break - fi - done - fi - if test "X$found_dir" != "X"; then - LTLIBRT="${LTLIBRT}${LTLIBRT:+ }-L$found_dir -l$name" - if test "X$found_so" != "X"; then - if test "$enable_rpath" = no \ - || test "X$found_dir" = "X/usr/$acl_libdirstem" \ - || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then - LIBRT="${LIBRT}${LIBRT:+ }$found_so" - else - haveit= - for x in $ltrpathdirs; do - if test "X$x" = "X$found_dir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - ltrpathdirs="$ltrpathdirs $found_dir" - fi - if test "$acl_hardcode_direct" = yes; then - LIBRT="${LIBRT}${LIBRT:+ }$found_so" - else - if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then - LIBRT="${LIBRT}${LIBRT:+ }$found_so" - haveit= - for x in $rpathdirs; do - if test "X$x" = "X$found_dir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - rpathdirs="$rpathdirs $found_dir" - fi - else - haveit= - for x in $LDFLAGS $LIBRT; do - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - if test "X$x" = "X-L$found_dir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - LIBRT="${LIBRT}${LIBRT:+ }-L$found_dir" - fi - if test "$acl_hardcode_minus_L" != no; then - LIBRT="${LIBRT}${LIBRT:+ }$found_so" - else - LIBRT="${LIBRT}${LIBRT:+ }-l$name" - fi - fi - fi - fi - else - if test "X$found_a" != "X"; then - LIBRT="${LIBRT}${LIBRT:+ }$found_a" - else - LIBRT="${LIBRT}${LIBRT:+ }-L$found_dir -l$name" - fi - fi - additional_includedir= - case "$found_dir" in - */$acl_libdirstem | */$acl_libdirstem/) - basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` - if test "$name" = 'rt'; then - LIBRT_PREFIX="$basedir" - fi - additional_includedir="$basedir/include" - ;; - */$acl_libdirstem2 | */$acl_libdirstem2/) - basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` - if test "$name" = 'rt'; then - LIBRT_PREFIX="$basedir" - fi - additional_includedir="$basedir/include" - ;; - esac - if test "X$additional_includedir" != "X"; then - if test "X$additional_includedir" != "X/usr/include"; then - haveit= - if test "X$additional_includedir" = "X/usr/local/include"; then - if test -n "$GCC"; then - case $host_os in - linux* | gnu* | k*bsd*-gnu) haveit=yes;; - esac - fi - fi - if test -z "$haveit"; then - for x in $CPPFLAGS $INCRT; do - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - if test "X$x" = "X-I$additional_includedir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - if test -d "$additional_includedir"; then - INCRT="${INCRT}${INCRT:+ }-I$additional_includedir" + INCRT="${INCRT}${INCRT:+ }-I$additional_includedir" fi fi fi @@ -15656,13 +14815,6 @@ if test "$ac_have_unicode" != "yes";then fi fi -SUITE_FILE="${srcdir}/tests/suite/mini-eagain2.c" -if test -f "$SUITE_FILE";then - can_do_valgrind_tests=yes -else - can_do_valgrind_tests=no -fi - @@ -15882,19 +15034,17 @@ else for ac_kw in __restrict __restrict__ _Restrict restrict; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -typedef int *int_ptr; - int foo (int_ptr $ac_kw ip) { return ip[0]; } - int bar (int [$ac_kw]); /* Catch GCC bug 14050. */ - int bar (int ip[$ac_kw]) { return ip[0]; } - +typedef int * int_ptr; + int foo (int_ptr $ac_kw ip) { + return ip[0]; + } int main () { int s[1]; - int *$ac_kw t = s; - t[0] = 0; - return foo (t) + bar (t); - + int * $ac_kw t = s; + t[0] = 0; + return foo(t) ; return 0; } @@ -17190,7 +16340,6 @@ _ACEOF HAVE_GETTIMEOFDAY=1; HAVE_STRUCT_TIMEVAL=1; HAVE_SYS_TIME_H=1; - HAVE_TIMEZONE_T=0; REPLACE_GETTIMEOFDAY=0; REPLACE_STRUCT_TIMEVAL=0; @@ -17467,6 +16616,75 @@ fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +$as_echo_n "checking for a sed that does not truncate output... " >&6; } +if ${ac_cv_path_SED+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" + done + echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed + { ac_script=; unset ac_script;} + if test -z "$SED"; then + ac_path_SED_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_SED" || continue +# Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +case `"$ac_path_SED" --version 2>&1` in +*GNU*) + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_SED_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_SED="$ac_path_SED" + ac_path_SED_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_SED_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_SED"; then + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 + fi +else + ac_cv_path_SED=$SED +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +$as_echo "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed + GNULIB__EXIT=0; GNULIB_ATOLL=0; @@ -17486,7 +16704,6 @@ fi GNULIB_PTSNAME=0; GNULIB_PTSNAME_R=0; GNULIB_PUTENV=0; - GNULIB_QSORT_R=0; GNULIB_RANDOM=0; GNULIB_RANDOM_R=0; GNULIB_REALLOC_POSIX=0; @@ -17538,7 +16755,6 @@ fi REPLACE_PTSNAME=0; REPLACE_PTSNAME_R=0; REPLACE_PUTENV=0; - REPLACE_QSORT_R=0; REPLACE_RANDOM_R=0; REPLACE_REALLOC=0; REPLACE_REALPATH=0; @@ -18012,7 +17228,7 @@ else # Guess yes on glibc systems. *-gnu*) gl_cv_func_snprintf_retval_c99="guessing yes";; # Guess yes on FreeBSD >= 5. - freebsd[1-4].*) gl_cv_func_snprintf_retval_c99="guessing no";; + freebsd[1-4]*) gl_cv_func_snprintf_retval_c99="guessing no";; freebsd* | kfreebsd*) gl_cv_func_snprintf_retval_c99="guessing yes";; # Guess yes on Mac OS X >= 10.3. darwin[1-6].*) gl_cv_func_snprintf_retval_c99="guessing no";; @@ -18208,7 +17424,6 @@ fi REPLACE_NULL=0; - HAVE_MAX_ALIGN_T=1; HAVE_WCHAR_T=1; @@ -19476,344 +18691,6 @@ _ACEOF - case "$host_os" in - osf*) - -$as_echo "#define _POSIX_PII_SOCKET 1" >>confdefs.h - - ;; - esac - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether is self-contained" >&5 -$as_echo_n "checking whether is self-contained... " >&6; } -if ${gl_cv_header_sys_socket_h_selfcontained+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - gl_cv_header_sys_socket_h_selfcontained=yes -else - gl_cv_header_sys_socket_h_selfcontained=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_sys_socket_h_selfcontained" >&5 -$as_echo "$gl_cv_header_sys_socket_h_selfcontained" >&6; } - if test $gl_cv_header_sys_socket_h_selfcontained = yes; then - for ac_func in shutdown -do : - ac_fn_c_check_func "$LINENO" "shutdown" "ac_cv_func_shutdown" -if test "x$ac_cv_func_shutdown" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SHUTDOWN 1 -_ACEOF - -fi -done - - if test $ac_cv_func_shutdown = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether defines the SHUT_* macros" >&5 -$as_echo_n "checking whether defines the SHUT_* macros... " >&6; } -if ${gl_cv_header_sys_socket_h_shut+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -int a[] = { SHUT_RD, SHUT_WR, SHUT_RDWR }; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - gl_cv_header_sys_socket_h_shut=yes -else - gl_cv_header_sys_socket_h_shut=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_sys_socket_h_shut" >&5 -$as_echo "$gl_cv_header_sys_socket_h_shut" >&6; } - if test $gl_cv_header_sys_socket_h_shut = no; then - SYS_SOCKET_H='sys/socket.h' - fi - fi - fi - # We need to check for ws2tcpip.h now. - - - - - - - - - : - - - - - - - - - if test $gl_cv_have_include_next = yes; then - gl_cv_next_sys_socket_h='<'sys/socket.h'>' - else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 -$as_echo_n "checking absolute name of ... " >&6; } -if ${gl_cv_next_sys_socket_h+:} false; then : - $as_echo_n "(cached) " >&6 -else - - if test $ac_cv_header_sys_socket_h = yes; then - - - - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -_ACEOF - case "$host_os" in - aix*) gl_absname_cpp="$ac_cpp -C" ;; - *) gl_absname_cpp="$ac_cpp" ;; - esac - - case "$host_os" in - mingw*) - gl_dirsep_regex='[/\\]' - ;; - *) - gl_dirsep_regex='\/' - ;; - esac - gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' - gl_header_literal_regex=`echo 'sys/socket.h' \ - | sed -e "$gl_make_literal_regex_sed"` - gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ - s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ - s|^/[^/]|//&| - p - q - }' - - gl_cv_absolute_sys_socket_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | - sed -n "$gl_absolute_header_sed"` - - gl_header=$gl_cv_absolute_sys_socket_h - gl_cv_next_sys_socket_h='"'$gl_header'"' - else - gl_cv_next_sys_socket_h='<'sys/socket.h'>' - fi - - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_socket_h" >&5 -$as_echo "$gl_cv_next_sys_socket_h" >&6; } - fi - NEXT_SYS_SOCKET_H=$gl_cv_next_sys_socket_h - - if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then - # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' - gl_next_as_first_directive='<'sys/socket.h'>' - else - # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' - gl_next_as_first_directive=$gl_cv_next_sys_socket_h - fi - NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H=$gl_next_as_first_directive - - - - - if test $ac_cv_header_sys_socket_h = yes; then - HAVE_SYS_SOCKET_H=1 - HAVE_WS2TCPIP_H=0 - else - HAVE_SYS_SOCKET_H=0 - if test $ac_cv_header_ws2tcpip_h = yes; then - HAVE_WS2TCPIP_H=1 - else - HAVE_WS2TCPIP_H=0 - fi - fi - - - - ac_fn_c_check_type "$LINENO" "struct sockaddr_storage" "ac_cv_type_struct_sockaddr_storage" " - /* sys/types.h is not needed according to POSIX, but the - sys/socket.h in i386-unknown-freebsd4.10 and - powerpc-apple-darwin5.5 required it. */ -#include -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_WS2TCPIP_H -#include -#endif - -" -if test "x$ac_cv_type_struct_sockaddr_storage" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_SOCKADDR_STORAGE 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "sa_family_t" "ac_cv_type_sa_family_t" " - /* sys/types.h is not needed according to POSIX, but the - sys/socket.h in i386-unknown-freebsd4.10 and - powerpc-apple-darwin5.5 required it. */ -#include -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_WS2TCPIP_H -#include -#endif - -" -if test "x$ac_cv_type_sa_family_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_SA_FAMILY_T 1 -_ACEOF - - -fi - - if test $ac_cv_type_struct_sockaddr_storage = no; then - HAVE_STRUCT_SOCKADDR_STORAGE=0 - fi - if test $ac_cv_type_sa_family_t = no; then - HAVE_SA_FAMILY_T=0 - fi - if test $ac_cv_type_struct_sockaddr_storage != no; then - ac_fn_c_check_member "$LINENO" "struct sockaddr_storage" "ss_family" "ac_cv_member_struct_sockaddr_storage_ss_family" "#include - #ifdef HAVE_SYS_SOCKET_H - #include - #endif - #ifdef HAVE_WS2TCPIP_H - #include - #endif - -" -if test "x$ac_cv_member_struct_sockaddr_storage_ss_family" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY 1 -_ACEOF - - -else - HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY=0 -fi - - fi - if test $HAVE_STRUCT_SOCKADDR_STORAGE = 0 || test $HAVE_SA_FAMILY_T = 0 \ - || test $HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = 0; then - SYS_SOCKET_H='sys/socket.h' - fi - - - - - : - - - - - - if test $ac_cv_header_sys_socket_h != yes; then - for ac_header in winsock2.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" -if test "x$ac_cv_header_winsock2_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_WINSOCK2_H 1 -_ACEOF - -fi - -done - - fi - if test "$ac_cv_header_winsock2_h" = yes; then - HAVE_WINSOCK2_H=1 - UNISTD_H_HAVE_WINSOCK2_H=1 - SYS_IOCTL_H_HAVE_WINSOCK2_H=1 - else - HAVE_WINSOCK2_H=0 - fi - - - - - for gl_func in socket connect accept bind getpeername getsockname getsockopt listen recv send recvfrom sendto setsockopt shutdown accept4; do - as_gl_Symbol=`$as_echo "gl_cv_have_raw_decl_$gl_func" | $as_tr_sh` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $gl_func is declared without a macro" >&5 -$as_echo_n "checking whether $gl_func is declared without a macro... " >&6; } -if eval \${$as_gl_Symbol+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Some systems require prerequisite headers. */ -#include -#include - -int -main () -{ -#undef $gl_func - (void) $gl_func; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$as_gl_Symbol=yes" -else - eval "$as_gl_Symbol=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$as_gl_Symbol - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - if eval test \"x\$"$as_gl_Symbol"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_RAW_DECL_$gl_func" | $as_tr_cpp` 1 -_ACEOF - - eval ac_cv_have_decl_$gl_func=yes -fi - done - - - - - - @@ -19823,7 +18700,6 @@ fi GNULIB_STRPTIME=0; GNULIB_TIMEGM=0; GNULIB_TIME_R=0; - GNULIB_TIME_RZ=0; HAVE_DECL_LOCALTIME_R=1; HAVE_NANOSLEEP=1; HAVE_STRPTIME=1; @@ -19875,7 +18751,6 @@ $as_echo "$gl_cv_sys_struct_timespec_in_time_h" >&6; } TIME_H_DEFINES_STRUCT_TIMESPEC=0 SYS_TIME_H_DEFINES_STRUCT_TIMESPEC=0 PTHREAD_H_DEFINES_STRUCT_TIMESPEC=0 - UNISTD_H_DEFINES_STRUCT_TIMESPEC=0 if test $gl_cv_sys_struct_timespec_in_time_h = yes; then TIME_H_DEFINES_STRUCT_TIMESPEC=1 else @@ -19936,36 +18811,6 @@ fi $as_echo "$gl_cv_sys_struct_timespec_in_pthread_h" >&6; } if test $gl_cv_sys_struct_timespec_in_pthread_h = yes; then PTHREAD_H_DEFINES_STRUCT_TIMESPEC=1 - else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timespec in " >&5 -$as_echo_n "checking for struct timespec in ... " >&6; } -if ${gl_cv_sys_struct_timespec_in_unistd_h+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -int -main () -{ -static struct timespec x; x.tv_sec = x.tv_nsec; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - gl_cv_sys_struct_timespec_in_unistd_h=yes -else - gl_cv_sys_struct_timespec_in_unistd_h=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_sys_struct_timespec_in_unistd_h" >&5 -$as_echo "$gl_cv_sys_struct_timespec_in_unistd_h" >&6; } - if test $gl_cv_sys_struct_timespec_in_unistd_h = yes; then - UNISTD_H_DEFINES_STRUCT_TIMESPEC=1 - fi fi fi fi @@ -19984,7 +18829,6 @@ $as_echo "$gl_cv_sys_struct_timespec_in_unistd_h" >&6; } - if test $gl_cv_have_include_next = yes; then gl_cv_next_time_h='<'time.h'>' else @@ -20930,9 +19774,8 @@ if ${gl_cv_func_ungetc_works+:} false; then : else if test "$cross_compiling" = yes; then : case "$host_os" in - # Guess yes on glibc and bionic systems. - *-gnu*|*-android*) - gl_cv_func_ungetc_works="guessing yes" ;; + # Guess yes on glibc systems. + *-gnu*) gl_cv_func_ungetc_works="guessing yes" ;; # If we don't know, assume the worst. *) gl_cv_func_ungetc_works="guessing no" ;; esac @@ -22155,6 +20998,7 @@ $as_echo "#define GNULIB_TEST_GETLINE 1" >>confdefs.h + : @@ -22687,17 +21531,17 @@ fi # Check whether --enable-ld-version-script was given. if test "${enable_ld_version_script+set}" = set; then : enableval=$enable_ld_version_script; have_ld_version_script=$enableval -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if LD -Wl,--version-script works" >&5 +fi + + if test -z "$have_ld_version_script"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if LD -Wl,--version-script works" >&5 $as_echo_n "checking if LD -Wl,--version-script works... " >&6; } -if ${gl_cv_sys_ld_version_script+:} false; then : - $as_echo_n "(cached) " >&6 -else - gl_cv_sys_ld_version_script=no - save_LDFLAGS=$LDFLAGS - LDFLAGS="$LDFLAGS -Wl,--version-script=conftest.map" - echo foo >conftest.map - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -Wl,--version-script=conftest.map" + cat > conftest.map <conftest.$ac_ext /* end confdefs.h. */ int @@ -22709,9 +21553,14 @@ main () } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - + accepts_syntax_errors=yes else - cat > conftest.map < conftest.map <conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -22732,22 +21581,21 @@ main () } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - gl_cv_sys_ld_version_script=yes -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext + have_ld_version_script=yes +else + have_ld_version_script=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext - rm -f conftest.map - LDFLAGS=$save_LDFLAGS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_sys_ld_version_script" >&5 -$as_echo "$gl_cv_sys_ld_version_script" >&6; } - have_ld_version_script=$gl_cv_sys_ld_version_script -fi - - if test "$have_ld_version_script" = yes; then + else + have_ld_version_script=no + fi + rm -f conftest.map + LDFLAGS="$save_LDFLAGS" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $have_ld_version_script" >&5 +$as_echo "$have_ld_version_script" >&6; } + fi + if test "$have_ld_version_script" = "yes"; then HAVE_LD_VERSION_SCRIPT_TRUE= HAVE_LD_VERSION_SCRIPT_FALSE='#' else @@ -23909,12 +22757,8 @@ else /* Test _Alignas only on platforms where gnulib can help. */ #if \ ((defined __cplusplus && 201103 <= __cplusplus) \ - || (defined __APPLE__ && defined __MACH__ \ - ? 4 < __GNUC__ + (1 <= __GNUC_MINOR__) \ - : __GNUC__) \ - || __HP_cc || __HP_aCC || __IBMC__ || __IBMCPP__ \ - || __ICC || 0x5110 <= __SUNPRO_C \ - || 1300 <= _MSC_VER) + || __GNUC__ || __IBMC__ || __IBMCPP__ || __ICC \ + || 0x5110 <= __SUNPRO_C || 1300 <= _MSC_VER) struct alignas_test { char c; char alignas (8) alignas_8; }; char test_alignas[offsetof (struct alignas_test, alignas_8) == 8 ? 1 : -1]; @@ -23985,15 +22829,6 @@ fi STDDEF_H= - ac_fn_c_check_type "$LINENO" "max_align_t" "ac_cv_type_max_align_t" "#include - -" -if test "x$ac_cv_type_max_align_t" = xyes; then : - -else - HAVE_MAX_ALIGN_T=0; STDDEF_H=stddef.h -fi - if test $gt_cv_c_wchar_t = no; then HAVE_WCHAR_T=0 STDDEF_H=stddef.h @@ -24123,8 +22958,6 @@ $as_echo "$gl_cv_next_stddef_h" >&6; } - - if test $gl_cv_have_include_next = yes; then gl_cv_next_stdio_h='<'stdio.h'>' else @@ -24189,48 +23022,6 @@ $as_echo "$gl_cv_next_stdio_h" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking which flavor of printf attribute matches inttypes macros" >&5 -$as_echo_n "checking which flavor of printf attribute matches inttypes macros... " >&6; } -if ${gl_cv_func_printf_attribute_flavor+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #define __STDC_FORMAT_MACROS 1 - #include - #include - /* For non-mingw systems, compilation will trivially succeed. - For mingw, compilation will succeed for older mingw (system - printf, "I64d") and fail for newer mingw (gnu printf, "lld"). */ - #if ((defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__) && \ - (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4)) - extern char PRIdMAX_probe[sizeof PRIdMAX == sizeof "I64d" ? 1 : -1]; - #endif - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - gl_cv_func_printf_attribute_flavor=system -else - gl_cv_func_printf_attribute_flavor=gnu -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_printf_attribute_flavor" >&5 -$as_echo "$gl_cv_func_printf_attribute_flavor" >&6; } - if test "$gl_cv_func_printf_attribute_flavor" = gnu; then - -$as_echo "#define GNULIB_PRINTF_ATTRIBUTE_FLAVOR_GNU 1" >>confdefs.h - - fi - GNULIB_FSCANF=1 @@ -24762,63 +23553,234 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #ifndef __OPTIMIZE__ - # define __OPTIMIZE__ 1 - #endif - #undef __OPTIMIZE_SIZE__ - #undef __NO_INLINE__ - #include - #include + #ifndef __OPTIMIZE__ + # define __OPTIMIZE__ 1 + #endif + #undef __OPTIMIZE_SIZE__ + #undef __NO_INLINE__ + #include + #include + +int +main () +{ +static const char dummy[] = "\177\01a"; + char delimiters[] = "xxxxxxxx"; + char *save_ptr = (char *) dummy; + strtok_r (delimiters, "x", &save_ptr); + strtok_r (NULL, "x", &save_ptr); + return 0; + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_strtok_r_works=yes +else + gl_cv_func_strtok_r_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_strtok_r_works" >&5 +$as_echo "$gl_cv_func_strtok_r_works" >&6; } + case "$gl_cv_func_strtok_r_works" in + *no) + UNDEFINE_STRTOK_R=1 + ;; + esac + else + HAVE_STRTOK_R=0 + fi + + : + + + + + + if test $ac_cv_have_decl_strtok_r = no; then + HAVE_DECL_STRTOK_R=0 + fi + + if test $HAVE_STRTOK_R = 0 || test $REPLACE_STRTOK_R = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS strtok_r.$ac_objext" + + + : + + fi + + + + + + GNULIB_STRTOK_R=1 + + + + + +$as_echo "#define GNULIB_TEST_STRTOK_R 1" >>confdefs.h + + + + + + + + for ac_func in strverscmp +do : + ac_fn_c_check_func "$LINENO" "strverscmp" "ac_cv_func_strverscmp" +if test "x$ac_cv_func_strverscmp" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STRVERSCMP 1 +_ACEOF + +fi +done + + if test $ac_cv_func_strverscmp = no; then + HAVE_STRVERSCMP=0 + fi + + if test $HAVE_STRVERSCMP = 0; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS strverscmp.$ac_objext" + + + : + + fi + + + + + + GNULIB_STRVERSCMP=1 + + + + + +$as_echo "#define GNULIB_TEST_STRVERSCMP 1" >>confdefs.h + + + + + + + + case "$host_os" in + osf*) + +$as_echo "#define _POSIX_PII_SOCKET 1" >>confdefs.h + + ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether is self-contained" >&5 +$as_echo_n "checking whether is self-contained... " >&6; } +if ${gl_cv_header_sys_socket_h_selfcontained+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_sys_socket_h_selfcontained=yes +else + gl_cv_header_sys_socket_h_selfcontained=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_sys_socket_h_selfcontained" >&5 +$as_echo "$gl_cv_header_sys_socket_h_selfcontained" >&6; } + if test $gl_cv_header_sys_socket_h_selfcontained = yes; then + for ac_func in shutdown +do : + ac_fn_c_check_func "$LINENO" "shutdown" "ac_cv_func_shutdown" +if test "x$ac_cv_func_shutdown" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SHUTDOWN 1 +_ACEOF + +fi +done + + if test $ac_cv_func_shutdown = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether defines the SHUT_* macros" >&5 +$as_echo_n "checking whether defines the SHUT_* macros... " >&6; } +if ${gl_cv_header_sys_socket_h_shut+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include int main () { -static const char dummy[] = "\177\01a"; - char delimiters[] = "xxxxxxxx"; - char *save_ptr = (char *) dummy; - strtok_r (delimiters, "x", &save_ptr); - strtok_r (NULL, "x", &save_ptr); - return 0; - +int a[] = { SHUT_RD, SHUT_WR, SHUT_RDWR }; ; return 0; } - _ACEOF -if ac_fn_c_try_run "$LINENO"; then : - gl_cv_func_strtok_r_works=yes +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_sys_socket_h_shut=yes else - gl_cv_func_strtok_r_works=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext + gl_cv_header_sys_socket_h_shut=no fi - +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_strtok_r_works" >&5 -$as_echo "$gl_cv_func_strtok_r_works" >&6; } - case "$gl_cv_func_strtok_r_works" in - *no) - UNDEFINE_STRTOK_R=1 - ;; - esac - else - HAVE_STRTOK_R=0 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_sys_socket_h_shut" >&5 +$as_echo "$gl_cv_header_sys_socket_h_shut" >&6; } + if test $gl_cv_header_sys_socket_h_shut = no; then + SYS_SOCKET_H='sys/socket.h' + fi + fi fi + # We need to check for ws2tcpip.h now. - : - if test $ac_cv_have_decl_strtok_r = no; then - HAVE_DECL_STRTOK_R=0 - fi - if test $HAVE_STRTOK_R = 0 || test $REPLACE_STRTOK_R = 1; then + : @@ -24826,75 +23788,241 @@ $as_echo "$gl_cv_func_strtok_r_works" >&6; } - gl_LIBOBJS="$gl_LIBOBJS strtok_r.$ac_objext" + if test $gl_cv_have_include_next = yes; then + gl_cv_next_sys_socket_h='<'sys/socket.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_sys_socket_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_sys_socket_h = yes; then - : - fi + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'sys/socket.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_sys_socket_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + gl_header=$gl_cv_absolute_sys_socket_h + gl_cv_next_sys_socket_h='"'$gl_header'"' + else + gl_cv_next_sys_socket_h='<'sys/socket.h'>' + fi - GNULIB_STRTOK_R=1 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_socket_h" >&5 +$as_echo "$gl_cv_next_sys_socket_h" >&6; } + fi + NEXT_SYS_SOCKET_H=$gl_cv_next_sys_socket_h + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'sys/socket.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_sys_socket_h + fi + NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H=$gl_next_as_first_directive -$as_echo "#define GNULIB_TEST_STRTOK_R 1" >>confdefs.h + if test $ac_cv_header_sys_socket_h = yes; then + HAVE_SYS_SOCKET_H=1 + HAVE_WS2TCPIP_H=0 + else + HAVE_SYS_SOCKET_H=0 + if test $ac_cv_header_ws2tcpip_h = yes; then + HAVE_WS2TCPIP_H=1 + else + HAVE_WS2TCPIP_H=0 + fi + fi + ac_fn_c_check_type "$LINENO" "struct sockaddr_storage" "ac_cv_type_struct_sockaddr_storage" " + /* sys/types.h is not needed according to POSIX, but the + sys/socket.h in i386-unknown-freebsd4.10 and + powerpc-apple-darwin5.5 required it. */ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif +" +if test "x$ac_cv_type_struct_sockaddr_storage" = xyes; then : +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_SOCKADDR_STORAGE 1 +_ACEOF - for ac_func in strverscmp -do : - ac_fn_c_check_func "$LINENO" "strverscmp" "ac_cv_func_strverscmp" -if test "x$ac_cv_func_strverscmp" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_STRVERSCMP 1 +fi +ac_fn_c_check_type "$LINENO" "sa_family_t" "ac_cv_type_sa_family_t" " + /* sys/types.h is not needed according to POSIX, but the + sys/socket.h in i386-unknown-freebsd4.10 and + powerpc-apple-darwin5.5 required it. */ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif + +" +if test "x$ac_cv_type_sa_family_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_SA_FAMILY_T 1 _ACEOF + fi -done - if test $ac_cv_func_strverscmp = no; then - HAVE_STRVERSCMP=0 + if test $ac_cv_type_struct_sockaddr_storage = no; then + HAVE_STRUCT_SOCKADDR_STORAGE=0 + fi + if test $ac_cv_type_sa_family_t = no; then + HAVE_SA_FAMILY_T=0 fi + if test $ac_cv_type_struct_sockaddr_storage != no; then + ac_fn_c_check_member "$LINENO" "struct sockaddr_storage" "ss_family" "ac_cv_member_struct_sockaddr_storage_ss_family" "#include + #ifdef HAVE_SYS_SOCKET_H + #include + #endif + #ifdef HAVE_WS2TCPIP_H + #include + #endif - if test $HAVE_STRVERSCMP = 0; then +" +if test "x$ac_cv_member_struct_sockaddr_storage_ss_family" = xyes; then : +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY 1 +_ACEOF +else + HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY=0 +fi + fi + if test $HAVE_STRUCT_SOCKADDR_STORAGE = 0 || test $HAVE_SA_FAMILY_T = 0 \ + || test $HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = 0; then + SYS_SOCKET_H='sys/socket.h' + fi - gl_LIBOBJS="$gl_LIBOBJS strverscmp.$ac_objext" + : - : - fi + if test $ac_cv_header_sys_socket_h != yes; then + for ac_header in winsock2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" +if test "x$ac_cv_header_winsock2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WINSOCK2_H 1 +_ACEOF +fi +done - GNULIB_STRVERSCMP=1 + fi + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_WINSOCK2_H=1 + UNISTD_H_HAVE_WINSOCK2_H=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H=1 + else + HAVE_WINSOCK2_H=0 + fi + for gl_func in socket connect accept bind getpeername getsockname getsockopt listen recv send recvfrom sendto setsockopt shutdown accept4; do + as_gl_Symbol=`$as_echo "gl_cv_have_raw_decl_$gl_func" | $as_tr_sh` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $gl_func is declared without a macro" >&5 +$as_echo_n "checking whether $gl_func is declared without a macro... " >&6; } +if eval \${$as_gl_Symbol+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ -$as_echo "#define GNULIB_TEST_STRVERSCMP 1" >>confdefs.h +/* Some systems require prerequisite headers. */ +#include +#include +int +main () +{ +#undef $gl_func + (void) $gl_func; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$as_gl_Symbol=yes" +else + eval "$as_gl_Symbol=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$as_gl_Symbol + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + if eval test \"x\$"$as_gl_Symbol"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_RAW_DECL_$gl_func" | $as_tr_cpp` 1 +_ACEOF + eval ac_cv_have_decl_$gl_func=yes +fi + done @@ -28830,13 +27958,12 @@ else gl_cv_func_dup2_works="guessing no" ;; cygwin*) # on cygwin 1.5.x, dup2(1,1) returns 0 gl_cv_func_dup2_works="guessing no" ;; - aix* | freebsd*) - # on AIX 7.1 and FreeBSD 6.1, dup2 (1,toobig) gives EMFILE, - # not EBADF. + linux*) # On linux between 2008-07-27 and 2009-05-11, dup2 of a + # closed fd may yield -EBADF instead of -1 / errno=EBADF. gl_cv_func_dup2_works="guessing no" ;; - haiku*) # on Haiku alpha 2, dup2(1, 1) resets FD_CLOEXEC. + freebsd*) # on FreeBSD 6.1, dup2(1,1000000) gives EMFILE, not EBADF. gl_cv_func_dup2_works="guessing no" ;; - *-android*) # implemented using dup3(), which fails if oldfd == newfd + haiku*) # on Haiku alpha 2, dup2(1, 1) resets FD_CLOEXEC. gl_cv_func_dup2_works="guessing no" ;; *) gl_cv_func_dup2_works="guessing yes" ;; esac @@ -28844,52 +27971,36 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include - #include - #include - #include - #include - #ifndef RLIM_SAVED_CUR - # define RLIM_SAVED_CUR RLIM_INFINITY - #endif - #ifndef RLIM_SAVED_MAX - # define RLIM_SAVED_MAX RLIM_INFINITY - #endif - + #include +#include +#include int main () { int result = 0; - int bad_fd = INT_MAX; - struct rlimit rlim; - if (getrlimit (RLIMIT_NOFILE, &rlim) == 0 - && 0 <= rlim.rlim_cur && rlim.rlim_cur <= INT_MAX - && rlim.rlim_cur != RLIM_INFINITY - && rlim.rlim_cur != RLIM_SAVED_MAX - && rlim.rlim_cur != RLIM_SAVED_CUR) - bad_fd = rlim.rlim_cur; - #ifdef FD_CLOEXEC - if (fcntl (1, F_SETFD, FD_CLOEXEC) == -1) - result |= 1; - #endif - if (dup2 (1, 1) != 1) - result |= 2; - #ifdef FD_CLOEXEC - if (fcntl (1, F_GETFD) != FD_CLOEXEC) - result |= 4; - #endif - close (0); - if (dup2 (0, 0) != -1) - result |= 8; - /* Many gnulib modules require POSIX conformance of EBADF. */ - if (dup2 (2, bad_fd) == -1 && errno != EBADF) - result |= 16; - /* Flush out some cygwin core dumps. */ - if (dup2 (2, -1) != -1 || errno != EBADF) - result |= 32; - dup2 (2, 255); - dup2 (2, 256); - return result; +#ifdef FD_CLOEXEC + if (fcntl (1, F_SETFD, FD_CLOEXEC) == -1) + result |= 1; +#endif + if (dup2 (1, 1) == 0) + result |= 2; +#ifdef FD_CLOEXEC + if (fcntl (1, F_GETFD) != FD_CLOEXEC) + result |= 4; +#endif + close (0); + if (dup2 (0, 0) != -1) + result |= 8; + /* Many gnulib modules require POSIX conformance of EBADF. */ + if (dup2 (2, 1000000) == -1 && errno != EBADF) + result |= 16; + /* Flush out some cygwin core dumps. */ + if (dup2 (2, -1) != -1 || errno != EBADF) + result |= 32; + dup2 (2, 255); + dup2 (2, 256); + return result; + ; return 0; } @@ -29425,239 +28536,6 @@ $as_echo "#define GNULIB_TEST_FSTAT 1" >>confdefs.h - - - if test $HAVE_FTELLO = 0 || test $REPLACE_FTELLO = 1; then - REPLACE_FTELL=1 - fi - - if test $REPLACE_FTELL = 1; then - - - - - - - - - ggl_LIBOBJS="$ggl_LIBOBJS ftell.$ac_objext" - - fi - - - - - - GNULIB_FTELL=1 - - - - - -$as_echo "#define GNULIB_TEST_FTELL 1" >>confdefs.h - - - - - - - - - - - - - : - - - - - - if test $ac_cv_have_decl_ftello = no; then - HAVE_DECL_FTELLO=0 - fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ftello" >&5 -$as_echo_n "checking for ftello... " >&6; } -if ${gl_cv_func_ftello+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -ftello (stdin); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - gl_cv_func_ftello=yes -else - gl_cv_func_ftello=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_ftello" >&5 -$as_echo "$gl_cv_func_ftello" >&6; } - if test $gl_cv_func_ftello = no; then - HAVE_FTELLO=0 - else - if test $WINDOWS_64_BIT_OFF_T = 1; then - REPLACE_FTELLO=1 - fi - if test $gl_cv_var_stdin_large_offset = no; then - REPLACE_FTELLO=1 - fi - if test $REPLACE_FTELLO = 0; then - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ftello works" >&5 -$as_echo_n "checking whether ftello works... " >&6; } -if ${gl_cv_func_ftello_works+:} false; then : - $as_echo_n "(cached) " >&6 -else - - case "$host_os" in - # Guess no on Solaris. - solaris*) gl_cv_func_ftello_works="guessing no" ;; - # Guess yes otherwise. - *) gl_cv_func_ftello_works="guessing yes" ;; - esac - if test "$cross_compiling" = yes; then : - : -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -#include -#include -#define TESTFILE "conftest.tmp" -int -main (void) -{ - FILE *fp; - - /* Create a file with some contents. */ - fp = fopen (TESTFILE, "w"); - if (fp == NULL) - return 70; - if (fwrite ("foogarsh", 1, 8, fp) < 8) - return 71; - if (fclose (fp)) - return 72; - - /* The file's contents is now "foogarsh". */ - - /* Try writing after reading to EOF. */ - fp = fopen (TESTFILE, "r+"); - if (fp == NULL) - return 73; - if (fseek (fp, -1, SEEK_END)) - return 74; - if (!(getc (fp) == 'h')) - return 1; - if (!(getc (fp) == EOF)) - return 2; - if (!(ftell (fp) == 8)) - return 3; - if (!(ftell (fp) == 8)) - return 4; - if (!(putc ('!', fp) == '!')) - return 5; - if (!(ftell (fp) == 9)) - return 6; - if (!(fclose (fp) == 0)) - return 7; - fp = fopen (TESTFILE, "r"); - if (fp == NULL) - return 75; - { - char buf[10]; - if (!(fread (buf, 1, 10, fp) == 9)) - return 10; - if (!(memcmp (buf, "foogarsh!", 9) == 0)) - return 11; - } - if (!(fclose (fp) == 0)) - return 12; - - /* The file's contents is now "foogarsh!". */ - - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - gl_cv_func_ftello_works=yes -else - gl_cv_func_ftello_works=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_ftello_works" >&5 -$as_echo "$gl_cv_func_ftello_works" >&6; } - case "$gl_cv_func_ftello_works" in - *yes) ;; - *) - REPLACE_FTELLO=1 - -$as_echo "#define FTELLO_BROKEN_AFTER_SWITCHING_FROM_READ_TO_WRITE 1" >>confdefs.h - - ;; - esac - fi - fi - - if test $HAVE_FTELLO = 0 || test $REPLACE_FTELLO = 1; then - - - - - - - - - ggl_LIBOBJS="$ggl_LIBOBJS ftello.$ac_objext" - - - for ac_func in _ftelli64 -do : - ac_fn_c_check_func "$LINENO" "_ftelli64" "ac_cv_func__ftelli64" -if test "x$ac_cv_func__ftelli64" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE__FTELLI64 1 -_ACEOF - -fi -done - - - fi - - - - - - GNULIB_FTELLO=1 - - - - - -$as_echo "#define GNULIB_TEST_FTELLO 1" >>confdefs.h - - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to do getaddrinfo, freeaddrinfo and getnameinfo" >&5 $as_echo "$as_me: checking how to do getaddrinfo, freeaddrinfo and getnameinfo" >&6;} GETADDRINFO_LIB= @@ -31510,9 +30388,6 @@ $as_echo "#define GNULIB_TEST_MEMCHR 1" >>confdefs.h - - - : @@ -32236,7 +31111,6 @@ cat >>confdefs.h <<_ACEOF #define HAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME $ac_have_decl _ACEOF - : @@ -33298,6 +32172,202 @@ $as_echo "#define GNULIB_TEST_SOCKET 1" >>confdefs.h + + + + : + + + + + + if test $ac_cv_header_sys_socket_h != yes; then + for ac_header in winsock2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" +if test "x$ac_cv_header_winsock2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WINSOCK2_H 1 +_ACEOF + +fi + +done + + fi + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_WINSOCK2_H=1 + UNISTD_H_HAVE_WINSOCK2_H=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H=1 + else + HAVE_WINSOCK2_H=0 + fi + + LIBSOCKET= + if test $HAVE_WINSOCK2_H = 1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we need to call WSAStartup in winsock2.h and -lws2_32" >&5 +$as_echo_n "checking if we need to call WSAStartup in winsock2.h and -lws2_32... " >&6; } +if ${gl_cv_func_wsastartup+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_LIBS="$LIBS" + LIBS="$LIBS -lws2_32" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_WINSOCK2_H +# include +#endif +int +main () +{ + + WORD wVersionRequested = MAKEWORD(1, 1); + WSADATA wsaData; + int err = WSAStartup(wVersionRequested, &wsaData); + WSACleanup (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_func_wsastartup=yes +else + gl_cv_func_wsastartup=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gl_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_wsastartup" >&5 +$as_echo "$gl_cv_func_wsastartup" >&6; } + if test "$gl_cv_func_wsastartup" = "yes"; then + +$as_echo "#define WINDOWS_SOCKETS 1" >>confdefs.h + + LIBSOCKET='-lws2_32' + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing setsockopt" >&5 +$as_echo_n "checking for library containing setsockopt... " >&6; } +if ${gl_cv_lib_socket+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_cv_lib_socket= + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +extern +#ifdef __cplusplus +"C" +#endif +char setsockopt(); +int +main () +{ +setsockopt(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +else + gl_save_LIBS="$LIBS" + LIBS="$gl_save_LIBS -lsocket" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +extern +#ifdef __cplusplus +"C" +#endif +char setsockopt(); +int +main () +{ +setsockopt(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_lib_socket="-lsocket" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$gl_cv_lib_socket"; then + LIBS="$gl_save_LIBS -lnetwork" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +extern +#ifdef __cplusplus +"C" +#endif +char setsockopt(); +int +main () +{ +setsockopt(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_lib_socket="-lnetwork" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$gl_cv_lib_socket"; then + LIBS="$gl_save_LIBS -lnet" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +extern +#ifdef __cplusplus +"C" +#endif +char setsockopt(); +int +main () +{ +setsockopt(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_lib_socket="-lnet" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + fi + fi + LIBS="$gl_save_LIBS" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$gl_cv_lib_socket"; then + gl_cv_lib_socket="none needed" + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_lib_socket" >&5 +$as_echo "$gl_cv_lib_socket" >&6; } + if test "$gl_cv_lib_socket" != "none needed"; then + LIBSOCKET="$gl_cv_lib_socket" + fi + fi + + + + + + + : + + ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" " /* is not needed according to POSIX, but the in i386-unknown-freebsd4.10 and @@ -33421,12 +32491,8 @@ else /* Test _Alignas only on platforms where gnulib can help. */ #if \ ((defined __cplusplus && 201103 <= __cplusplus) \ - || (defined __APPLE__ && defined __MACH__ \ - ? 4 < __GNUC__ + (1 <= __GNUC_MINOR__) \ - : __GNUC__) \ - || __HP_cc || __HP_aCC || __IBMC__ || __IBMCPP__ \ - || __ICC || 0x5110 <= __SUNPRO_C \ - || 1300 <= _MSC_VER) + || __GNUC__ || __IBMC__ || __IBMCPP__ || __ICC \ + || 0x5110 <= __SUNPRO_C || 1300 <= _MSC_VER) struct alignas_test { char c; char alignas (8) alignas_8; }; char test_alignas[offsetof (struct alignas_test, alignas_8) == 8 ? 1 : -1]; @@ -33497,15 +32563,6 @@ fi STDDEF_H= - ac_fn_c_check_type "$LINENO" "max_align_t" "ac_cv_type_max_align_t" "#include - -" -if test "x$ac_cv_type_max_align_t" = xyes; then : - -else - HAVE_MAX_ALIGN_T=0; STDDEF_H=stddef.h -fi - if test $gt_cv_c_wchar_t = no; then HAVE_WCHAR_T=0 STDDEF_H=stddef.h @@ -33635,8 +32692,6 @@ $as_echo "$gl_cv_next_stddef_h" >&6; } - - if test $gl_cv_have_include_next = yes; then gl_cv_next_stdio_h='<'stdio.h'>' else @@ -33701,48 +32756,6 @@ $as_echo "$gl_cv_next_stdio_h" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking which flavor of printf attribute matches inttypes macros" >&5 -$as_echo_n "checking which flavor of printf attribute matches inttypes macros... " >&6; } -if ${gl_cv_func_printf_attribute_flavor+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #define __STDC_FORMAT_MACROS 1 - #include - #include - /* For non-mingw systems, compilation will trivially succeed. - For mingw, compilation will succeed for older mingw (system - printf, "I64d") and fail for newer mingw (gnu printf, "lld"). */ - #if ((defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__) && \ - (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4)) - extern char PRIdMAX_probe[sizeof PRIdMAX == sizeof "I64d" ? 1 : -1]; - #endif - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - gl_cv_func_printf_attribute_flavor=system -else - gl_cv_func_printf_attribute_flavor=gnu -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_printf_attribute_flavor" >&5 -$as_echo "$gl_cv_func_printf_attribute_flavor" >&6; } - if test "$gl_cv_func_printf_attribute_flavor" = gnu; then - -$as_echo "#define GNULIB_PRINTF_ATTRIBUTE_FLAVOR_GNU 1" >>confdefs.h - - fi - GNULIB_FSCANF=1 @@ -34131,94 +33144,353 @@ done fi - fi - - - - + fi + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether is self-contained" >&5 +$as_echo_n "checking whether is self-contained... " >&6; } +if ${gl_cv_header_sys_select_h_selfcontained+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +struct timeval b; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_sys_select_h_selfcontained=yes +else + gl_cv_header_sys_select_h_selfcontained=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $gl_cv_header_sys_select_h_selfcontained = yes; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +int memset; int bzero; + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + + #undef memset + #define memset nonexistent_memset + extern + #ifdef __cplusplus + "C" + #endif + void *memset (void *, int, unsigned long); + #undef bzero + #define bzero nonexistent_bzero + extern + #ifdef __cplusplus + "C" + #endif + void bzero (void *, unsigned long); + fd_set fds; + FD_ZERO (&fds); + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +else + gl_cv_header_sys_select_h_selfcontained=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_sys_select_h_selfcontained" >&5 +$as_echo "$gl_cv_header_sys_select_h_selfcontained" >&6; } + + + + + + + : + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_sys_select_h='<'sys/select.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_sys_select_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_sys_select_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'sys/select.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_sys_select_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_sys_select_h + gl_cv_next_sys_select_h='"'$gl_header'"' + else + gl_cv_next_sys_select_h='<'sys/select.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_select_h" >&5 +$as_echo "$gl_cv_next_sys_select_h" >&6; } + fi + NEXT_SYS_SELECT_H=$gl_cv_next_sys_select_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'sys/select.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_sys_select_h + fi + NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_sys_select_h = yes; then + HAVE_SYS_SELECT_H=1 + else + HAVE_SYS_SELECT_H=0 + fi + + + + + + : + + + + + + if test $ac_cv_header_sys_socket_h != yes; then + for ac_header in winsock2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" +if test "x$ac_cv_header_winsock2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WINSOCK2_H 1 +_ACEOF + +fi + +done + + fi + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_WINSOCK2_H=1 + UNISTD_H_HAVE_WINSOCK2_H=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H=1 + else + HAVE_WINSOCK2_H=0 + fi + + - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether is self-contained" >&5 -$as_echo_n "checking whether is self-contained... " >&6; } -if ${gl_cv_header_sys_select_h_selfcontained+:} false; then : + for gl_func in pselect select; do + as_gl_Symbol=`$as_echo "gl_cv_have_raw_decl_$gl_func" | $as_tr_sh` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $gl_func is declared without a macro" >&5 +$as_echo_n "checking whether $gl_func is declared without a macro... " >&6; } +if eval \${$as_gl_Symbol+:} false; then : $as_echo_n "(cached) " >&6 else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ + +/* Some systems require prerequisite headers. */ +#include +#if !(defined __GLIBC__ && !defined __UCLIBC__) && HAVE_SYS_TIME_H +# include +#endif #include + int main () { -struct timeval b; +#undef $gl_func + (void) $gl_func; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - gl_cv_header_sys_select_h_selfcontained=yes + eval "$as_gl_Symbol=yes" else - gl_cv_header_sys_select_h_selfcontained=no + eval "$as_gl_Symbol=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - if test $gl_cv_header_sys_select_h_selfcontained = yes; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +fi +eval ac_res=\$$as_gl_Symbol + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + if eval test \"x\$"$as_gl_Symbol"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_RAW_DECL_$gl_func" | $as_tr_cpp` 1 +_ACEOF + + eval ac_cv_have_decl_$gl_func=yes +fi + done + + + + + + + + case "$host_os" in + osf*) + +$as_echo "#define _POSIX_PII_SOCKET 1" >>confdefs.h + + ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether is self-contained" >&5 +$as_echo_n "checking whether is self-contained... " >&6; } +if ${gl_cv_header_sys_socket_h_selfcontained+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include +#include int main () { -int memset; int bzero; + ; return 0; } - _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + gl_cv_header_sys_socket_h_selfcontained=yes +else + gl_cv_header_sys_socket_h_selfcontained=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_sys_socket_h_selfcontained" >&5 +$as_echo "$gl_cv_header_sys_socket_h_selfcontained" >&6; } + if test $gl_cv_header_sys_socket_h_selfcontained = yes; then + for ac_func in shutdown +do : + ac_fn_c_check_func "$LINENO" "shutdown" "ac_cv_func_shutdown" +if test "x$ac_cv_func_shutdown" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SHUTDOWN 1 +_ACEOF + +fi +done + + if test $ac_cv_func_shutdown = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether defines the SHUT_* macros" >&5 +$as_echo_n "checking whether defines the SHUT_* macros... " >&6; } +if ${gl_cv_header_sys_socket_h_shut+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include +#include int main () { - - #undef memset - #define memset nonexistent_memset - extern - #ifdef __cplusplus - "C" - #endif - void *memset (void *, int, unsigned long); - #undef bzero - #define bzero nonexistent_bzero - extern - #ifdef __cplusplus - "C" - #endif - void bzero (void *, unsigned long); - fd_set fds; - FD_ZERO (&fds); - +int a[] = { SHUT_RD, SHUT_WR, SHUT_RDWR }; ; return 0; } - _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_sys_socket_h_shut=yes else - gl_cv_header_sys_select_h_selfcontained=no + gl_cv_header_sys_socket_h_shut=no fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_sys_socket_h_shut" >&5 +$as_echo "$gl_cv_header_sys_socket_h_shut" >&6; } + if test $gl_cv_header_sys_socket_h_shut = no; then + SYS_SOCKET_H='sys/socket.h' fi + fi + fi + # We need to check for ws2tcpip.h now. + -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_sys_select_h_selfcontained" >&5 -$as_echo "$gl_cv_header_sys_select_h_selfcontained" >&6; } @@ -34235,22 +33507,22 @@ $as_echo "$gl_cv_header_sys_select_h_selfcontained" >&6; } if test $gl_cv_have_include_next = yes; then - gl_cv_next_sys_select_h='<'sys/select.h'>' + gl_cv_next_sys_socket_h='<'sys/socket.h'>' else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 -$as_echo_n "checking absolute name of ... " >&6; } -if ${gl_cv_next_sys_select_h+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_sys_socket_h+:} false; then : $as_echo_n "(cached) " >&6 else - if test $ac_cv_header_sys_select_h = yes; then + if test $ac_cv_header_sys_socket_h = yes; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include +#include _ACEOF case "$host_os" in aix*) gl_absname_cpp="$ac_cpp -C" ;; @@ -34266,7 +33538,7 @@ _ACEOF ;; esac gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' - gl_header_literal_regex=`echo 'sys/select.h' \ + gl_header_literal_regex=`echo 'sys/socket.h' \ | sed -e "$gl_make_literal_regex_sed"` gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ @@ -34275,42 +33547,125 @@ _ACEOF q }' - gl_cv_absolute_sys_select_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + gl_cv_absolute_sys_socket_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | sed -n "$gl_absolute_header_sed"` - gl_header=$gl_cv_absolute_sys_select_h - gl_cv_next_sys_select_h='"'$gl_header'"' + gl_header=$gl_cv_absolute_sys_socket_h + gl_cv_next_sys_socket_h='"'$gl_header'"' else - gl_cv_next_sys_select_h='<'sys/select.h'>' + gl_cv_next_sys_socket_h='<'sys/socket.h'>' fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_select_h" >&5 -$as_echo "$gl_cv_next_sys_select_h" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_socket_h" >&5 +$as_echo "$gl_cv_next_sys_socket_h" >&6; } fi - NEXT_SYS_SELECT_H=$gl_cv_next_sys_select_h + NEXT_SYS_SOCKET_H=$gl_cv_next_sys_socket_h if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' - gl_next_as_first_directive='<'sys/select.h'>' + gl_next_as_first_directive='<'sys/socket.h'>' else # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' - gl_next_as_first_directive=$gl_cv_next_sys_select_h + gl_next_as_first_directive=$gl_cv_next_sys_socket_h fi - NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H=$gl_next_as_first_directive + NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H=$gl_next_as_first_directive - if test $ac_cv_header_sys_select_h = yes; then - HAVE_SYS_SELECT_H=1 + if test $ac_cv_header_sys_socket_h = yes; then + HAVE_SYS_SOCKET_H=1 + HAVE_WS2TCPIP_H=0 else - HAVE_SYS_SELECT_H=0 + HAVE_SYS_SOCKET_H=0 + if test $ac_cv_header_ws2tcpip_h = yes; then + HAVE_WS2TCPIP_H=1 + else + HAVE_WS2TCPIP_H=0 + fi fi + ac_fn_c_check_type "$LINENO" "struct sockaddr_storage" "ac_cv_type_struct_sockaddr_storage" " + /* sys/types.h is not needed according to POSIX, but the + sys/socket.h in i386-unknown-freebsd4.10 and + powerpc-apple-darwin5.5 required it. */ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif + +" +if test "x$ac_cv_type_struct_sockaddr_storage" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_SOCKADDR_STORAGE 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "sa_family_t" "ac_cv_type_sa_family_t" " + /* sys/types.h is not needed according to POSIX, but the + sys/socket.h in i386-unknown-freebsd4.10 and + powerpc-apple-darwin5.5 required it. */ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif + +" +if test "x$ac_cv_type_sa_family_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_SA_FAMILY_T 1 +_ACEOF + + +fi + + if test $ac_cv_type_struct_sockaddr_storage = no; then + HAVE_STRUCT_SOCKADDR_STORAGE=0 + fi + if test $ac_cv_type_sa_family_t = no; then + HAVE_SA_FAMILY_T=0 + fi + if test $ac_cv_type_struct_sockaddr_storage != no; then + ac_fn_c_check_member "$LINENO" "struct sockaddr_storage" "ss_family" "ac_cv_member_struct_sockaddr_storage_ss_family" "#include + #ifdef HAVE_SYS_SOCKET_H + #include + #endif + #ifdef HAVE_WS2TCPIP_H + #include + #endif + +" +if test "x$ac_cv_member_struct_sockaddr_storage_ss_family" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY 1 +_ACEOF + + +else + HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY=0 +fi + + fi + if test $HAVE_STRUCT_SOCKADDR_STORAGE = 0 || test $HAVE_SA_FAMILY_T = 0 \ + || test $HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = 0; then + SYS_SOCKET_H='sys/socket.h' + fi + + : @@ -34344,7 +33699,7 @@ done - for gl_func in pselect select; do + for gl_func in socket connect accept bind getpeername getsockname getsockopt listen recv send recvfrom sendto setsockopt shutdown accept4; do as_gl_Symbol=`$as_echo "gl_cv_have_raw_decl_$gl_func" | $as_tr_sh` { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $gl_func is declared without a macro" >&5 $as_echo_n "checking whether $gl_func is declared without a macro... " >&6; } @@ -34356,10 +33711,7 @@ else /* Some systems require prerequisite headers. */ #include -#if !(defined __GLIBC__ && !defined __UCLIBC__) && HAVE_SYS_TIME_H -# include -#endif -#include +#include int main () @@ -34402,8 +33754,6 @@ fi - - : @@ -35377,21 +34727,6 @@ done -if test "$can_do_valgrind_tests" != "yes";then - VALGRIND="" - - opt_valgrind_tests=no -fi - - if test "$opt_valgrind_tests" != no; then - WANT_TEST_SUITE_TRUE= - WANT_TEST_SUITE_FALSE='#' -else - WANT_TEST_SUITE_TRUE='#' - WANT_TEST_SUITE_FALSE= -fi - - # Check whether --enable-gcc-warnings was given. if test "${enable_gcc_warnings+set}" = set; then : @@ -35401,7 +34736,7 @@ if test "${enable_gcc_warnings+set}" = set; then : esac gl_gcc_warnings=$enableval else - gl_gcc_warnings=yes + gl_gcc_warnings=no fi @@ -35445,14 +34780,14 @@ else fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Wframe-larger-than=2048" >&5 -$as_echo_n "checking whether C compiler handles -Wframe-larger-than=2048... " >&6; } -if ${gl_cv_warn_c__Wframe_larger_than_2048+:} false; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Wframe-larger-than=1024" >&5 +$as_echo_n "checking whether C compiler handles -Wframe-larger-than=1024... " >&6; } +if ${gl_cv_warn_c__Wframe_larger_than_1024+:} false; then : $as_echo_n "(cached) " >&6 else gl_save_compiler_FLAGS="$CFLAGS" - as_fn_append CFLAGS " $gl_unknown_warnings_are_errors -Wframe-larger-than=2048" + as_fn_append CFLAGS " $gl_unknown_warnings_are_errors -Wframe-larger-than=1024" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -35465,19 +34800,19 @@ main () } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - gl_cv_warn_c__Wframe_larger_than_2048=yes + gl_cv_warn_c__Wframe_larger_than_1024=yes else - gl_cv_warn_c__Wframe_larger_than_2048=no + gl_cv_warn_c__Wframe_larger_than_1024=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext CFLAGS="$gl_save_compiler_FLAGS" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_c__Wframe_larger_than_2048" >&5 -$as_echo "$gl_cv_warn_c__Wframe_larger_than_2048" >&6; } -if test "x$gl_cv_warn_c__Wframe_larger_than_2048" = xyes; then : - as_fn_append WSTACK_CFLAGS " -Wframe-larger-than=2048" +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_c__Wframe_larger_than_1024" >&5 +$as_echo "$gl_cv_warn_c__Wframe_larger_than_1024" >&6; } +if test "x$gl_cv_warn_c__Wframe_larger_than_1024" = xyes; then : + as_fn_append WSTACK_CFLAGS " -Wframe-larger-than=1024" fi @@ -35486,14 +34821,23 @@ fi nw="$nw -Wc++-compat" # We don't care about C++ compilers nw="$nw -Wundef" # Warns on '#if GNULIB_FOO' etc in gnulib nw="$nw -Wtraditional" # Warns on #elif which we use often + nw="$nw -Wlogical-op" # Too many false positives + nw="$nw -Wold-style-definition" # nw="$nw -Wpadded" # Our structs are not padded + nw="$nw -Wunreachable-code" # Too many false positives nw="$nw -Wtraditional-conversion" # Too many warnings for now + nw="$nw -Wcast-qual" # Too many warnings for now + nw="$nw -Waggregate-return" # Too many warnings for now + nw="$nw -Wshadow" # Too many warnings for now nw="$nw -Wswitch-default" # Too many warnings for now + nw="$nw -Wswitch-enum" # Too many warnings for now + nw="$nw -Wconversion" # Too many warnings for now + nw="$nw -Wsign-conversion" # Too many warnings for now nw="$nw -Wformat-y2k" # Too many warnings for now nw="$nw -Woverlength-strings" # We use some in tests/ nw="$nw -Wvla" # There is no point to avoid C99 variable length arrays nw="$nw -Wformat-nonliteral" # Incompatible with gettext _() - nw="$nw -Wformat-signedness" # Too many to handle + nw="$nw -Wunsafe-loop-optimizations" nw="$nw -Wstrict-overflow" nw="$nw -Wmissing-noreturn" nw="$nw -Winline" # Too compiler dependent @@ -35611,14 +34955,6 @@ $as_echo "$gl_cv_cc_uninitialized_supported" >&6; } fi # List all gcc warning categories. - # To compare this list to your installed GCC's, run this Bash command: - # - # comm -3 \ - # <(sed -n 's/^ *\(-[^ ]*\) .*/\1/p' manywarnings.m4 | sort) \ - # <(gcc --help=warnings | sed -n 's/^ \(-[^ ]*\) .*/\1/p' | sort | - # grep -v -x -f <( - # awk '/^[^#]/ {print ws}' ../build-aux/gcc-warning.spec)) - gl_manywarn_set= for gl_manywarn_item in \ -W \ @@ -35626,25 +34962,20 @@ $as_echo "$gl_cv_cc_uninitialized_supported" >&6; } -Waddress \ -Waggressive-loop-optimizations \ -Wall \ + -Warray-bounds \ -Wattributes \ -Wbad-function-cast \ - -Wbool-compare \ -Wbuiltin-macro-redefined \ -Wcast-align \ -Wchar-subscripts \ - -Wchkp \ -Wclobbered \ -Wcomment \ -Wcomments \ -Wcoverage-mismatch \ -Wcpp \ - -Wdate-time \ -Wdeprecated \ -Wdeprecated-declarations \ - -Wdesignated-init \ -Wdisabled-optimization \ - -Wdiscarded-array-qualifiers \ - -Wdiscarded-qualifiers \ -Wdiv-by-zero \ -Wdouble-promotion \ -Wempty-body \ @@ -35655,7 +34986,6 @@ $as_echo "$gl_cv_cc_uninitialized_supported" >&6; } -Wformat-extra-args \ -Wformat-nonliteral \ -Wformat-security \ - -Wformat-signedness \ -Wformat-y2k \ -Wformat-zero-length \ -Wfree-nonheap-object \ @@ -35663,19 +34993,15 @@ $as_echo "$gl_cv_cc_uninitialized_supported" >&6; } -Wimplicit \ -Wimplicit-function-declaration \ -Wimplicit-int \ - -Wincompatible-pointer-types \ -Winit-self \ -Winline \ - -Wint-conversion \ -Wint-to-pointer-cast \ -Winvalid-memory-model \ -Winvalid-pch \ -Wjump-misses-init \ - -Wlogical-not-parentheses \ -Wlogical-op \ -Wmain \ -Wmaybe-uninitialized \ - -Wmemset-transposed-args \ -Wmissing-braces \ -Wmissing-declarations \ -Wmissing-field-initializers \ @@ -35686,10 +35012,9 @@ $as_echo "$gl_cv_cc_uninitialized_supported" >&6; } -Wnarrowing \ -Wnested-externs \ -Wnonnull \ - -Wodr \ + -Wnormalized=nfc \ -Wold-style-declaration \ -Wold-style-definition \ - -Wopenmp-simd \ -Woverflow \ -Woverlength-strings \ -Woverride-init \ @@ -35704,9 +35029,6 @@ $as_echo "$gl_cv_cc_uninitialized_supported" >&6; } -Wreturn-type \ -Wsequence-point \ -Wshadow \ - -Wshift-count-negative \ - -Wshift-count-overflow \ - -Wsizeof-array-argument \ -Wsizeof-pointer-memaccess \ -Wstack-protector \ -Wstrict-aliasing \ @@ -35716,10 +35038,7 @@ $as_echo "$gl_cv_cc_uninitialized_supported" >&6; } -Wsuggest-attribute=format \ -Wsuggest-attribute=noreturn \ -Wsuggest-attribute=pure \ - -Wsuggest-final-methods \ - -Wsuggest-final-types \ -Wswitch \ - -Wswitch-bool \ -Wswitch-default \ -Wsync-nand \ -Wsystem-headers \ @@ -35746,27 +35065,13 @@ $as_echo "$gl_cv_cc_uninitialized_supported" >&6; } -Wvla \ -Wvolatile-register-var \ -Wwrite-strings \ + -fdiagnostics-show-option \ + -funit-at-a-time \ \ ; do gl_manywarn_set="$gl_manywarn_set $gl_manywarn_item" done - # gcc --help=warnings outputs an unusual form for these options; list - # them here so that the above 'comm' command doesn't report a false match. - gl_manywarn_set="$gl_manywarn_set -Warray-bounds=2" - gl_manywarn_set="$gl_manywarn_set -Wnormalized=nfc" - - # These are needed for older GCC versions. - if test -n "$GCC"; then - case `($CC --version) 2>/dev/null` in - 'gcc (GCC) '[0-3].* | \ - 'gcc (GCC) '4.[0-7].*) - gl_manywarn_set="$gl_manywarn_set -fdiagnostics-show-option" - gl_manywarn_set="$gl_manywarn_set -funit-at-a-time" - ;; - esac - fi - # Disable specific options as needed. if test "$gl_cv_cc_nomfi_needed" = yes; then gl_manywarn_set="$gl_manywarn_set -Wno-missing-field-initializers" @@ -47068,132 +46373,6 @@ $as_echo "$as_me: WARNING: fi fi - -# Check whether --with-idn was given. -if test "${with_idn+set}" = set; then : - withval=$with_idn; try_libidn="$withval" -else - try_libidn=yes -fi - - -if test "$try_libidn" = yes;then - -pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBIDN" >&5 -$as_echo_n "checking for LIBIDN... " >&6; } - -if test -n "$PKG_CONFIG"; then - if test -n "$LIBIDN_CFLAGS"; then - pkg_cv_LIBIDN_CFLAGS="$LIBIDN_CFLAGS" - else - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libidn >= 0.5.6\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libidn >= 0.5.6") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_LIBIDN_CFLAGS=`$PKG_CONFIG --cflags "libidn >= 0.5.6" 2>/dev/null` -else - pkg_failed=yes -fi - fi -else - pkg_failed=untried -fi -if test -n "$PKG_CONFIG"; then - if test -n "$LIBIDN_LIBS"; then - pkg_cv_LIBIDN_LIBS="$LIBIDN_LIBS" - else - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libidn >= 0.5.6\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libidn >= 0.5.6") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_LIBIDN_LIBS=`$PKG_CONFIG --libs "libidn >= 0.5.6" 2>/dev/null` -else - pkg_failed=yes -fi - fi -else - pkg_failed=untried -fi - - - -if test $pkg_failed = yes; then - -if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then - _pkg_short_errors_supported=yes -else - _pkg_short_errors_supported=no -fi - if test $_pkg_short_errors_supported = yes; then - LIBIDN_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libidn >= 0.5.6"` - else - LIBIDN_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libidn >= 0.5.6"` - fi - # Put the nasty error message in config.log where it belongs - echo "$LIBIDN_PKG_ERRORS" >&5 - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - with_libidn=no -elif test $pkg_failed = untried; then - with_libidn=no -else - LIBIDN_CFLAGS=$pkg_cv_LIBIDN_CFLAGS - LIBIDN_LIBS=$pkg_cv_LIBIDN_LIBS - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - with_libidn=yes -fi -if test "$with_libidn" != "no";then - if ! $PKG_CONFIG --atleast-version=1.31 libidn; then - with_buggy_libidn=yes - fi - - -$as_echo "#define HAVE_LIBIDN 1" >>confdefs.h - - if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then - GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn" - else - GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn" - fi -else - with_libidn=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: -*** -*** libidn was not found. IDNA support will be disabled. -*** " >&5 -$as_echo "$as_me: WARNING: -*** -*** libidn was not found. IDNA support will be disabled. -*** " >&2;} -fi -else - with_libidn=no -fi - - if test "$with_libidn" != "no"; then - HAVE_LIBIDN_TRUE= - HAVE_LIBIDN_FALSE='#' -else - HAVE_LIBIDN_TRUE='#' - HAVE_LIBIDN_FALSE= -fi - - if test "$with_buggy_libidn" = "yes"; then - HAVE_BUGGY_LIBIDN_TRUE= - HAVE_BUGGY_LIBIDN_FALSE='#' -else - HAVE_BUGGY_LIBIDN_TRUE='#' - HAVE_BUGGY_LIBIDN_FALSE= -fi - - # Check whether --enable-non-suiteb-curves was given. if test "${enable_non_suiteb_curves+set}" = set; then : enableval=$enable_non_suiteb_curves; enable_non_suiteb=$enableval @@ -47206,14 +46385,6 @@ if test "$enable_non_suiteb" = "yes" ;then $as_echo "#define ENABLE_NON_SUITEB_CURVES 1" >>confdefs.h fi - if test "$enable_non_suiteb" = "yes"; then - ENABLE_NON_SUITEB_CURVES_TRUE= - ENABLE_NON_SUITEB_CURVES_FALSE='#' -else - ENABLE_NON_SUITEB_CURVES_TRUE='#' - ENABLE_NON_SUITEB_CURVES_FALSE= -fi - if test "$enable_self_checks" = "yes"; then ENABLE_SELF_CHECKS_TRUE= @@ -47307,11 +46478,7 @@ else if test -f /var/lib/unbound/root.key;then unbound_root_key_file="/var/lib/unbound/root.key" else - if test -f /usr/share/dns/root.key;then - unbound_root_key_file="/usr/share/dns/root.key" - else - unbound_root_key_file="/etc/unbound/root.key" - fi + unbound_root_key_file="/etc/unbound/root.key" fi fi @@ -47340,8 +46507,7 @@ cat >>confdefs.h <<_ACEOF _ACEOF - -P11_KIT_MINIMUM=0.23.1 +P11_KIT_MINIMUM=0.20.0 # Check whether --with-p11-kit was given. if test "${with_p11_kit+set}" = set; then : @@ -47431,12 +46597,16 @@ $as_echo "#define ENABLE_PKCS11 1" >>confdefs.h fi else with_p11_kit=no - as_fn_error $? " + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: *** -*** p11-kit >= $P11_KIT_MINIMUM was not found. To disable PKCS #11 support -*** use --without-p11-kit, otherwise you may get p11-kit from -*** http://p11-glue.freedesktop.org/p11-kit.html -*** " "$LINENO" 5 +*** p11-kit >= $P11_KIT_MINIMUM was not found. PKCS #11 support will be disabled. +*** You may get it from http://p11-glue.freedesktop.org/p11-kit.html +*** " >&5 +$as_echo "$as_me: WARNING: +*** +*** p11-kit >= $P11_KIT_MINIMUM was not found. PKCS #11 support will be disabled. +*** You may get it from http://p11-glue.freedesktop.org/p11-kit.html +*** " >&2;} fi fi @@ -47513,30 +46683,6 @@ else fi -if test -f "/usr/lib64/libtspi.so.1";then -default_trousers_lib="/usr/lib64/libtspi.so.1" -else -default_trousers_lib="/usr/lib/libtspi.so.1" -fi - - -# Check whether --with-trousers-lib was given. -if test "${with_trousers_lib+set}" = set; then : - withval=$with_trousers_lib; ac_trousers_lib=$withval -else - ac_trousers_lib=$default_trousers_lib -fi - - - -cat >>confdefs.h <<_ACEOF -#define TROUSERS_LIB "$ac_trousers_lib" -_ACEOF - - - -included_libopts=no -if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then ac_header_dirent=no @@ -47785,62 +46931,6 @@ fi done - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working stdnoreturn.h" >&5 -$as_echo_n "checking for working stdnoreturn.h... " >&6; } -if ${gl_cv_header_working_stdnoreturn_h+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - #include - /* Do not check for 'noreturn' after the return type. - C11 allows it, but it's rarely done that way - and circa-2012 bleeding-edge GCC rejects it when given - -Werror=old-style-declaration. */ - noreturn void foo1 (void) { exit (0); } - _Noreturn void foo2 (void) { exit (0); } - int testit (int argc, char **argv) { - if (argc & 1) - return 0; - (argv[0][0] ? foo1 : foo2) (); - } - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - gl_cv_header_working_stdnoreturn_h=yes -else - gl_cv_header_working_stdnoreturn_h=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_working_stdnoreturn_h" >&5 -$as_echo "$gl_cv_header_working_stdnoreturn_h" >&6; } - - if test $gl_cv_header_working_stdnoreturn_h = yes; then - STDNORETURN_H='' - else - STDNORETURN_H='stdnoreturn.h' - fi - - - if test -n "$STDNORETURN_H"; then - GL_GENERATE_STDNORETURN_H_TRUE= - GL_GENERATE_STDNORETURN_H_FALSE='#' -else - GL_GENERATE_STDNORETURN_H_TRUE='#' - GL_GENERATE_STDNORETURN_H_FALSE= -fi - - - # ---------------------------------------------------------------------- # check for various programs used during the build. # On OS/X, "wchar.h" needs "runetype.h" to work properly. @@ -48033,46 +47123,37 @@ _ACEOF fi -ac_fn_c_check_type "$LINENO" "ptrdiff_t" "ac_cv_type_ptrdiff_t" "$ac_includes_default" -if test "x$ac_cv_type_ptrdiff_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_PTRDIFF_T 1 -_ACEOF - - -fi # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of char *" >&5 -$as_echo_n "checking size of char *... " >&6; } -if ${ac_cv_sizeof_char_p+:} false; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of char*" >&5 +$as_echo_n "checking size of char*... " >&6; } +if ${ac_cv_sizeof_charp+:} false; then : $as_echo_n "(cached) " >&6 else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (char *))" "ac_cv_sizeof_char_p" "$ac_includes_default"; then : + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (char*))" "ac_cv_sizeof_charp" "$ac_includes_default"; then : else - if test "$ac_cv_type_char_p" = yes; then + if test "$ac_cv_type_charp" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "cannot compute sizeof (char *) +as_fn_error 77 "cannot compute sizeof (char*) See \`config.log' for more details" "$LINENO" 5; } else - ac_cv_sizeof_char_p=0 + ac_cv_sizeof_charp=0 fi fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_char_p" >&5 -$as_echo "$ac_cv_sizeof_char_p" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_charp" >&5 +$as_echo "$ac_cv_sizeof_charp" >&6; } cat >>confdefs.h <<_ACEOF -#define SIZEOF_CHAR_P $ac_cv_sizeof_char_p +#define SIZEOF_CHARP $ac_cv_sizeof_charp _ACEOF @@ -48821,14 +47902,14 @@ fi Xyes|Xno|X ) case "X${libopts_cv_with_libregex_root}" in Xyes|Xno|X ) libopts_cv_with_libregex_cflags=no ;; - * ) libopts_cv_with_libregex_cflags=-I${libopts_cv_with_libregex_root}/include ;; + * ) libopts_cv_with_libregex_cflags=-I${libopts_cv_with_libregex_root}/include ;; esac esac case "X${libopts_cv_with_libregex_libs}" in Xyes|Xno|X ) case "X${libopts_cv_with_libregex_root}" in Xyes|Xno|X ) libopts_cv_with_libregex_libs=no ;; - * ) libopts_cv_with_libregex_libs="-L${libopts_cv_with_libregex_root}/lib -lregex" ;; + * ) libopts_cv_with_libregex_libs="-L${libopts_cv_with_libregex_root}/lib -lregex";; esac esac libopts_save_CPPFLAGS="${CPPFLAGS}" @@ -48862,7 +47943,7 @@ else #include #include REGEX_HEADER static regex_t re; -void comp_re(char const * pzPat) { +void comp_re( char const* pzPat ) { int res = regcomp( &re, pzPat, REG_EXTENDED|REG_ICASE|REG_NEWLINE ); if (res == 0) return; exit( res ); } @@ -48925,8 +48006,8 @@ else /* end confdefs.h. */ #include #include -int main (int argc, char ** argv) { - char * pz = pathfind( getenv( "PATH" ), "sh", "x" ); +int main (int argc, char** argv) { + char* pz = pathfind( getenv( "PATH" ), "sh", "x" ); return (pz == 0) ? 1 : 0; } _ACEOF @@ -48998,7 +48079,7 @@ else /* end confdefs.h. */ #include #include -int main (int argc, char ** argv) { +int main (int argc, char** argv) { #ifndef PATH_MAX choke me!! #else @@ -49101,8 +48182,8 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include -int main (int argc, char ** argv) { -FILE * fp = fopen("conftest.$ac_ext", "rb"); +int main (int argc, char** argv) { +FILE* fp = fopen("conftest.$ac_ext", "rb"); return (fp == NULL) ? 1 : fclose(fp); } _ACEOF if ac_fn_c_try_run "$LINENO"; then : @@ -49147,8 +48228,8 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include -int main (int argc, char ** argv) { -FILE * fp = fopen("conftest.$ac_ext", "rt"); +int main (int argc, char** argv) { +FILE* fp = fopen("conftest.$ac_ext", "rt"); return (fp == NULL) ? 1 : fclose(fp); } _ACEOF if ac_fn_c_try_run "$LINENO"; then : @@ -49212,100 +48293,25 @@ $as_echo "#define NO_OPTIONAL_OPT_ARGS 1" >>confdefs.h # end of AC_DEFUN of LIBOPTS_CHECK - if test "$NEED_LIBOPTS_DIR" = "true";then - missing_baks= - for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do - nam=`echo $i|sed 's/.bak//g'` - if test -f $i;then - cp -f $i $nam - else - missing_baks=true - fi - done - if test -z "$missing_baks"; then - AUTOGEN=/bin/true - +if test "$NEED_LIBOPTS_DIR" = "true";then + missing_baks= + for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do + nam=`echo $i|sed 's/.bak//g'` + if test -f $i;then + cp -f $i $nam + else + missing_baks=true fi - included_libopts=yes - fi -else - # Need to ensure the relevant conditionals get set - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working stdnoreturn.h" >&5 -$as_echo_n "checking for working stdnoreturn.h... " >&6; } -if ${gl_cv_header_working_stdnoreturn_h+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - #include - /* Do not check for 'noreturn' after the return type. - C11 allows it, but it's rarely done that way - and circa-2012 bleeding-edge GCC rejects it when given - -Werror=old-style-declaration. */ - noreturn void foo1 (void) { exit (0); } - _Noreturn void foo2 (void) { exit (0); } - int testit (int argc, char **argv) { - if (argc & 1) - return 0; - (argv[0][0] ? foo1 : foo2) (); - } - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - gl_cv_header_working_stdnoreturn_h=yes -else - gl_cv_header_working_stdnoreturn_h=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_working_stdnoreturn_h" >&5 -$as_echo "$gl_cv_header_working_stdnoreturn_h" >&6; } + done + if test -z "$missing_baks"; then + AUTOGEN=/bin/true - if test $gl_cv_header_working_stdnoreturn_h = yes; then - STDNORETURN_H='' - else - STDNORETURN_H='stdnoreturn.h' - fi - - - if test -n "$STDNORETURN_H"; then - GL_GENERATE_STDNORETURN_H_TRUE= - GL_GENERATE_STDNORETURN_H_FALSE='#' -else - GL_GENERATE_STDNORETURN_H_TRUE='#' - GL_GENERATE_STDNORETURN_H_FALSE= -fi - - - if false; then - INSTALL_LIBOPTS_TRUE= - INSTALL_LIBOPTS_FALSE='#' -else - INSTALL_LIBOPTS_TRUE='#' - INSTALL_LIBOPTS_FALSE= -fi - - if false; then - NEED_LIBOPTS_TRUE= - NEED_LIBOPTS_FALSE='#' + fi + enable_local_libopts=yes else - NEED_LIBOPTS_TRUE='#' - NEED_LIBOPTS_FALSE= + enable_local_libopts=no fi - - included_libopts=yes -fi - - if test "$included_libopts" = "yes"; then + if test "$enable_local_libopts" = "yes"; then NEED_LIBOPTS_TRUE= NEED_LIBOPTS_FALSE='#' else @@ -50019,26 +49025,11 @@ _ACEOF fi -# Check whether --with-default-trust-store-dir was given. -if test "${with_default_trust_store_dir+set}" = set; then : - withval=$with_default_trust_store_dir; -fi - - -if test "x$with_default_trust_store_dir" != x; then - -cat >>confdefs.h <<_ACEOF -#define DEFAULT_TRUST_STORE_DIR "$with_default_trust_store_dir" -_ACEOF - -fi - - # Check whether --with-default-trust-store-file was given. if test "${with_default_trust_store_file+set}" = set; then : withval=$with_default_trust_store_file; with_default_trust_store_file="$withval" else - if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x;then + if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x;then for i in \ /etc/ssl/ca-bundle.pem \ /etc/ssl/certs/ca-certificates.crt \ @@ -50622,9 +49613,81 @@ if test "${enable_crywrap+set}" = set; then : fi + libidn=no if test "x$enable_crywrap" != "xno" ; then - for ac_func in argp_usage + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBIDN" >&5 +$as_echo_n "checking for LIBIDN... " >&6; } + +if test -n "$PKG_CONFIG"; then + if test -n "$LIBIDN_CFLAGS"; then + pkg_cv_LIBIDN_CFLAGS="$LIBIDN_CFLAGS" + else + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libidn >= 0.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libidn >= 0.0.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBIDN_CFLAGS=`$PKG_CONFIG --cflags "libidn >= 0.0.0" 2>/dev/null` +else + pkg_failed=yes +fi + fi +else + pkg_failed=untried +fi +if test -n "$PKG_CONFIG"; then + if test -n "$LIBIDN_LIBS"; then + pkg_cv_LIBIDN_LIBS="$LIBIDN_LIBS" + else + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libidn >= 0.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libidn >= 0.0.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBIDN_LIBS=`$PKG_CONFIG --libs "libidn >= 0.0.0" 2>/dev/null` +else + pkg_failed=yes +fi + fi +else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LIBIDN_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libidn >= 0.0.0"` + else + LIBIDN_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libidn >= 0.0.0"` + fi + # Put the nasty error message in config.log where it belongs + echo "$LIBIDN_PKG_ERRORS" >&5 + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + libidn=no +elif test $pkg_failed = untried; then + libidn=no +else + LIBIDN_CFLAGS=$pkg_cv_LIBIDN_CFLAGS + LIBIDN_LIBS=$pkg_cv_LIBIDN_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + libidn=yes +fi + for ac_func in argp_usage do : ac_fn_c_check_func "$LINENO" "argp_usage" "ac_cv_func_argp_usage" if test "x$ac_cv_func_argp_usage" = xyes; then : @@ -50637,9 +49700,10 @@ else fi done - if test "$ac_cv_func_daemon" != "no" && test "$ac_argp" != "no" && test "$with_libidn" != "no";then - crywrap=yes - fi + fi + + if test "x$libidn" != "xno" && test "$ac_cv_func_daemon" != "no" && test "$ac_argp" != "no";then + crywrap=yes fi fi @@ -50804,20 +49868,12 @@ if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then as_fn_error $? "conditional \"am__fastdepCXX\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${ENABLE_DOC_TRUE}" && test -z "${ENABLE_DOC_FALSE}"; then - as_fn_error $? "conditional \"ENABLE_DOC\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi -if test -z "${ENABLE_TOOLS_TRUE}" && test -z "${ENABLE_TOOLS_FALSE}"; then - as_fn_error $? "conditional \"ENABLE_TOOLS\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi if test -z "${ENABLE_CXX_TRUE}" && test -z "${ENABLE_CXX_FALSE}"; then as_fn_error $? "conditional \"ENABLE_CXX\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${ANDROID_TRUE}" && test -z "${ANDROID_FALSE}"; then - as_fn_error $? "conditional \"ANDROID\" was never defined. +if test -z "${WANT_TEST_SUITE_TRUE}" && test -z "${WANT_TEST_SUITE_FALSE}"; then + as_fn_error $? "conditional \"WANT_TEST_SUITE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${WINDOWS_TRUE}" && test -z "${WINDOWS_FALSE}"; then @@ -50832,10 +49888,6 @@ if test -z "${ELF_TRUE}" && test -z "${ELF_FALSE}"; then as_fn_error $? "conditional \"ELF\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${ENABLE_PADLOCK_TRUE}" && test -z "${ENABLE_PADLOCK_FALSE}"; then - as_fn_error $? "conditional \"ENABLE_PADLOCK\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi if test -z "${ASM_X86_64_TRUE}" && test -z "${ASM_X86_64_FALSE}"; then as_fn_error $? "conditional \"ASM_X86_64\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -50872,6 +49924,10 @@ if test -z "${ENABLE_ALPN_TRUE}" && test -z "${ENABLE_ALPN_FALSE}"; then as_fn_error $? "conditional \"ENABLE_ALPN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${ENABLE_RSA_EXPORT_TRUE}" && test -z "${ENABLE_RSA_EXPORT_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_RSA_EXPORT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${ENABLE_HEARTBEAT_TRUE}" && test -z "${ENABLE_HEARTBEAT_FALSE}"; then as_fn_error $? "conditional \"ENABLE_HEARTBEAT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -50912,6 +49968,10 @@ if test -z "${ENABLE_OPENSSL_TRUE}" && test -z "${ENABLE_OPENSSL_FALSE}"; then as_fn_error $? "conditional \"ENABLE_OPENSSL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${ENABLE_DOC_TRUE}" && test -z "${ENABLE_DOC_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_DOC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${ENABLE_TESTS_TRUE}" && test -z "${ENABLE_TESTS_FALSE}"; then as_fn_error $? "conditional \"ENABLE_TESTS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -51084,26 +50144,10 @@ fi ggltests_LTLIBOBJS=$ggltests_ltlibobjs -if test -z "${WANT_TEST_SUITE_TRUE}" && test -z "${WANT_TEST_SUITE_FALSE}"; then - as_fn_error $? "conditional \"WANT_TEST_SUITE\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi if test -z "${ENABLE_FIPS140_TRUE}" && test -z "${ENABLE_FIPS140_FALSE}"; then as_fn_error $? "conditional \"ENABLE_FIPS140\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${HAVE_LIBIDN_TRUE}" && test -z "${HAVE_LIBIDN_FALSE}"; then - as_fn_error $? "conditional \"HAVE_LIBIDN\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi -if test -z "${HAVE_BUGGY_LIBIDN_TRUE}" && test -z "${HAVE_BUGGY_LIBIDN_FALSE}"; then - as_fn_error $? "conditional \"HAVE_BUGGY_LIBIDN\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi -if test -z "${ENABLE_NON_SUITEB_CURVES_TRUE}" && test -z "${ENABLE_NON_SUITEB_CURVES_FALSE}"; then - as_fn_error $? "conditional \"ENABLE_NON_SUITEB_CURVES\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi if test -z "${ENABLE_SELF_CHECKS_TRUE}" && test -z "${ENABLE_SELF_CHECKS_FALSE}"; then as_fn_error $? "conditional \"ENABLE_SELF_CHECKS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -51120,22 +50164,6 @@ if test -z "${ENABLE_TROUSERS_TRUE}" && test -z "${ENABLE_TROUSERS_FALSE}"; then as_fn_error $? "conditional \"ENABLE_TROUSERS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${GL_GENERATE_STDNORETURN_H_TRUE}" && test -z "${GL_GENERATE_STDNORETURN_H_FALSE}"; then - as_fn_error $? "conditional \"GL_GENERATE_STDNORETURN_H\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi -if test -z "${INSTALL_LIBOPTS_TRUE}" && test -z "${INSTALL_LIBOPTS_FALSE}"; then - as_fn_error $? "conditional \"INSTALL_LIBOPTS\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi -if test -z "${NEED_LIBOPTS_TRUE}" && test -z "${NEED_LIBOPTS_FALSE}"; then - as_fn_error $? "conditional \"NEED_LIBOPTS\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi -if test -z "${GL_GENERATE_STDNORETURN_H_TRUE}" && test -z "${GL_GENERATE_STDNORETURN_H_FALSE}"; then - as_fn_error $? "conditional \"GL_GENERATE_STDNORETURN_H\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi if test -z "${INSTALL_LIBOPTS_TRUE}" && test -z "${INSTALL_LIBOPTS_FALSE}"; then as_fn_error $? "conditional \"INSTALL_LIBOPTS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -51557,7 +50585,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by GnuTLS $as_me 3.4.11, which was +This file was extended by GnuTLS $as_me 3.3.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -51627,7 +50655,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -GnuTLS config.status 3.4.11 +GnuTLS config.status 3.3.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -53885,10 +52913,9 @@ fi Build system: ${build} Install prefix: ${prefix} Compiler: ${CC} - Valgrind: $opt_valgrind_tests ${VALGRIND} CFlags: ${CFLAGS} Library types: Shared=${enable_shared}, Static=${enable_static} - Local libopts: ${included_libopts} + Local libopts: ${enable_local_libopts} Local libtasn1: ${included_libtasn1} Use nettle-mini: ${mini_nettle} " >&5 @@ -53899,10 +52926,9 @@ $as_echo "$as_me: summary of build options: Build system: ${build} Install prefix: ${prefix} Compiler: ${CC} - Valgrind: $opt_valgrind_tests ${VALGRIND} CFlags: ${CFLAGS} Library types: Shared=${enable_shared}, Static=${enable_static} - Local libopts: ${included_libopts} + Local libopts: ${enable_local_libopts} Local libtasn1: ${included_libtasn1} Use nettle-mini: ${mini_nettle} " >&6;} @@ -53911,8 +52937,6 @@ $as_echo "$as_me: summary of build options: /dev/crypto: $enable_cryptodev Hardware accel: $hw_accel - Padlock accel: $use_padlock - getrandom variant: $enable_getrandom PKCS#11 support: $with_p11_kit TPM support: $with_tpm " >&5 @@ -53920,19 +52944,9 @@ $as_echo "$as_me: External hardware support: /dev/crypto: $enable_cryptodev Hardware accel: $hw_accel - Padlock accel: $use_padlock - getrandom variant: $enable_getrandom PKCS#11 support: $with_p11_kit TPM support: $with_tpm " >&6;} -if test -n "$ac_trousers_lib";then -{ $as_echo "$as_me:${as_lineno-$LINENO}: - TPM library: $ac_trousers_lib -" >&5 -$as_echo "$as_me: - TPM library: $ac_trousers_lib -" >&6;} -fi { $as_echo "$as_me:${as_lineno-$LINENO}: Optional features: (note that included applications might not compile properly @@ -53947,9 +52961,9 @@ if features are disabled) PSK support: $ac_enable_psk DHE support: $ac_enable_dhe ECDHE support: $ac_enable_ecdhe + RSA-EXPORT support: $ac_enable_rsa_export Anon auth support: $ac_enable_anon Heartbeat support: $ac_enable_heartbeat - IDNA support: $with_libidn Unicode support: $ac_have_unicode Self checks: $enable_self_checks Non-SuiteB curves: $enable_non_suiteb @@ -53968,9 +52982,9 @@ if features are disabled) PSK support: $ac_enable_psk DHE support: $ac_enable_dhe ECDHE support: $ac_enable_ecdhe + RSA-EXPORT support: $ac_enable_rsa_export Anon auth support: $ac_enable_anon Heartbeat support: $ac_enable_heartbeat - IDNA support: $with_libidn Unicode support: $ac_have_unicode Self checks: $enable_self_checks Non-SuiteB curves: $enable_non_suiteb @@ -53979,11 +52993,11 @@ if features are disabled) { $as_echo "$as_me:${as_lineno-$LINENO}: Optional applications: - crywrap app: $crywrap + crywrap app: $libidn " >&5 $as_echo "$as_me: Optional applications: - crywrap app: $crywrap + crywrap app: $libidn " >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: Optional libraries: @@ -54004,7 +53018,6 @@ $as_echo "$as_me: Optional libraries: { $as_echo "$as_me:${as_lineno-$LINENO}: System files: Trust store pkcs11: $with_default_trust_store_pkcs11 - Trust store dir: $with_default_trust_store_dir Trust store file: $with_default_trust_store_file Blacklist file: $with_default_blacklist_file CRL file: $with_default_crl_file @@ -54014,7 +53027,6 @@ $as_echo "$as_me: Optional libraries: $as_echo "$as_me: System files: Trust store pkcs11: $with_default_trust_store_pkcs11 - Trust store dir: $with_default_trust_store_dir Trust store file: $with_default_trust_store_file Blacklist file: $with_default_blacklist_file CRL file: $with_default_crl_file diff --git a/configure.ac b/configure.ac index d1a9a02..25796ca 100644 --- a/configure.ac +++ b/configure.ac @@ -21,12 +21,12 @@ dnl Process this file with autoconf to produce a configure script. # USA AC_PREREQ(2.61) -AC_INIT([GnuTLS], [3.4.11], [bugs@gnutls.org]) +AC_INIT([GnuTLS], [3.3.5], [bugs@gnutls.org]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIR([m4]) AC_CANONICAL_HOST -AM_INIT_AUTOMAKE([1.12.2 subdir-objects no-dist-gzip dist-xz -Wall -Wno-override]) +AM_INIT_AUTOMAKE([1.12.2 subdir-objects no-dist-gzip dist-xz dist-lzip -Wall -Wno-override]) m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) AC_CONFIG_HEADERS([config.h]) @@ -35,7 +35,6 @@ AC_MSG_RESULT([*** ]) dnl Checks for programs. -PKG_PROG_PKG_CONFIG AC_PROG_CC gl_EARLY ggl_EARLY @@ -44,28 +43,14 @@ AM_PROG_AR AC_PROG_CXX AM_PROG_CC_C_O AC_PROG_YACC -AC_PROG_SED +AC_CHECK_PROG([AUTOGEN], [autogen], [autogen], [/bin/true]) -AC_ARG_ENABLE(doc, - AS_HELP_STRING([--disable-doc], [don't generate any documentation]), - enable_doc=$enableval, enable_doc=yes) -AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no") - -AC_ARG_ENABLE(tools, - AS_HELP_STRING([--disable-tools], [don't compile any tools]), - enable_tools=$enableval, enable_tools=yes) -AM_CONDITIONAL(ENABLE_TOOLS, test "$enable_tools" != "no") - -if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then - AC_CHECK_PROG([AUTOGEN], [autogen], [autogen], [/bin/true]) - - if test x"$AUTOGEN" = "x/bin/true"; then - AC_MSG_WARN([[ +if test x"$AUTOGEN" = "x/bin/true"; then + AC_MSG_WARN([[ *** *** autogen not found. Will not link against libopts. *** ]]) - included_libopts=yes - fi +enable_local_libopts=yes fi # For includes/gnutls/gnutls.h.in. @@ -89,34 +74,21 @@ if test "$use_cxx" != "no"; then AC_LANG_POP(C++) fi AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no") +AM_CONDITIONAL(WANT_TEST_SUITE, [test -f tests/suite/mini-eagain2.c]) dnl Detect windows build -use_accel=yes case "$host" in - *android*) - have_android=yes - have_elf=yes - ;; *mingw32* | *mingw64*) have_win=yes ;; *darwin*) have_macosx=yes ;; - *solaris*) - use_accel=no - AC_MSG_WARN([[ -*** -*** In solaris hardware acceleration is disabled by default due to issues -*** with the assembler. Use --enable-hardware-acceleration to enable it. -*** ]]) - ;; *) have_elf=yes ;; esac -AM_CONDITIONAL(ANDROID, test "$have_android" = yes) AM_CONDITIONAL(WINDOWS, test "$have_win" = yes) AM_CONDITIONAL(MACOSX, test "$have_macosx" = yes) AM_CONDITIONAL(ELF, test "$have_elf" = yes) @@ -124,11 +96,10 @@ AM_CONDITIONAL(ELF, test "$have_elf" = yes) dnl Hardware Acceleration AC_ARG_ENABLE(hardware-acceleration, AS_HELP_STRING([--disable-hardware-acceleration], [unconditionally disable hardware acceleration]), - use_accel=$enableval) + use_accel=$enableval, use_accel=yes) hw_accel=none -use_padlock=no if test "$use_accel" != "no"; then case $host_cpu in i?86 | x86_64 | amd64) @@ -138,7 +109,6 @@ case $host_cpu in else hw_accel="x86" fi - use_padlock=yes ;; *) ;; @@ -146,91 +116,38 @@ esac fi -AC_ARG_ENABLE(padlock, - AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]), - use_padlock=$enableval) - -if test "$use_padlock" != "no"; then - AC_DEFINE([ENABLE_PADLOCK], 1, [Enable padlock acceleration]) - AC_SUBST([ENABLE_PADLOCK]) -fi -AM_CONDITIONAL(ENABLE_PADLOCK, test "$use_padlock" = "yes") AM_CONDITIONAL(ASM_X86_64, test x"$hw_accel" = x"x86-64") AM_CONDITIONAL(ASM_X86_32, test x"$hw_accel" = x"x86") AM_CONDITIONAL(ASM_X86, test x"$hw_accel" = x"x86" || test x"$hw_accel" = x"x86-64") AM_CONDITIONAL(HAVE_GCC_GNU89_INLINE_OPTION, test "$gnu89_inline" = "yes"]) AM_CONDITIONAL(HAVE_GCC, test "$GCC" = "yes") -dnl check for getrandom() -enable_getrandom=no -AC_MSG_CHECKING([for getrandom]) -AC_LINK_IFELSE([AC_LANG_PROGRAM([ - #include ],[ - getrandom(0, 0, 0); - ])], - [AC_MSG_RESULT(yes) - AC_DEFINE([HAVE_LINUX_GETRANDOM], 1, [Enable the Linux getrandom function]) - enable_getrandom=getrandom], - [AC_MSG_RESULT(no)]) - -AC_MSG_CHECKING([for getentropy]) -AC_LINK_IFELSE([AC_LANG_PROGRAM([ - #include ],[ - getentropy(0, 0); - ])], - [AC_MSG_RESULT(yes) - AC_DEFINE([HAVE_GETENTROPY], 1, [Enable the OpenBSD getentropy function]) - enable_getrandom=getentropy], - [AC_MSG_RESULT(no)]) dnl Try the hooks.m4 LIBGNUTLS_HOOKS LIBGNUTLS_EXTRA_HOOKS +AC_ARG_ENABLE(doc, + AS_HELP_STRING([--disable-doc], [don't generate any documentation]), + enable_doc=$enableval, enable_doc=yes) +AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no") + AC_ARG_ENABLE(tests, AS_HELP_STRING([--disable-tests], [don't compile or run any tests]), - enable_tests=$enableval, enable_tests=$enable_tools) -if test "$enable_tests" = "yes" && test "$enable_tools" = "no"; then - true #AC_MSG_ERROR([Cannot enable tests while disabling tools]) -fi + enable_tests=$enableval, enable_tests=yes) AM_CONDITIONAL(ENABLE_TESTS, test "$enable_tests" != "no") GTK_DOC_CHECK(1.1) AM_GNU_GETTEXT([external]) -AM_GNU_GETTEXT_VERSION([0.19]) +AM_GNU_GETTEXT_VERSION([0.18]) AC_C_BIGENDIAN dnl No fork on MinGW, disable some self-tests until we fix them. dnl Check clock_gettime and pthread_mutex_lock in libc (avoid linking to other libs) -AC_CHECK_FUNCS([fork inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid clock_gettime iconv localtime vasprintf],,) -if test "$ac_cv_func_vasprintf" != "yes";then - AC_MSG_CHECKING([for va_copy]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([ - #include - va_list a;],[ - va_list b; - va_copy(b,a); - va_end(b);])], - [AC_DEFINE(HAVE_VA_COPY, 1, [Have va_copy()]) - AC_MSG_RESULT(va_copy)], - [AC_LINK_IFELSE([AC_LANG_PROGRAM([ - #include - va_list a;],[ - va_list b; - __va_copy(b,a); - va_end(b);])], - [AC_DEFINE(HAVE___VA_COPY, 1, [Have __va_copy()]) - AC_MSG_RESULT(__va_copy)], - [AC_MSG_RESULT(no) - AC_MSG_ERROR([Your system lacks vasprintf() and va_copy()])]) - ]) -fi - +AC_CHECK_FUNCS([fork getrusage getpwuid_r nanosleep daemon getpid clock_gettime iconv localtime vasprintf],,) AM_CONDITIONAL(HAVE_FORK, test "$ac_cv_func_fork" != "no") -AC_CHECK_FUNCS([__register_atfork],,) - AC_LIB_HAVE_LINKFLAGS(rt,, [#include #include ], [timer_create (0,0,0);]) @@ -247,10 +164,6 @@ if test "$ac_cv_func_nanosleep" != "yes";then gnutls_needs_librt=yes fi -if test "$ac_cv_func_inet_pton" != "yes";then - AC_LIB_HAVE_LINKFLAGS(nsl,, [#include ], [inet_pton(0,0,0);]) -fi - if test "$ac_cv_func_clock_gettime" != "yes";then AC_LIB_HAVE_LINKFLAGS(rt,, [#include ], [clock_gettime (0, 0);]) gnutls_needs_librt=yes @@ -272,13 +185,6 @@ if test "$ac_have_unicode" != "yes";then fi fi -SUITE_FILE="${srcdir}/tests/suite/mini-eagain2.c" -if test -f "$SUITE_FILE";then - can_do_valgrind_tests=yes -else - can_do_valgrind_tests=no -fi - dnl Note that g*l_INIT are run after we check for library capabilities, dnl to prevent issues from caching lib dependencies. See discussion dnl in https://bugs.gentoo.org/show_bug.cgi?id=494940 and @@ -286,42 +192,43 @@ dnl http://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettim gl_INIT ggl_INIT -if test "$can_do_valgrind_tests" != "yes";then - VALGRIND="" - AC_SUBST(VALGRIND, []) - opt_valgrind_tests=no -fi - -AM_CONDITIONAL(WANT_TEST_SUITE, [test "$opt_valgrind_tests" != no]) - dnl GCC warnings to enable AC_ARG_ENABLE([gcc-warnings], - [AS_HELP_STRING([--disable-gcc-warnings], - [turn off lots of GCC warnings (for developers)])], + [AS_HELP_STRING([--enable-gcc-warnings], + [turn on lots of GCC warnings (for developers)])], [case $enableval in yes|no) ;; *) AC_MSG_ERROR([bad value $enableval for gcc-warnings option]) ;; esac gl_gcc_warnings=$enableval], - [gl_gcc_warnings=yes] + [gl_gcc_warnings=no] ) if test "$gl_gcc_warnings" = yes; then - gl_WARN_ADD([-Wframe-larger-than=2048], [WSTACK_CFLAGS]) + gl_WARN_ADD([-Wframe-larger-than=1024], [WSTACK_CFLAGS]) nw="$nw -Wsystem-headers" # Don't let system headers trigger warnings nw="$nw -Wc++-compat" # We don't care about C++ compilers nw="$nw -Wundef" # Warns on '#if GNULIB_FOO' etc in gnulib nw="$nw -Wtraditional" # Warns on #elif which we use often + nw="$nw -Wlogical-op" # Too many false positives + nw="$nw -Wold-style-definition" # nw="$nw -Wpadded" # Our structs are not padded + nw="$nw -Wunreachable-code" # Too many false positives nw="$nw -Wtraditional-conversion" # Too many warnings for now + nw="$nw -Wcast-qual" # Too many warnings for now + nw="$nw -Waggregate-return" # Too many warnings for now + nw="$nw -Wshadow" # Too many warnings for now nw="$nw -Wswitch-default" # Too many warnings for now + nw="$nw -Wswitch-enum" # Too many warnings for now + nw="$nw -Wconversion" # Too many warnings for now + nw="$nw -Wsign-conversion" # Too many warnings for now nw="$nw -Wformat-y2k" # Too many warnings for now nw="$nw -Woverlength-strings" # We use some in tests/ nw="$nw -Wvla" # There is no point to avoid C99 variable length arrays nw="$nw -Wformat-nonliteral" # Incompatible with gettext _() - nw="$nw -Wformat-signedness" # Too many to handle + nw="$nw -Wunsafe-loop-optimizations" nw="$nw -Wstrict-overflow" nw="$nw -Wmissing-noreturn" nw="$nw -Winline" # Too compiler dependent @@ -383,45 +290,12 @@ if [ test "$enable_fips" = "yes" ];then fi fi -AC_ARG_WITH(idn, AS_HELP_STRING([--without-idn], - [disable support for libidn]), - try_libidn="$withval", - try_libidn=yes) - -if test "$try_libidn" = yes;then -PKG_CHECK_MODULES(LIBIDN, libidn >= 0.5.6, [with_libidn=yes], [with_libidn=no]) -if test "$with_libidn" != "no";then - if ! $PKG_CONFIG --atleast-version=1.31 libidn; then - with_buggy_libidn=yes - fi - - AC_DEFINE([HAVE_LIBIDN], 1, [Build IDNA support]) - if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then - GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn" - else - GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn" - fi -else - with_libidn=no - AC_MSG_WARN([[ -*** -*** libidn was not found. IDNA support will be disabled. -*** ]]) -fi -else - with_libidn=no -fi - -AM_CONDITIONAL(HAVE_LIBIDN, test "$with_libidn" != "no") -AM_CONDITIONAL(HAVE_BUGGY_LIBIDN, test "$with_buggy_libidn" = "yes") - AC_ARG_ENABLE(non-suiteb-curves, AS_HELP_STRING([--disable-non-suiteb-curves], [disable curves not in SuiteB]), enable_non_suiteb=$enableval, enable_non_suiteb=yes) if [ test "$enable_non_suiteb" = "yes" ];then AC_DEFINE([ENABLE_NON_SUITEB_CURVES], 1, [Enable all curves]) fi -AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes") AM_CONDITIONAL(ENABLE_SELF_CHECKS, test "$enable_self_checks" = "yes") if [ test "$enable_self_checks" = "yes" ];then @@ -467,11 +341,7 @@ else if test -f /var/lib/unbound/root.key;then unbound_root_key_file="/var/lib/unbound/root.key" else - if test -f /usr/share/dns/root.key;then - unbound_root_key_file="/usr/share/dns/root.key" - else - unbound_root_key_file="/etc/unbound/root.key" - fi + unbound_root_key_file="/etc/unbound/root.key" fi fi ) @@ -488,9 +358,8 @@ system_priority_file="/etc/gnutls/default-priorities" AC_DEFINE_UNQUOTED([SYSTEM_PRIORITY_FILE], ["$system_priority_file"], [The system priority file]) - dnl Check for p11-kit -P11_KIT_MINIMUM=0.23.1 +P11_KIT_MINIMUM=0.20.0 AC_ARG_WITH(p11-kit, AS_HELP_STRING([--without-p11-kit], [Build without p11-kit and PKCS#11 support])) @@ -505,11 +374,10 @@ if test "$with_p11_kit" != "no"; then fi else with_p11_kit=no - AC_MSG_ERROR([[ + AC_MSG_WARN([[ *** -*** p11-kit >= $P11_KIT_MINIMUM was not found. To disable PKCS #11 support -*** use --without-p11-kit, otherwise you may get p11-kit from -*** http://p11-glue.freedesktop.org/p11-kit.html +*** p11-kit >= $P11_KIT_MINIMUM was not found. PKCS #11 support will be disabled. +*** You may get it from http://p11-glue.freedesktop.org/p11-kit.html *** ]]) fi fi @@ -544,47 +412,26 @@ fi AM_CONDITIONAL(ENABLE_TROUSERS, test "$with_tpm" != "no") -if test -f "/usr/lib64/libtspi.so.1";then -default_trousers_lib="/usr/lib64/libtspi.so.1" -else -default_trousers_lib="/usr/lib/libtspi.so.1" -fi - -AC_ARG_WITH(trousers-lib, AS_HELP_STRING([--with-trousers-lib=LIB], - [set the location of the trousers library]), - ac_trousers_lib=$withval, ac_trousers_lib=$default_trousers_lib) - -AC_DEFINE_UNQUOTED(TROUSERS_LIB, ["$ac_trousers_lib"], [the location of the trousers library]) -AC_SUBST(TROUSERS_LIB) - -included_libopts=no -if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then - LIBOPTS_CHECK([src/libopts]) - if test "$NEED_LIBOPTS_DIR" = "true";then - dnl replace libopts-generated files with distributed backups, if present - missing_baks= - for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do - nam=`echo $i|sed 's/.bak//g'` - if test -f $i;then - cp -f $i $nam - else - missing_baks=true - fi - done - if test -z "$missing_baks"; then - AC_SUBST([AUTOGEN], [/bin/true]) +LIBOPTS_CHECK([src/libopts]) +if test "$NEED_LIBOPTS_DIR" = "true";then + dnl replace libopts-generated files with distributed backups, if present + missing_baks= + for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do + nam=`echo $i|sed 's/.bak//g'` + if test -f $i;then + cp -f $i $nam + else + missing_baks=true fi - included_libopts=yes + done + if test -z "$missing_baks"; then + AC_SUBST([AUTOGEN], [/bin/true]) fi + enable_local_libopts=yes else - # Need to ensure the relevant conditionals get set - gl_STDNORETURN_H - AM_CONDITIONAL([INSTALL_LIBOPTS],[false]) - AM_CONDITIONAL([NEED_LIBOPTS], [false]) - included_libopts=yes + enable_local_libopts=no fi - -AM_CONDITIONAL(NEED_LIBOPTS, test "$included_libopts" = "yes") +AM_CONDITIONAL(NEED_LIBOPTS, test "$enable_local_libopts" = "yes") AC_CHECK_TYPE(ssize_t, [ @@ -645,20 +492,11 @@ if test "x$with_default_trust_store_pkcs11" != x; then ["$with_default_trust_store_pkcs11"], [use the given pkcs11 uri as default trust store]) fi -AC_ARG_WITH([default-trust-store-dir], - [AS_HELP_STRING([--with-default-trust-store-dir=DIR], - [use the given directory as default trust store])]) - -if test "x$with_default_trust_store_dir" != x; then - AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR], - ["$with_default_trust_store_dir"], [use the given directory as default trust store]) -fi - dnl auto detect http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html AC_ARG_WITH([default-trust-store-file], [AS_HELP_STRING([--with-default-trust-store-file=FILE], [use the given file default trust store])], with_default_trust_store_file="$withval", - [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x;then + [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x;then for i in \ /etc/ssl/ca-bundle.pem \ /etc/ssl/certs/ca-certificates.crt \ @@ -834,12 +672,15 @@ AC_CHECK_FUNCS([alarm atexit dup2 epoll_create kqueue memchr memset munmap \ AC_ARG_ENABLE(crywrap, AS_HELP_STRING([--disable-crywrap], [unconditionally disable the crywrap TLS proxy service])) + libidn=no if test "x$enable_crywrap" != "xno" ; then - AC_CHECK_FUNCS([argp_usage],[ac_argp=yes],[ac_argp=no]) - if test "$ac_cv_func_daemon" != "no" && test "$ac_argp" != "no" && test "$with_libidn" != "no";then - crywrap=yes - fi + PKG_CHECK_MODULES(LIBIDN, libidn >= 0.0.0, [libidn=yes], [libidn=no]) + AC_CHECK_FUNCS([argp_usage],[ac_argp=yes],[ac_argp=no]) + fi + + if test "x$libidn" != "xno" && test "$ac_cv_func_daemon" != "no" && test "$ac_argp" != "no";then + crywrap=yes fi fi @@ -921,6 +762,7 @@ AC_CONFIG_FILES([ AC_OUTPUT dnl Warning flags: errors: ${WERROR_CFLAGS} warnings: ${WARN_CFLAGS} +dnl Valgrind: $opt_valgrind_tests ${VALGRIND} AC_MSG_NOTICE([summary of build options: version: ${VERSION} shared $LT_CURRENT:$LT_REVISION:$LT_AGE @@ -928,10 +770,9 @@ AC_MSG_NOTICE([summary of build options: Build system: ${build} Install prefix: ${prefix} Compiler: ${CC} - Valgrind: $opt_valgrind_tests ${VALGRIND} CFlags: ${CFLAGS} Library types: Shared=${enable_shared}, Static=${enable_static} - Local libopts: ${included_libopts} + Local libopts: ${enable_local_libopts} Local libtasn1: ${included_libtasn1} Use nettle-mini: ${mini_nettle} ]) @@ -940,16 +781,9 @@ AC_MSG_NOTICE([External hardware support: /dev/crypto: $enable_cryptodev Hardware accel: $hw_accel - Padlock accel: $use_padlock - getrandom variant: $enable_getrandom PKCS#11 support: $with_p11_kit TPM support: $with_tpm ]) -if test -n "$ac_trousers_lib";then -AC_MSG_NOTICE([ - TPM library: $ac_trousers_lib -]) -fi AC_MSG_NOTICE([Optional features: (note that included applications might not compile properly @@ -964,9 +798,9 @@ if features are disabled) PSK support: $ac_enable_psk DHE support: $ac_enable_dhe ECDHE support: $ac_enable_ecdhe + RSA-EXPORT support: $ac_enable_rsa_export Anon auth support: $ac_enable_anon Heartbeat support: $ac_enable_heartbeat - IDNA support: $with_libidn Unicode support: $ac_have_unicode Self checks: $enable_self_checks Non-SuiteB curves: $enable_non_suiteb @@ -975,7 +809,7 @@ if features are disabled) AC_MSG_NOTICE([Optional applications: - crywrap app: $crywrap + crywrap app: $libidn ]) AC_MSG_NOTICE([Optional libraries: @@ -989,7 +823,6 @@ AC_MSG_NOTICE([Optional libraries: AC_MSG_NOTICE([System files: Trust store pkcs11: $with_default_trust_store_pkcs11 - Trust store dir: $with_default_trust_store_dir Trust store file: $with_default_trust_store_file Blacklist file: $with_default_blacklist_file CRL file: $with_default_crl_file diff --git a/doc/Makefile.am b/doc/Makefile.am index 69ed5e7..d132751 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -32,7 +32,7 @@ endif -include $(top_srcdir)/doc/doc.mk invoke-gnutls-cli.texi: $(top_srcdir)/src/cli-args.def - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -L$(top_srcdir)/src -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -40,7 +40,7 @@ invoke-gnutls-cli.texi: $(top_srcdir)/src/cli-args.def mv -f $@.tmp $@ invoke-gnutls-cli-debug.texi: $(top_srcdir)/src/cli-debug-args.def invoke-gnutls-cli.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -48,7 +48,7 @@ invoke-gnutls-cli-debug.texi: $(top_srcdir)/src/cli-debug-args.def invoke-gnutls mv -f $@.tmp $@ invoke-gnutls-serv.texi: $(top_srcdir)/src/serv-args.def invoke-gnutls-cli-debug.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -56,79 +56,79 @@ invoke-gnutls-serv.texi: $(top_srcdir)/src/serv-args.def invoke-gnutls-cli-debug mv -f $@.tmp $@ invoke-certtool.texi: $(top_srcdir)/src/certtool-args.def invoke-gnutls-serv.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ rm -f $@ && \ - $(SED) -e 's/@subheading/@subsubheading/g' \ + sed -e 's/@subheading/@subsubheading/g' \ -e 's/@section/@subsection/g' $@.tmp > $@ && \ rm -f $@.tmp invoke-ocsptool.texi: $(top_srcdir)/src/ocsptool-args.def invoke-certtool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ rm -f $@ && \ - $(SED) -e 's/@subheading/@subsubheading/g' \ + sed -e 's/@subheading/@subsubheading/g' \ -e 's/@section/@subsection/g' $@.tmp > $@ && \ rm -f $@.tmp invoke-danetool.texi: $(top_srcdir)/src/danetool-args.def invoke-ocsptool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ rm -f $@ && \ - $(SED) -e 's/@subheading/@subsubheading/g' \ + sed -e 's/@subheading/@subsubheading/g' \ -e 's/@section/@subsection/g' $@.tmp > $@ && \ rm -f $@.tmp invoke-srptool.texi: $(top_srcdir)/src/srptool-args.def invoke-danetool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ rm -f $@ && \ - $(SED) -e 's/@subheading/@subsubheading/g' \ + sed -e 's/@subheading/@subsubheading/g' \ -e 's/@section/@subsubsection/g' $@.tmp > $@ && \ rm -f $@.tmp invoke-psktool.texi: $(top_srcdir)/src/psktool-args.def invoke-srptool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ rm -f $@ && \ - $(SED) -e 's/@subheading/@subsubheading/g' \ + sed -e 's/@subheading/@subsubheading/g' \ -e 's/@section/@subsubsection/g' $@.tmp > $@ && \ rm -f $@.tmp invoke-p11tool.texi: $(top_srcdir)/src/p11tool-args.def invoke-psktool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ rm -f $@ && \ - $(SED) -e 's/@subheading/@subsection/g' \ + sed -e 's/@subheading/@subsubheading/g' \ -e 's/@section/@subsection/g' $@.tmp > $@ && \ rm -f $@.tmp invoke-tpmtool.texi: $(top_srcdir)/src/tpmtool-args.def invoke-p11tool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ rm -f $@ && \ - $(SED) -e 's/@subheading/@subsection/g' \ + sed -e 's/@subheading/@subsubheading/g' \ -e 's/@section/@subsection/g' $@.tmp > $@ && \ rm -f $@.tmp @@ -202,8 +202,7 @@ MAINTAINERCLEANFILES = API_FILES=gnutls-api.texi x509-api.texi pgp-api.texi pkcs12-api.texi \ tpm-api.texi pkcs11-api.texi abstract-api.texi compat-api.texi \ - dtls-api.texi crypto-api.texi ocsp-api.texi tpm-api.texi dane-api.texi \ - pkcs7-api.texi + dtls-api.texi crypto-api.texi ocsp-api.texi tpm-api.texi dane-api.texi clean-local: -rm -f stamp_enums stamp_functions @@ -267,7 +266,7 @@ pkcs12-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs12.h echo $(ECHO_N) "Creating documentation for $$i... " && \ $(srcdir)/scripts/gdoc -texinfo \ -function $$i \ - $(C_X509_SOURCE_FILES) >> $@-tmp 2>/dev/null && \ + $(C_SOURCE_FILES) >> $@-tmp 2>/dev/null && \ echo "ok"; \ done mv -f $@-tmp $@ @@ -283,17 +282,6 @@ pkcs11-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs11.h done mv -f $@-tmp $@ -pkcs7-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs7.h - echo "" > $@-tmp - for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ - echo $(ECHO_N) "Creating documentation for $$i... " && \ - $(srcdir)/scripts/gdoc -texinfo \ - -function $$i \ - $(C_X509_SOURCE_FILES) >> $@-tmp 2>/dev/null && \ - echo "ok"; \ - done - mv -f $@-tmp $@ - tpm-api.texi: $(top_srcdir)/lib/includes/gnutls/tpm.h echo "" > $@-tmp for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ @@ -305,17 +293,15 @@ tpm-api.texi: $(top_srcdir)/lib/includes/gnutls/tpm.h done mv -f $@-tmp $@ -abstract-api.texi: $(top_srcdir)/lib/includes/gnutls/abstract.h $(top_srcdir)/lib/includes/gnutls/urls.h $(top_srcdir)/lib/includes/gnutls/system-keys.h +abstract-api.texi: $(top_srcdir)/lib/includes/gnutls/abstract.h echo "" > $@-tmp - cat $^ >$@-headers-tmp - for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $@-headers-tmp |sort|uniq`; do \ + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ echo $(ECHO_N) "Creating documentation for $$i... " && \ $(srcdir)/scripts/gdoc -texinfo \ -function $$i \ $(C_SOURCE_FILES) >> $@-tmp 2>/dev/null && \ echo "ok"; \ done - rm -f $@-headers-tmp mv -f $@-tmp $@ compat-api.texi: $(top_srcdir)/lib/includes/gnutls/compat.h @@ -357,7 +343,7 @@ ocsp-api.texi: $(top_srcdir)/lib/includes/gnutls/ocsp.h echo $(ECHO_N) "Creating documentation for $$i... " && \ $(srcdir)/scripts/gdoc -texinfo \ -function $$i \ - $(C_X509_SOURCE_FILES) >> $@-tmp 2>/dev/null && \ + $(C_SOURCE_FILES) >> $@-tmp 2>/dev/null && \ echo "ok"; \ done mv -f $@-tmp $@ @@ -419,9 +405,9 @@ stamp_functions: $(API_FILES) for i in $^; do \ $(srcdir)/scripts/split-texi.pl functions < $$i; \ done - $(SED) -i 's/\@anchor{.*//g' functions/* - $(SED) -i 's/\@subheading.*//g' functions/* - cd functions && for i in *;do grep ^"@deftypefun" $$i | $(SED) 's/@deftypefun/@item/g;s/ {/ @var{/;s/ {/ @ref{/' > ../functions/$$i.short;done + sed -i 's/\@anchor{.*//g' functions/* + sed -i 's/\@subheading.*//g' functions/* + cd functions && for i in *;do grep ^"@deftypefun" $$i | sed 's/@deftypefun/@item/g;s/ {/ @var{/;s/ {/ @ref{/' > ../functions/$$i.short;done echo $@ > $@ stamp_enums: enums.texi @@ -452,7 +438,7 @@ compare-makefile: enums.texi @echo "******************************************************************************" @echo "If the following step fails copy $(srcdir)/doc/tmp-compare-makefile to doc/Makefile.am" @echo "******************************************************************************" - ENUMS=`grep '^@c ' $< | $(SED) 's/@c //g' | sort -d`; \ + ENUMS=`grep '^@c ' $< | sed 's/@c //g' | sort -d`; \ STR=""; \ for i in $$ENUMS; do \ STR="$$STR\nENUMS += enums/$$i"; \ @@ -467,7 +453,7 @@ compare-makefile: enums.texi MANS="$$MANS\nFUNCS += functions/$$i\nFUNCS += functions/$$i.short"; \ done; \ grep -v -e '^FUNCS += ' $(srcdir)/Makefile.am > tmp-$@; \ - echo "\"s,^FUNCS =,FUNCS =$$MANS,\" -i tmp-$@"|xargs $(SED) + echo "\"s,^FUNCS =,FUNCS =$$MANS,\" -i tmp-$@"|xargs sed @echo "******************************************************************************" @echo "If the following step fails copy $(srcdir)/doc/tmp-compare-makefile to doc/Makefile.am" @echo "******************************************************************************" @@ -512,7 +498,7 @@ endif !HAVE_GUILE gnutls.xml: epub.texi makeinfo --docbook $< - $(SED) -i 's/\&\#8226;//g' $@ + sed -i 's/\&\#8226;//g' $@ gnutls.epub: gnutls.xml dbtoepub $< @@ -528,7 +514,6 @@ ENUMS += enums/dane_verify_flags_t ENUMS += enums/dane_verify_status_t ENUMS += enums/gnutls_alert_description_t ENUMS += enums/gnutls_alert_level_t -ENUMS += enums/gnutls_certificate_flags ENUMS += enums/gnutls_certificate_import_flags ENUMS += enums/gnutls_certificate_print_formats_t ENUMS += enums/gnutls_certificate_request_t @@ -543,9 +528,7 @@ ENUMS += enums/gnutls_compression_method_t ENUMS += enums/gnutls_credentials_type_t ENUMS += enums/gnutls_digest_algorithm_t ENUMS += enums/gnutls_ecc_curve_t -ENUMS += enums/gnutls_ext_parse_type_t ENUMS += enums/gnutls_handshake_description_t -ENUMS += enums/gnutls_keyid_flags_t ENUMS += enums/gnutls_kx_algorithm_t ENUMS += enums/gnutls_mac_algorithm_t ENUMS += enums/gnutls_ocsp_cert_status_t @@ -557,13 +540,12 @@ ENUMS += enums/gnutls_openpgp_crt_status_t ENUMS += enums/gnutls_params_type_t ENUMS += enums/gnutls_pin_flag_t ENUMS += enums/gnutls_pk_algorithm_t -ENUMS += enums/gnutls_pkcs11_obj_flags +ENUMS += enums/gnutls_pkcs11_obj_attr_t ENUMS += enums/gnutls_pkcs11_obj_info_t ENUMS += enums/gnutls_pkcs11_obj_type_t ENUMS += enums/gnutls_pkcs11_token_info_t ENUMS += enums/gnutls_pkcs11_url_type_t ENUMS += enums/gnutls_pkcs12_bag_type_t -ENUMS += enums/gnutls_pkcs7_sign_flags ENUMS += enums/gnutls_pkcs_encrypt_flags_t ENUMS += enums/gnutls_privkey_flags_t ENUMS += enums/gnutls_privkey_type_t @@ -599,8 +581,6 @@ FUNCS += functions/dane_query_status FUNCS += functions/dane_query_status.short FUNCS += functions/dane_query_tlsa FUNCS += functions/dane_query_tlsa.short -FUNCS += functions/dane_query_to_raw_tlsa -FUNCS += functions/dane_query_to_raw_tlsa.short FUNCS += functions/dane_raw_tlsa FUNCS += functions/dane_raw_tlsa.short FUNCS += functions/dane_state_deinit @@ -619,14 +599,6 @@ FUNCS += functions/dane_verify_crt_raw FUNCS += functions/dane_verify_crt_raw.short FUNCS += functions/dane_verify_session_crt FUNCS += functions/dane_verify_session_crt.short -FUNCS += functions/gnutls_aead_cipher_decrypt -FUNCS += functions/gnutls_aead_cipher_decrypt.short -FUNCS += functions/gnutls_aead_cipher_deinit -FUNCS += functions/gnutls_aead_cipher_deinit.short -FUNCS += functions/gnutls_aead_cipher_encrypt -FUNCS += functions/gnutls_aead_cipher_encrypt.short -FUNCS += functions/gnutls_aead_cipher_init -FUNCS += functions/gnutls_aead_cipher_init.short FUNCS += functions/gnutls_alert_get FUNCS += functions/gnutls_alert_get.short FUNCS += functions/gnutls_alert_get_name @@ -661,8 +633,6 @@ FUNCS += functions/gnutls_auth_get_type FUNCS += functions/gnutls_auth_get_type.short FUNCS += functions/gnutls_auth_server_get_type FUNCS += functions/gnutls_auth_server_get_type.short -FUNCS += functions/gnutls_buffer_append_data -FUNCS += functions/gnutls_buffer_append_data.short FUNCS += functions/gnutls_bye FUNCS += functions/gnutls_bye.short FUNCS += functions/gnutls_certificate_activation_time_peers @@ -671,6 +641,8 @@ FUNCS += functions/gnutls_certificate_allocate_credentials FUNCS += functions/gnutls_certificate_allocate_credentials.short FUNCS += functions/gnutls_certificate_client_get_request_status FUNCS += functions/gnutls_certificate_client_get_request_status.short +FUNCS += functions/gnutls_certificate_client_set_retrieve_function +FUNCS += functions/gnutls_certificate_client_set_retrieve_function.short FUNCS += functions/gnutls_certificate_expiration_time_peers FUNCS += functions/gnutls_certificate_expiration_time_peers.short FUNCS += functions/gnutls_certificate_free_ca_names @@ -687,32 +659,20 @@ FUNCS += functions/gnutls_certificate_get_crt_raw FUNCS += functions/gnutls_certificate_get_crt_raw.short FUNCS += functions/gnutls_certificate_get_issuer FUNCS += functions/gnutls_certificate_get_issuer.short -FUNCS += functions/gnutls_certificate_get_openpgp_crt -FUNCS += functions/gnutls_certificate_get_openpgp_crt.short -FUNCS += functions/gnutls_certificate_get_openpgp_key -FUNCS += functions/gnutls_certificate_get_openpgp_key.short FUNCS += functions/gnutls_certificate_get_ours FUNCS += functions/gnutls_certificate_get_ours.short FUNCS += functions/gnutls_certificate_get_peers FUNCS += functions/gnutls_certificate_get_peers.short FUNCS += functions/gnutls_certificate_get_peers_subkey_id FUNCS += functions/gnutls_certificate_get_peers_subkey_id.short -FUNCS += functions/gnutls_certificate_get_trust_list -FUNCS += functions/gnutls_certificate_get_trust_list.short -FUNCS += functions/gnutls_certificate_get_verify_flags -FUNCS += functions/gnutls_certificate_get_verify_flags.short -FUNCS += functions/gnutls_certificate_get_x509_crt -FUNCS += functions/gnutls_certificate_get_x509_crt.short -FUNCS += functions/gnutls_certificate_get_x509_key -FUNCS += functions/gnutls_certificate_get_x509_key.short FUNCS += functions/gnutls_certificate_send_x509_rdn_sequence FUNCS += functions/gnutls_certificate_send_x509_rdn_sequence.short FUNCS += functions/gnutls_certificate_server_set_request FUNCS += functions/gnutls_certificate_server_set_request.short +FUNCS += functions/gnutls_certificate_server_set_retrieve_function +FUNCS += functions/gnutls_certificate_server_set_retrieve_function.short FUNCS += functions/gnutls_certificate_set_dh_params FUNCS += functions/gnutls_certificate_set_dh_params.short -FUNCS += functions/gnutls_certificate_set_flags -FUNCS += functions/gnutls_certificate_set_flags.short FUNCS += functions/gnutls_certificate_set_key FUNCS += functions/gnutls_certificate_set_key.short FUNCS += functions/gnutls_certificate_set_ocsp_status_request_file @@ -741,6 +701,8 @@ FUNCS += functions/gnutls_certificate_set_retrieve_function FUNCS += functions/gnutls_certificate_set_retrieve_function.short FUNCS += functions/gnutls_certificate_set_retrieve_function2 FUNCS += functions/gnutls_certificate_set_retrieve_function2.short +FUNCS += functions/gnutls_certificate_set_rsa_export_params +FUNCS += functions/gnutls_certificate_set_rsa_export_params.short FUNCS += functions/gnutls_certificate_set_trust_list FUNCS += functions/gnutls_certificate_set_trust_list.short FUNCS += functions/gnutls_certificate_set_verify_flags @@ -773,8 +735,6 @@ FUNCS += functions/gnutls_certificate_set_x509_system_trust FUNCS += functions/gnutls_certificate_set_x509_system_trust.short FUNCS += functions/gnutls_certificate_set_x509_trust FUNCS += functions/gnutls_certificate_set_x509_trust.short -FUNCS += functions/gnutls_certificate_set_x509_trust_dir -FUNCS += functions/gnutls_certificate_set_x509_trust_dir.short FUNCS += functions/gnutls_certificate_set_x509_trust_file FUNCS += functions/gnutls_certificate_set_x509_trust_file.short FUNCS += functions/gnutls_certificate_set_x509_trust_mem @@ -787,6 +747,8 @@ FUNCS += functions/gnutls_certificate_type_get_name FUNCS += functions/gnutls_certificate_type_get_name.short FUNCS += functions/gnutls_certificate_type_list FUNCS += functions/gnutls_certificate_type_list.short +FUNCS += functions/gnutls_certificate_type_set_priority +FUNCS += functions/gnutls_certificate_type_set_priority.short FUNCS += functions/gnutls_certificate_verification_status_print FUNCS += functions/gnutls_certificate_verification_status_print.short FUNCS += functions/gnutls_certificate_verify_peers @@ -829,6 +791,8 @@ FUNCS += functions/gnutls_cipher_list FUNCS += functions/gnutls_cipher_list.short FUNCS += functions/gnutls_cipher_set_iv FUNCS += functions/gnutls_cipher_set_iv.short +FUNCS += functions/gnutls_cipher_set_priority +FUNCS += functions/gnutls_cipher_set_priority.short FUNCS += functions/gnutls_cipher_suite_get_name FUNCS += functions/gnutls_cipher_suite_get_name.short FUNCS += functions/gnutls_cipher_suite_info @@ -843,20 +807,14 @@ FUNCS += functions/gnutls_compression_get_name FUNCS += functions/gnutls_compression_get_name.short FUNCS += functions/gnutls_compression_list FUNCS += functions/gnutls_compression_list.short +FUNCS += functions/gnutls_compression_set_priority +FUNCS += functions/gnutls_compression_set_priority.short FUNCS += functions/gnutls_credentials_clear FUNCS += functions/gnutls_credentials_clear.short FUNCS += functions/gnutls_credentials_get FUNCS += functions/gnutls_credentials_get.short FUNCS += functions/gnutls_credentials_set FUNCS += functions/gnutls_credentials_set.short -FUNCS += functions/gnutls_crypto_register_aead_cipher -FUNCS += functions/gnutls_crypto_register_aead_cipher.short -FUNCS += functions/gnutls_crypto_register_cipher -FUNCS += functions/gnutls_crypto_register_cipher.short -FUNCS += functions/gnutls_crypto_register_digest -FUNCS += functions/gnutls_crypto_register_digest.short -FUNCS += functions/gnutls_crypto_register_mac -FUNCS += functions/gnutls_crypto_register_mac.short FUNCS += functions/gnutls_db_check_entry FUNCS += functions/gnutls_db_check_entry.short FUNCS += functions/gnutls_db_check_entry_time @@ -905,8 +863,6 @@ FUNCS += functions/gnutls_dh_params_import_pkcs3 FUNCS += functions/gnutls_dh_params_import_pkcs3.short FUNCS += functions/gnutls_dh_params_import_raw FUNCS += functions/gnutls_dh_params_import_raw.short -FUNCS += functions/gnutls_dh_params_import_raw2 -FUNCS += functions/gnutls_dh_params_import_raw2.short FUNCS += functions/gnutls_dh_params_init FUNCS += functions/gnutls_dh_params_init.short FUNCS += functions/gnutls_dh_set_prime_bits @@ -915,8 +871,6 @@ FUNCS += functions/gnutls_digest_get_id FUNCS += functions/gnutls_digest_get_id.short FUNCS += functions/gnutls_digest_get_name FUNCS += functions/gnutls_digest_get_name.short -FUNCS += functions/gnutls_digest_get_oid -FUNCS += functions/gnutls_digest_get_oid.short FUNCS += functions/gnutls_digest_list FUNCS += functions/gnutls_digest_list.short FUNCS += functions/gnutls_dtls_cookie_send @@ -939,12 +893,8 @@ FUNCS += functions/gnutls_dtls_set_timeouts FUNCS += functions/gnutls_dtls_set_timeouts.short FUNCS += functions/gnutls_ecc_curve_get FUNCS += functions/gnutls_ecc_curve_get.short -FUNCS += functions/gnutls_ecc_curve_get_id -FUNCS += functions/gnutls_ecc_curve_get_id.short FUNCS += functions/gnutls_ecc_curve_get_name FUNCS += functions/gnutls_ecc_curve_get_name.short -FUNCS += functions/gnutls_ecc_curve_get_oid -FUNCS += functions/gnutls_ecc_curve_get_oid.short FUNCS += functions/gnutls_ecc_curve_get_size FUNCS += functions/gnutls_ecc_curve_get_size.short FUNCS += functions/gnutls_ecc_curve_list @@ -955,12 +905,6 @@ FUNCS += functions/gnutls_error_to_alert FUNCS += functions/gnutls_error_to_alert.short FUNCS += functions/gnutls_est_record_overhead_size FUNCS += functions/gnutls_est_record_overhead_size.short -FUNCS += functions/gnutls_ext_get_data -FUNCS += functions/gnutls_ext_get_data.short -FUNCS += functions/gnutls_ext_register -FUNCS += functions/gnutls_ext_register.short -FUNCS += functions/gnutls_ext_set_data -FUNCS += functions/gnutls_ext_set_data.short FUNCS += functions/gnutls_fingerprint FUNCS += functions/gnutls_fingerprint.short FUNCS += functions/gnutls_fips140_mode_enabled @@ -1029,12 +973,8 @@ FUNCS += functions/gnutls_hex2bin FUNCS += functions/gnutls_hex2bin.short FUNCS += functions/gnutls_hex_decode FUNCS += functions/gnutls_hex_decode.short -FUNCS += functions/gnutls_hex_decode2 -FUNCS += functions/gnutls_hex_decode2.short FUNCS += functions/gnutls_hex_encode FUNCS += functions/gnutls_hex_encode.short -FUNCS += functions/gnutls_hex_encode2 -FUNCS += functions/gnutls_hex_encode2.short FUNCS += functions/gnutls_hmac FUNCS += functions/gnutls_hmac.short FUNCS += functions/gnutls_hmac_deinit @@ -1061,6 +1001,8 @@ FUNCS += functions/gnutls_kx_get_name FUNCS += functions/gnutls_kx_get_name.short FUNCS += functions/gnutls_kx_list FUNCS += functions/gnutls_kx_list.short +FUNCS += functions/gnutls_kx_set_priority +FUNCS += functions/gnutls_kx_set_priority.short FUNCS += functions/gnutls_load_file FUNCS += functions/gnutls_load_file.short FUNCS += functions/gnutls_mac_get @@ -1075,10 +1017,8 @@ FUNCS += functions/gnutls_mac_get_nonce_size FUNCS += functions/gnutls_mac_get_nonce_size.short FUNCS += functions/gnutls_mac_list FUNCS += functions/gnutls_mac_list.short -FUNCS += functions/gnutls_memcmp -FUNCS += functions/gnutls_memcmp.short -FUNCS += functions/gnutls_memset -FUNCS += functions/gnutls_memset.short +FUNCS += functions/gnutls_mac_set_priority +FUNCS += functions/gnutls_mac_set_priority.short FUNCS += functions/gnutls_ocsp_req_add_cert FUNCS += functions/gnutls_ocsp_req_add_cert.short FUNCS += functions/gnutls_ocsp_req_add_cert_id @@ -1123,8 +1063,6 @@ FUNCS += functions/gnutls_ocsp_resp_get_produced FUNCS += functions/gnutls_ocsp_resp_get_produced.short FUNCS += functions/gnutls_ocsp_resp_get_responder FUNCS += functions/gnutls_ocsp_resp_get_responder.short -FUNCS += functions/gnutls_ocsp_resp_get_responder_raw_id -FUNCS += functions/gnutls_ocsp_resp_get_responder_raw_id.short FUNCS += functions/gnutls_ocsp_resp_get_response FUNCS += functions/gnutls_ocsp_resp_get_response.short FUNCS += functions/gnutls_ocsp_resp_get_signature @@ -1153,16 +1091,6 @@ FUNCS += functions/gnutls_ocsp_status_request_get FUNCS += functions/gnutls_ocsp_status_request_get.short FUNCS += functions/gnutls_ocsp_status_request_is_checked FUNCS += functions/gnutls_ocsp_status_request_is_checked.short -FUNCS += functions/gnutls_oid_to_digest -FUNCS += functions/gnutls_oid_to_digest.short -FUNCS += functions/gnutls_oid_to_ecc_curve -FUNCS += functions/gnutls_oid_to_ecc_curve.short -FUNCS += functions/gnutls_oid_to_pk -FUNCS += functions/gnutls_oid_to_pk.short -FUNCS += functions/gnutls_oid_to_sign -FUNCS += functions/gnutls_oid_to_sign.short -FUNCS += functions/gnutls_openpgp_crt_check_email -FUNCS += functions/gnutls_openpgp_crt_check_email.short FUNCS += functions/gnutls_openpgp_crt_check_hostname FUNCS += functions/gnutls_openpgp_crt_check_hostname.short FUNCS += functions/gnutls_openpgp_crt_check_hostname2 @@ -1305,30 +1233,24 @@ FUNCS += functions/gnutls_packet_get FUNCS += functions/gnutls_packet_get.short FUNCS += functions/gnutls_pcert_deinit FUNCS += functions/gnutls_pcert_deinit.short -FUNCS += functions/gnutls_pcert_export_openpgp -FUNCS += functions/gnutls_pcert_export_openpgp.short -FUNCS += functions/gnutls_pcert_export_x509 -FUNCS += functions/gnutls_pcert_export_x509.short FUNCS += functions/gnutls_pcert_import_openpgp FUNCS += functions/gnutls_pcert_import_openpgp.short FUNCS += functions/gnutls_pcert_import_openpgp_raw FUNCS += functions/gnutls_pcert_import_openpgp_raw.short FUNCS += functions/gnutls_pcert_import_x509 FUNCS += functions/gnutls_pcert_import_x509.short -FUNCS += functions/gnutls_pcert_import_x509_list -FUNCS += functions/gnutls_pcert_import_x509_list.short FUNCS += functions/gnutls_pcert_import_x509_raw FUNCS += functions/gnutls_pcert_import_x509_raw.short FUNCS += functions/gnutls_pcert_list_import_x509_raw FUNCS += functions/gnutls_pcert_list_import_x509_raw.short FUNCS += functions/gnutls_pem_base64_decode FUNCS += functions/gnutls_pem_base64_decode.short -FUNCS += functions/gnutls_pem_base64_decode2 -FUNCS += functions/gnutls_pem_base64_decode2.short +FUNCS += functions/gnutls_pem_base64_decode_alloc +FUNCS += functions/gnutls_pem_base64_decode_alloc.short FUNCS += functions/gnutls_pem_base64_encode FUNCS += functions/gnutls_pem_base64_encode.short -FUNCS += functions/gnutls_pem_base64_encode2 -FUNCS += functions/gnutls_pem_base64_encode2.short +FUNCS += functions/gnutls_pem_base64_encode_alloc +FUNCS += functions/gnutls_pem_base64_encode_alloc.short FUNCS += functions/gnutls_perror FUNCS += functions/gnutls_perror.short FUNCS += functions/gnutls_pk_algorithm_get_name @@ -1337,20 +1259,12 @@ FUNCS += functions/gnutls_pk_bits_to_sec_param FUNCS += functions/gnutls_pk_bits_to_sec_param.short FUNCS += functions/gnutls_pkcs11_add_provider FUNCS += functions/gnutls_pkcs11_add_provider.short -FUNCS += functions/gnutls_pkcs11_copy_attached_extension -FUNCS += functions/gnutls_pkcs11_copy_attached_extension.short -FUNCS += functions/gnutls_pkcs11_copy_pubkey -FUNCS += functions/gnutls_pkcs11_copy_pubkey.short FUNCS += functions/gnutls_pkcs11_copy_secret_key FUNCS += functions/gnutls_pkcs11_copy_secret_key.short FUNCS += functions/gnutls_pkcs11_copy_x509_crt FUNCS += functions/gnutls_pkcs11_copy_x509_crt.short -FUNCS += functions/gnutls_pkcs11_copy_x509_crt2 -FUNCS += functions/gnutls_pkcs11_copy_x509_crt2.short FUNCS += functions/gnutls_pkcs11_copy_x509_privkey FUNCS += functions/gnutls_pkcs11_copy_x509_privkey.short -FUNCS += functions/gnutls_pkcs11_copy_x509_privkey2 -FUNCS += functions/gnutls_pkcs11_copy_x509_privkey2.short FUNCS += functions/gnutls_pkcs11_crt_is_known FUNCS += functions/gnutls_pkcs11_crt_is_known.short FUNCS += functions/gnutls_pkcs11_deinit @@ -1361,10 +1275,6 @@ FUNCS += functions/gnutls_pkcs11_get_pin_function FUNCS += functions/gnutls_pkcs11_get_pin_function.short FUNCS += functions/gnutls_pkcs11_get_raw_issuer FUNCS += functions/gnutls_pkcs11_get_raw_issuer.short -FUNCS += functions/gnutls_pkcs11_get_raw_issuer_by_dn -FUNCS += functions/gnutls_pkcs11_get_raw_issuer_by_dn.short -FUNCS += functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id -FUNCS += functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.short FUNCS += functions/gnutls_pkcs11_init FUNCS += functions/gnutls_pkcs11_init.short FUNCS += functions/gnutls_pkcs11_obj_deinit @@ -1377,12 +1287,6 @@ FUNCS += functions/gnutls_pkcs11_obj_export3 FUNCS += functions/gnutls_pkcs11_obj_export3.short FUNCS += functions/gnutls_pkcs11_obj_export_url FUNCS += functions/gnutls_pkcs11_obj_export_url.short -FUNCS += functions/gnutls_pkcs11_obj_flags_get_str -FUNCS += functions/gnutls_pkcs11_obj_flags_get_str.short -FUNCS += functions/gnutls_pkcs11_obj_get_exts -FUNCS += functions/gnutls_pkcs11_obj_get_exts.short -FUNCS += functions/gnutls_pkcs11_obj_get_flags -FUNCS += functions/gnutls_pkcs11_obj_get_flags.short FUNCS += functions/gnutls_pkcs11_obj_get_info FUNCS += functions/gnutls_pkcs11_obj_get_info.short FUNCS += functions/gnutls_pkcs11_obj_get_type @@ -1391,28 +1295,20 @@ FUNCS += functions/gnutls_pkcs11_obj_import_url FUNCS += functions/gnutls_pkcs11_obj_import_url.short FUNCS += functions/gnutls_pkcs11_obj_init FUNCS += functions/gnutls_pkcs11_obj_init.short -FUNCS += functions/gnutls_pkcs11_obj_list_import_url3 -FUNCS += functions/gnutls_pkcs11_obj_list_import_url3.short -FUNCS += functions/gnutls_pkcs11_obj_list_import_url4 -FUNCS += functions/gnutls_pkcs11_obj_list_import_url4.short -FUNCS += functions/gnutls_pkcs11_obj_set_info -FUNCS += functions/gnutls_pkcs11_obj_set_info.short +FUNCS += functions/gnutls_pkcs11_obj_list_import_url +FUNCS += functions/gnutls_pkcs11_obj_list_import_url.short +FUNCS += functions/gnutls_pkcs11_obj_list_import_url2 +FUNCS += functions/gnutls_pkcs11_obj_list_import_url2.short FUNCS += functions/gnutls_pkcs11_obj_set_pin_function FUNCS += functions/gnutls_pkcs11_obj_set_pin_function.short -FUNCS += functions/gnutls_pkcs11_privkey_cpy -FUNCS += functions/gnutls_pkcs11_privkey_cpy.short FUNCS += functions/gnutls_pkcs11_privkey_deinit FUNCS += functions/gnutls_pkcs11_privkey_deinit.short -FUNCS += functions/gnutls_pkcs11_privkey_export_pubkey -FUNCS += functions/gnutls_pkcs11_privkey_export_pubkey.short FUNCS += functions/gnutls_pkcs11_privkey_export_url FUNCS += functions/gnutls_pkcs11_privkey_export_url.short FUNCS += functions/gnutls_pkcs11_privkey_generate FUNCS += functions/gnutls_pkcs11_privkey_generate.short FUNCS += functions/gnutls_pkcs11_privkey_generate2 FUNCS += functions/gnutls_pkcs11_privkey_generate2.short -FUNCS += functions/gnutls_pkcs11_privkey_generate3 -FUNCS += functions/gnutls_pkcs11_privkey_generate3.short FUNCS += functions/gnutls_pkcs11_privkey_get_info FUNCS += functions/gnutls_pkcs11_privkey_get_info.short FUNCS += functions/gnutls_pkcs11_privkey_get_pk_algorithm @@ -1451,8 +1347,6 @@ FUNCS += functions/gnutls_pkcs12_bag_decrypt FUNCS += functions/gnutls_pkcs12_bag_decrypt.short FUNCS += functions/gnutls_pkcs12_bag_deinit FUNCS += functions/gnutls_pkcs12_bag_deinit.short -FUNCS += functions/gnutls_pkcs12_bag_enc_info -FUNCS += functions/gnutls_pkcs12_bag_enc_info.short FUNCS += functions/gnutls_pkcs12_bag_encrypt FUNCS += functions/gnutls_pkcs12_bag_encrypt.short FUNCS += functions/gnutls_pkcs12_bag_get_count @@ -1477,8 +1371,6 @@ FUNCS += functions/gnutls_pkcs12_bag_set_friendly_name FUNCS += functions/gnutls_pkcs12_bag_set_friendly_name.short FUNCS += functions/gnutls_pkcs12_bag_set_key_id FUNCS += functions/gnutls_pkcs12_bag_set_key_id.short -FUNCS += functions/gnutls_pkcs12_bag_set_privkey -FUNCS += functions/gnutls_pkcs12_bag_set_privkey.short FUNCS += functions/gnutls_pkcs12_deinit FUNCS += functions/gnutls_pkcs12_deinit.short FUNCS += functions/gnutls_pkcs12_export @@ -1487,26 +1379,18 @@ FUNCS += functions/gnutls_pkcs12_export2 FUNCS += functions/gnutls_pkcs12_export2.short FUNCS += functions/gnutls_pkcs12_generate_mac FUNCS += functions/gnutls_pkcs12_generate_mac.short -FUNCS += functions/gnutls_pkcs12_generate_mac2 -FUNCS += functions/gnutls_pkcs12_generate_mac2.short FUNCS += functions/gnutls_pkcs12_get_bag FUNCS += functions/gnutls_pkcs12_get_bag.short FUNCS += functions/gnutls_pkcs12_import FUNCS += functions/gnutls_pkcs12_import.short FUNCS += functions/gnutls_pkcs12_init FUNCS += functions/gnutls_pkcs12_init.short -FUNCS += functions/gnutls_pkcs12_mac_info -FUNCS += functions/gnutls_pkcs12_mac_info.short FUNCS += functions/gnutls_pkcs12_set_bag FUNCS += functions/gnutls_pkcs12_set_bag.short FUNCS += functions/gnutls_pkcs12_simple_parse FUNCS += functions/gnutls_pkcs12_simple_parse.short FUNCS += functions/gnutls_pkcs12_verify_mac FUNCS += functions/gnutls_pkcs12_verify_mac.short -FUNCS += functions/gnutls_pkcs7_add_attr -FUNCS += functions/gnutls_pkcs7_add_attr.short -FUNCS += functions/gnutls_pkcs7_attrs_deinit -FUNCS += functions/gnutls_pkcs7_attrs_deinit.short FUNCS += functions/gnutls_pkcs7_deinit FUNCS += functions/gnutls_pkcs7_deinit.short FUNCS += functions/gnutls_pkcs7_delete_crl @@ -1517,32 +1401,18 @@ FUNCS += functions/gnutls_pkcs7_export FUNCS += functions/gnutls_pkcs7_export.short FUNCS += functions/gnutls_pkcs7_export2 FUNCS += functions/gnutls_pkcs7_export2.short -FUNCS += functions/gnutls_pkcs7_get_attr -FUNCS += functions/gnutls_pkcs7_get_attr.short FUNCS += functions/gnutls_pkcs7_get_crl_count FUNCS += functions/gnutls_pkcs7_get_crl_count.short FUNCS += functions/gnutls_pkcs7_get_crl_raw FUNCS += functions/gnutls_pkcs7_get_crl_raw.short -FUNCS += functions/gnutls_pkcs7_get_crl_raw2 -FUNCS += functions/gnutls_pkcs7_get_crl_raw2.short FUNCS += functions/gnutls_pkcs7_get_crt_count FUNCS += functions/gnutls_pkcs7_get_crt_count.short FUNCS += functions/gnutls_pkcs7_get_crt_raw FUNCS += functions/gnutls_pkcs7_get_crt_raw.short -FUNCS += functions/gnutls_pkcs7_get_crt_raw2 -FUNCS += functions/gnutls_pkcs7_get_crt_raw2.short -FUNCS += functions/gnutls_pkcs7_get_embedded_data -FUNCS += functions/gnutls_pkcs7_get_embedded_data.short -FUNCS += functions/gnutls_pkcs7_get_signature_count -FUNCS += functions/gnutls_pkcs7_get_signature_count.short -FUNCS += functions/gnutls_pkcs7_get_signature_info -FUNCS += functions/gnutls_pkcs7_get_signature_info.short FUNCS += functions/gnutls_pkcs7_import FUNCS += functions/gnutls_pkcs7_import.short FUNCS += functions/gnutls_pkcs7_init FUNCS += functions/gnutls_pkcs7_init.short -FUNCS += functions/gnutls_pkcs7_print -FUNCS += functions/gnutls_pkcs7_print.short FUNCS += functions/gnutls_pkcs7_set_crl FUNCS += functions/gnutls_pkcs7_set_crl.short FUNCS += functions/gnutls_pkcs7_set_crl_raw @@ -1551,26 +1421,10 @@ FUNCS += functions/gnutls_pkcs7_set_crt FUNCS += functions/gnutls_pkcs7_set_crt.short FUNCS += functions/gnutls_pkcs7_set_crt_raw FUNCS += functions/gnutls_pkcs7_set_crt_raw.short -FUNCS += functions/gnutls_pkcs7_sign -FUNCS += functions/gnutls_pkcs7_sign.short -FUNCS += functions/gnutls_pkcs7_signature_info_deinit -FUNCS += functions/gnutls_pkcs7_signature_info_deinit.short -FUNCS += functions/gnutls_pkcs7_verify -FUNCS += functions/gnutls_pkcs7_verify.short -FUNCS += functions/gnutls_pkcs7_verify_direct -FUNCS += functions/gnutls_pkcs7_verify_direct.short -FUNCS += functions/gnutls_pkcs8_info -FUNCS += functions/gnutls_pkcs8_info.short -FUNCS += functions/gnutls_pkcs_schema_get_name -FUNCS += functions/gnutls_pkcs_schema_get_name.short -FUNCS += functions/gnutls_pkcs_schema_get_oid -FUNCS += functions/gnutls_pkcs_schema_get_oid.short FUNCS += functions/gnutls_pk_get_id FUNCS += functions/gnutls_pk_get_id.short FUNCS += functions/gnutls_pk_get_name FUNCS += functions/gnutls_pk_get_name.short -FUNCS += functions/gnutls_pk_get_oid -FUNCS += functions/gnutls_pk_get_oid.short FUNCS += functions/gnutls_pk_list FUNCS += functions/gnutls_pk_list.short FUNCS += functions/gnutls_pk_to_sign @@ -1579,8 +1433,6 @@ FUNCS += functions/gnutls_prf FUNCS += functions/gnutls_prf.short FUNCS += functions/gnutls_prf_raw FUNCS += functions/gnutls_prf_raw.short -FUNCS += functions/gnutls_prf_rfc5705 -FUNCS += functions/gnutls_prf_rfc5705.short FUNCS += functions/gnutls_priority_certificate_type_list FUNCS += functions/gnutls_priority_certificate_type_list.short FUNCS += functions/gnutls_priority_cipher_list @@ -1607,8 +1459,6 @@ FUNCS += functions/gnutls_priority_set_direct FUNCS += functions/gnutls_priority_set_direct.short FUNCS += functions/gnutls_priority_sign_list FUNCS += functions/gnutls_priority_sign_list.short -FUNCS += functions/gnutls_priority_string_list -FUNCS += functions/gnutls_priority_string_list.short FUNCS += functions/gnutls_privkey_decrypt_data FUNCS += functions/gnutls_privkey_decrypt_data.short FUNCS += functions/gnutls_privkey_deinit @@ -1617,14 +1467,8 @@ FUNCS += functions/gnutls_privkey_export_dsa_raw FUNCS += functions/gnutls_privkey_export_dsa_raw.short FUNCS += functions/gnutls_privkey_export_ecc_raw FUNCS += functions/gnutls_privkey_export_ecc_raw.short -FUNCS += functions/gnutls_privkey_export_openpgp -FUNCS += functions/gnutls_privkey_export_openpgp.short -FUNCS += functions/gnutls_privkey_export_pkcs11 -FUNCS += functions/gnutls_privkey_export_pkcs11.short FUNCS += functions/gnutls_privkey_export_rsa_raw FUNCS += functions/gnutls_privkey_export_rsa_raw.short -FUNCS += functions/gnutls_privkey_export_x509 -FUNCS += functions/gnutls_privkey_export_x509.short FUNCS += functions/gnutls_privkey_generate FUNCS += functions/gnutls_privkey_generate.short FUNCS += functions/gnutls_privkey_get_pk_algorithm @@ -1639,8 +1483,6 @@ FUNCS += functions/gnutls_privkey_import_ext FUNCS += functions/gnutls_privkey_import_ext.short FUNCS += functions/gnutls_privkey_import_ext2 FUNCS += functions/gnutls_privkey_import_ext2.short -FUNCS += functions/gnutls_privkey_import_ext3 -FUNCS += functions/gnutls_privkey_import_ext3.short FUNCS += functions/gnutls_privkey_import_openpgp FUNCS += functions/gnutls_privkey_import_openpgp.short FUNCS += functions/gnutls_privkey_import_openpgp_raw @@ -1669,6 +1511,8 @@ FUNCS += functions/gnutls_privkey_sign_data FUNCS += functions/gnutls_privkey_sign_data.short FUNCS += functions/gnutls_privkey_sign_hash FUNCS += functions/gnutls_privkey_sign_hash.short +FUNCS += functions/gnutls_privkey_sign_raw_data +FUNCS += functions/gnutls_privkey_sign_raw_data.short FUNCS += functions/gnutls_privkey_status FUNCS += functions/gnutls_privkey_status.short FUNCS += functions/gnutls_privkey_verify_params @@ -1681,6 +1525,8 @@ FUNCS += functions/gnutls_protocol_get_version FUNCS += functions/gnutls_protocol_get_version.short FUNCS += functions/gnutls_protocol_list FUNCS += functions/gnutls_protocol_list.short +FUNCS += functions/gnutls_protocol_set_priority +FUNCS += functions/gnutls_protocol_set_priority.short FUNCS += functions/gnutls_psk_allocate_client_credentials FUNCS += functions/gnutls_psk_allocate_client_credentials.short FUNCS += functions/gnutls_psk_allocate_server_credentials @@ -1735,6 +1581,8 @@ FUNCS += functions/gnutls_pubkey_get_pk_algorithm FUNCS += functions/gnutls_pubkey_get_pk_algorithm.short FUNCS += functions/gnutls_pubkey_get_preferred_hash_algorithm FUNCS += functions/gnutls_pubkey_get_preferred_hash_algorithm.short +FUNCS += functions/gnutls_pubkey_get_verify_algorithm +FUNCS += functions/gnutls_pubkey_get_verify_algorithm.short FUNCS += functions/gnutls_pubkey_import FUNCS += functions/gnutls_pubkey_import.short FUNCS += functions/gnutls_pubkey_import_dsa_raw @@ -1749,6 +1597,8 @@ FUNCS += functions/gnutls_pubkey_import_openpgp_raw FUNCS += functions/gnutls_pubkey_import_openpgp_raw.short FUNCS += functions/gnutls_pubkey_import_pkcs11 FUNCS += functions/gnutls_pubkey_import_pkcs11.short +FUNCS += functions/gnutls_pubkey_import_pkcs11_url +FUNCS += functions/gnutls_pubkey_import_pkcs11_url.short FUNCS += functions/gnutls_pubkey_import_privkey FUNCS += functions/gnutls_pubkey_import_privkey.short FUNCS += functions/gnutls_pubkey_import_rsa_raw @@ -1773,8 +1623,12 @@ FUNCS += functions/gnutls_pubkey_set_key_usage FUNCS += functions/gnutls_pubkey_set_key_usage.short FUNCS += functions/gnutls_pubkey_set_pin_function FUNCS += functions/gnutls_pubkey_set_pin_function.short +FUNCS += functions/gnutls_pubkey_verify_data +FUNCS += functions/gnutls_pubkey_verify_data.short FUNCS += functions/gnutls_pubkey_verify_data2 FUNCS += functions/gnutls_pubkey_verify_data2.short +FUNCS += functions/gnutls_pubkey_verify_hash +FUNCS += functions/gnutls_pubkey_verify_hash.short FUNCS += functions/gnutls_pubkey_verify_hash2 FUNCS += functions/gnutls_pubkey_verify_hash2.short FUNCS += functions/gnutls_pubkey_verify_params @@ -1793,16 +1647,12 @@ FUNCS += functions/gnutls_record_cork FUNCS += functions/gnutls_record_cork.short FUNCS += functions/gnutls_record_disable_padding FUNCS += functions/gnutls_record_disable_padding.short -FUNCS += functions/gnutls_record_discard_queued -FUNCS += functions/gnutls_record_discard_queued.short FUNCS += functions/gnutls_record_get_direction FUNCS += functions/gnutls_record_get_direction.short FUNCS += functions/gnutls_record_get_discarded FUNCS += functions/gnutls_record_get_discarded.short FUNCS += functions/gnutls_record_get_max_size FUNCS += functions/gnutls_record_get_max_size.short -FUNCS += functions/gnutls_record_get_state -FUNCS += functions/gnutls_record_get_state.short FUNCS += functions/gnutls_record_overhead_size FUNCS += functions/gnutls_record_overhead_size.short FUNCS += functions/gnutls_record_recv @@ -1815,22 +1665,40 @@ FUNCS += functions/gnutls_record_send FUNCS += functions/gnutls_record_send.short FUNCS += functions/gnutls_record_send_range FUNCS += functions/gnutls_record_send_range.short +FUNCS += functions/gnutls_record_set_max_empty_records +FUNCS += functions/gnutls_record_set_max_empty_records.short FUNCS += functions/gnutls_record_set_max_size FUNCS += functions/gnutls_record_set_max_size.short -FUNCS += functions/gnutls_record_set_state -FUNCS += functions/gnutls_record_set_state.short FUNCS += functions/gnutls_record_set_timeout FUNCS += functions/gnutls_record_set_timeout.short FUNCS += functions/gnutls_record_uncork FUNCS += functions/gnutls_record_uncork.short -FUNCS += functions/gnutls_register_custom_url -FUNCS += functions/gnutls_register_custom_url.short FUNCS += functions/gnutls_rehandshake FUNCS += functions/gnutls_rehandshake.short FUNCS += functions/gnutls_rnd FUNCS += functions/gnutls_rnd.short FUNCS += functions/gnutls_rnd_refresh FUNCS += functions/gnutls_rnd_refresh.short +FUNCS += functions/gnutls_rsa_export_get_modulus_bits +FUNCS += functions/gnutls_rsa_export_get_modulus_bits.short +FUNCS += functions/gnutls_rsa_export_get_pubkey +FUNCS += functions/gnutls_rsa_export_get_pubkey.short +FUNCS += functions/gnutls_rsa_params_cpy +FUNCS += functions/gnutls_rsa_params_cpy.short +FUNCS += functions/gnutls_rsa_params_deinit +FUNCS += functions/gnutls_rsa_params_deinit.short +FUNCS += functions/gnutls_rsa_params_export_pkcs1 +FUNCS += functions/gnutls_rsa_params_export_pkcs1.short +FUNCS += functions/gnutls_rsa_params_export_raw +FUNCS += functions/gnutls_rsa_params_export_raw.short +FUNCS += functions/gnutls_rsa_params_generate2 +FUNCS += functions/gnutls_rsa_params_generate2.short +FUNCS += functions/gnutls_rsa_params_import_pkcs1 +FUNCS += functions/gnutls_rsa_params_import_pkcs1.short +FUNCS += functions/gnutls_rsa_params_import_raw +FUNCS += functions/gnutls_rsa_params_import_raw.short +FUNCS += functions/gnutls_rsa_params_init +FUNCS += functions/gnutls_rsa_params_init.short FUNCS += functions/gnutls_safe_renegotiation_status FUNCS += functions/gnutls_safe_renegotiation_status.short FUNCS += functions/gnutls_sec_param_get_name @@ -1847,10 +1715,6 @@ FUNCS += functions/gnutls_session_channel_binding FUNCS += functions/gnutls_session_channel_binding.short FUNCS += functions/gnutls_session_enable_compatibility_mode FUNCS += functions/gnutls_session_enable_compatibility_mode.short -FUNCS += functions/gnutls_session_etm_status -FUNCS += functions/gnutls_session_etm_status.short -FUNCS += functions/gnutls_session_ext_master_secret_status -FUNCS += functions/gnutls_session_ext_master_secret_status.short FUNCS += functions/gnutls_session_force_valid FUNCS += functions/gnutls_session_force_valid.short FUNCS += functions/gnutls_session_get_data @@ -1867,8 +1731,6 @@ FUNCS += functions/gnutls_session_get_ptr FUNCS += functions/gnutls_session_get_ptr.short FUNCS += functions/gnutls_session_get_random FUNCS += functions/gnutls_session_get_random.short -FUNCS += functions/gnutls_session_get_verify_cert_status -FUNCS += functions/gnutls_session_get_verify_cert_status.short FUNCS += functions/gnutls_session_is_resumed FUNCS += functions/gnutls_session_is_resumed.short FUNCS += functions/gnutls_session_resumption_requested @@ -1881,18 +1743,14 @@ FUNCS += functions/gnutls_session_set_premaster FUNCS += functions/gnutls_session_set_premaster.short FUNCS += functions/gnutls_session_set_ptr FUNCS += functions/gnutls_session_set_ptr.short -FUNCS += functions/gnutls_session_set_verify_cert -FUNCS += functions/gnutls_session_set_verify_cert.short -FUNCS += functions/gnutls_session_set_verify_cert2 -FUNCS += functions/gnutls_session_set_verify_cert2.short -FUNCS += functions/gnutls_session_set_verify_function -FUNCS += functions/gnutls_session_set_verify_function.short FUNCS += functions/gnutls_session_ticket_enable_client FUNCS += functions/gnutls_session_ticket_enable_client.short FUNCS += functions/gnutls_session_ticket_enable_server FUNCS += functions/gnutls_session_ticket_enable_server.short FUNCS += functions/gnutls_session_ticket_key_generate FUNCS += functions/gnutls_session_ticket_key_generate.short +FUNCS += functions/gnutls_set_default_export_priority +FUNCS += functions/gnutls_set_default_export_priority.short FUNCS += functions/gnutls_set_default_priority FUNCS += functions/gnutls_set_default_priority.short FUNCS += functions/gnutls_sign_algorithm_get @@ -1901,14 +1759,16 @@ FUNCS += functions/gnutls_sign_algorithm_get_client FUNCS += functions/gnutls_sign_algorithm_get_client.short FUNCS += functions/gnutls_sign_algorithm_get_requested FUNCS += functions/gnutls_sign_algorithm_get_requested.short +FUNCS += functions/gnutls_sign_callback_get +FUNCS += functions/gnutls_sign_callback_get.short +FUNCS += functions/gnutls_sign_callback_set +FUNCS += functions/gnutls_sign_callback_set.short FUNCS += functions/gnutls_sign_get_hash_algorithm FUNCS += functions/gnutls_sign_get_hash_algorithm.short FUNCS += functions/gnutls_sign_get_id FUNCS += functions/gnutls_sign_get_id.short FUNCS += functions/gnutls_sign_get_name FUNCS += functions/gnutls_sign_get_name.short -FUNCS += functions/gnutls_sign_get_oid -FUNCS += functions/gnutls_sign_get_oid.short FUNCS += functions/gnutls_sign_get_pk_algorithm FUNCS += functions/gnutls_sign_get_pk_algorithm.short FUNCS += functions/gnutls_sign_is_secure @@ -1921,12 +1781,12 @@ FUNCS += functions/gnutls_srp_allocate_server_credentials FUNCS += functions/gnutls_srp_allocate_server_credentials.short FUNCS += functions/gnutls_srp_base64_decode FUNCS += functions/gnutls_srp_base64_decode.short -FUNCS += functions/gnutls_srp_base64_decode2 -FUNCS += functions/gnutls_srp_base64_decode2.short +FUNCS += functions/gnutls_srp_base64_decode_alloc +FUNCS += functions/gnutls_srp_base64_decode_alloc.short FUNCS += functions/gnutls_srp_base64_encode FUNCS += functions/gnutls_srp_base64_encode.short -FUNCS += functions/gnutls_srp_base64_encode2 -FUNCS += functions/gnutls_srp_base64_encode2.short +FUNCS += functions/gnutls_srp_base64_encode_alloc +FUNCS += functions/gnutls_srp_base64_encode_alloc.short FUNCS += functions/gnutls_srp_free_client_credentials FUNCS += functions/gnutls_srp_free_client_credentials.short FUNCS += functions/gnutls_srp_free_server_credentials @@ -1981,22 +1841,6 @@ FUNCS += functions/gnutls_subject_alt_names_set FUNCS += functions/gnutls_subject_alt_names_set.short FUNCS += functions/gnutls_supplemental_get_name FUNCS += functions/gnutls_supplemental_get_name.short -FUNCS += functions/gnutls_supplemental_recv -FUNCS += functions/gnutls_supplemental_recv.short -FUNCS += functions/gnutls_supplemental_register -FUNCS += functions/gnutls_supplemental_register.short -FUNCS += functions/gnutls_supplemental_send -FUNCS += functions/gnutls_supplemental_send.short -FUNCS += functions/gnutls_system_key_add_x509 -FUNCS += functions/gnutls_system_key_add_x509.short -FUNCS += functions/gnutls_system_key_delete -FUNCS += functions/gnutls_system_key_delete.short -FUNCS += functions/gnutls_system_key_iter_deinit -FUNCS += functions/gnutls_system_key_iter_deinit.short -FUNCS += functions/gnutls_system_key_iter_get_info -FUNCS += functions/gnutls_system_key_iter_get_info.short -FUNCS += functions/gnutls_system_recv_timeout -FUNCS += functions/gnutls_system_recv_timeout.short FUNCS += functions/gnutls_tdb_deinit FUNCS += functions/gnutls_tdb_deinit.short FUNCS += functions/gnutls_tdb_init @@ -2185,8 +2029,6 @@ FUNCS += functions/gnutls_x509_crq_get_dn_oid FUNCS += functions/gnutls_x509_crq_get_dn_oid.short FUNCS += functions/gnutls_x509_crq_get_extension_by_oid FUNCS += functions/gnutls_x509_crq_get_extension_by_oid.short -FUNCS += functions/gnutls_x509_crq_get_extension_by_oid2 -FUNCS += functions/gnutls_x509_crq_get_extension_by_oid2.short FUNCS += functions/gnutls_x509_crq_get_extension_data FUNCS += functions/gnutls_x509_crq_get_extension_data.short FUNCS += functions/gnutls_x509_crq_get_extension_data2 @@ -2205,8 +2047,6 @@ FUNCS += functions/gnutls_x509_crq_get_pk_algorithm FUNCS += functions/gnutls_x509_crq_get_pk_algorithm.short FUNCS += functions/gnutls_x509_crq_get_private_key_usage_period FUNCS += functions/gnutls_x509_crq_get_private_key_usage_period.short -FUNCS += functions/gnutls_x509_crq_get_signature_algorithm -FUNCS += functions/gnutls_x509_crq_get_signature_algorithm.short FUNCS += functions/gnutls_x509_crq_get_subject_alt_name FUNCS += functions/gnutls_x509_crq_get_subject_alt_name.short FUNCS += functions/gnutls_x509_crq_get_subject_alt_othername_oid @@ -2253,8 +2093,6 @@ FUNCS += functions/gnutls_x509_crq_sign2 FUNCS += functions/gnutls_x509_crq_sign2.short FUNCS += functions/gnutls_x509_crq_verify FUNCS += functions/gnutls_x509_crq_verify.short -FUNCS += functions/gnutls_x509_crt_check_email -FUNCS += functions/gnutls_x509_crt_check_email.short FUNCS += functions/gnutls_x509_crt_check_hostname FUNCS += functions/gnutls_x509_crt_check_hostname.short FUNCS += functions/gnutls_x509_crt_check_hostname2 @@ -2297,8 +2135,6 @@ FUNCS += functions/gnutls_x509_crt_get_expiration_time FUNCS += functions/gnutls_x509_crt_get_expiration_time.short FUNCS += functions/gnutls_x509_crt_get_extension_by_oid FUNCS += functions/gnutls_x509_crt_get_extension_by_oid.short -FUNCS += functions/gnutls_x509_crt_get_extension_by_oid2 -FUNCS += functions/gnutls_x509_crt_get_extension_by_oid2.short FUNCS += functions/gnutls_x509_crt_get_extension_data FUNCS += functions/gnutls_x509_crt_get_extension_data.short FUNCS += functions/gnutls_x509_crt_get_extension_data2 @@ -2339,8 +2175,6 @@ FUNCS += functions/gnutls_x509_crt_get_pk_algorithm FUNCS += functions/gnutls_x509_crt_get_pk_algorithm.short FUNCS += functions/gnutls_x509_crt_get_pk_dsa_raw FUNCS += functions/gnutls_x509_crt_get_pk_dsa_raw.short -FUNCS += functions/gnutls_x509_crt_get_pk_ecc_raw -FUNCS += functions/gnutls_x509_crt_get_pk_ecc_raw.short FUNCS += functions/gnutls_x509_crt_get_pk_rsa_raw FUNCS += functions/gnutls_x509_crt_get_pk_rsa_raw.short FUNCS += functions/gnutls_x509_crt_get_policy @@ -2373,14 +2207,16 @@ FUNCS += functions/gnutls_x509_crt_get_subject_key_id FUNCS += functions/gnutls_x509_crt_get_subject_key_id.short FUNCS += functions/gnutls_x509_crt_get_subject_unique_id FUNCS += functions/gnutls_x509_crt_get_subject_unique_id.short +FUNCS += functions/gnutls_x509_crt_get_verify_algorithm +FUNCS += functions/gnutls_x509_crt_get_verify_algorithm.short FUNCS += functions/gnutls_x509_crt_get_version FUNCS += functions/gnutls_x509_crt_get_version.short FUNCS += functions/gnutls_x509_crt_import FUNCS += functions/gnutls_x509_crt_import.short FUNCS += functions/gnutls_x509_crt_import_pkcs11 FUNCS += functions/gnutls_x509_crt_import_pkcs11.short -FUNCS += functions/gnutls_x509_crt_import_url -FUNCS += functions/gnutls_x509_crt_import_url.short +FUNCS += functions/gnutls_x509_crt_import_pkcs11_url +FUNCS += functions/gnutls_x509_crt_import_pkcs11_url.short FUNCS += functions/gnutls_x509_crt_init FUNCS += functions/gnutls_x509_crt_init.short FUNCS += functions/gnutls_x509_crt_list_import @@ -2427,8 +2263,6 @@ FUNCS += functions/gnutls_x509_crt_set_issuer_dn FUNCS += functions/gnutls_x509_crt_set_issuer_dn.short FUNCS += functions/gnutls_x509_crt_set_issuer_dn_by_oid FUNCS += functions/gnutls_x509_crt_set_issuer_dn_by_oid.short -FUNCS += functions/gnutls_x509_crt_set_issuer_unique_id -FUNCS += functions/gnutls_x509_crt_set_issuer_unique_id.short FUNCS += functions/gnutls_x509_crt_set_key FUNCS += functions/gnutls_x509_crt_set_key.short FUNCS += functions/gnutls_x509_crt_set_key_purpose_oid @@ -2457,8 +2291,6 @@ FUNCS += functions/gnutls_x509_crt_set_subject_alt_name FUNCS += functions/gnutls_x509_crt_set_subject_alt_name.short FUNCS += functions/gnutls_x509_crt_set_subject_key_id FUNCS += functions/gnutls_x509_crt_set_subject_key_id.short -FUNCS += functions/gnutls_x509_crt_set_subject_unique_id -FUNCS += functions/gnutls_x509_crt_set_subject_unique_id.short FUNCS += functions/gnutls_x509_crt_set_version FUNCS += functions/gnutls_x509_crt_set_version.short FUNCS += functions/gnutls_x509_crt_sign @@ -2467,8 +2299,10 @@ FUNCS += functions/gnutls_x509_crt_sign2 FUNCS += functions/gnutls_x509_crt_sign2.short FUNCS += functions/gnutls_x509_crt_verify FUNCS += functions/gnutls_x509_crt_verify.short -FUNCS += functions/gnutls_x509_crt_verify_data2 -FUNCS += functions/gnutls_x509_crt_verify_data2.short +FUNCS += functions/gnutls_x509_crt_verify_data +FUNCS += functions/gnutls_x509_crt_verify_data.short +FUNCS += functions/gnutls_x509_crt_verify_hash +FUNCS += functions/gnutls_x509_crt_verify_hash.short FUNCS += functions/gnutls_x509_dn_deinit FUNCS += functions/gnutls_x509_dn_deinit.short FUNCS += functions/gnutls_x509_dn_export @@ -2477,8 +2311,6 @@ FUNCS += functions/gnutls_x509_dn_export2 FUNCS += functions/gnutls_x509_dn_export2.short FUNCS += functions/gnutls_x509_dn_get_rdn_ava FUNCS += functions/gnutls_x509_dn_get_rdn_ava.short -FUNCS += functions/gnutls_x509_dn_get_str -FUNCS += functions/gnutls_x509_dn_get_str.short FUNCS += functions/gnutls_x509_dn_import FUNCS += functions/gnutls_x509_dn_import.short FUNCS += functions/gnutls_x509_dn_init @@ -2487,8 +2319,6 @@ FUNCS += functions/gnutls_x509_dn_oid_known FUNCS += functions/gnutls_x509_dn_oid_known.short FUNCS += functions/gnutls_x509_dn_oid_name FUNCS += functions/gnutls_x509_dn_oid_name.short -FUNCS += functions/gnutls_x509_ext_deinit -FUNCS += functions/gnutls_x509_ext_deinit.short FUNCS += functions/gnutls_x509_ext_export_aia FUNCS += functions/gnutls_x509_ext_export_aia.short FUNCS += functions/gnutls_x509_ext_export_authority_key_id @@ -2537,8 +2367,6 @@ FUNCS += functions/gnutls_x509_ext_import_subject_alt_names FUNCS += functions/gnutls_x509_ext_import_subject_alt_names.short FUNCS += functions/gnutls_x509_ext_import_subject_key_id FUNCS += functions/gnutls_x509_ext_import_subject_key_id.short -FUNCS += functions/gnutls_x509_ext_print -FUNCS += functions/gnutls_x509_ext_print.short FUNCS += functions/gnutls_x509_key_purpose_deinit FUNCS += functions/gnutls_x509_key_purpose_deinit.short FUNCS += functions/gnutls_x509_key_purpose_get @@ -2563,8 +2391,6 @@ FUNCS += functions/gnutls_x509_name_constraints_get_permitted FUNCS += functions/gnutls_x509_name_constraints_get_permitted.short FUNCS += functions/gnutls_x509_name_constraints_init FUNCS += functions/gnutls_x509_name_constraints_init.short -FUNCS += functions/gnutls_x509_othername_to_virtual -FUNCS += functions/gnutls_x509_othername_to_virtual.short FUNCS += functions/gnutls_x509_policies_deinit FUNCS += functions/gnutls_x509_policies_deinit.short FUNCS += functions/gnutls_x509_policies_get @@ -2625,8 +2451,6 @@ FUNCS += functions/gnutls_x509_privkey_init FUNCS += functions/gnutls_x509_privkey_init.short FUNCS += functions/gnutls_x509_privkey_sec_param FUNCS += functions/gnutls_x509_privkey_sec_param.short -FUNCS += functions/gnutls_x509_privkey_set_pin_function -FUNCS += functions/gnutls_x509_privkey_set_pin_function.short FUNCS += functions/gnutls_x509_privkey_sign_data FUNCS += functions/gnutls_x509_privkey_sign_data.short FUNCS += functions/gnutls_x509_privkey_sign_hash @@ -2647,8 +2471,6 @@ FUNCS += functions/gnutls_x509_trust_list_add_named_crt FUNCS += functions/gnutls_x509_trust_list_add_named_crt.short FUNCS += functions/gnutls_x509_trust_list_add_system_trust FUNCS += functions/gnutls_x509_trust_list_add_system_trust.short -FUNCS += functions/gnutls_x509_trust_list_add_trust_dir -FUNCS += functions/gnutls_x509_trust_list_add_trust_dir.short FUNCS += functions/gnutls_x509_trust_list_add_trust_file FUNCS += functions/gnutls_x509_trust_list_add_trust_file.short FUNCS += functions/gnutls_x509_trust_list_add_trust_mem @@ -2657,16 +2479,8 @@ FUNCS += functions/gnutls_x509_trust_list_deinit FUNCS += functions/gnutls_x509_trust_list_deinit.short FUNCS += functions/gnutls_x509_trust_list_get_issuer FUNCS += functions/gnutls_x509_trust_list_get_issuer.short -FUNCS += functions/gnutls_x509_trust_list_get_issuer_by_dn -FUNCS += functions/gnutls_x509_trust_list_get_issuer_by_dn.short -FUNCS += functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id -FUNCS += functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id.short FUNCS += functions/gnutls_x509_trust_list_init FUNCS += functions/gnutls_x509_trust_list_init.short -FUNCS += functions/gnutls_x509_trust_list_iter_deinit -FUNCS += functions/gnutls_x509_trust_list_iter_deinit.short -FUNCS += functions/gnutls_x509_trust_list_iter_get_ca -FUNCS += functions/gnutls_x509_trust_list_iter_get_ca.short FUNCS += functions/gnutls_x509_trust_list_remove_cas FUNCS += functions/gnutls_x509_trust_list_remove_cas.short FUNCS += functions/gnutls_x509_trust_list_remove_trust_file @@ -2675,7 +2489,5 @@ FUNCS += functions/gnutls_x509_trust_list_remove_trust_mem FUNCS += functions/gnutls_x509_trust_list_remove_trust_mem.short FUNCS += functions/gnutls_x509_trust_list_verify_crt FUNCS += functions/gnutls_x509_trust_list_verify_crt.short -FUNCS += functions/gnutls_x509_trust_list_verify_crt2 -FUNCS += functions/gnutls_x509_trust_list_verify_crt2.short FUNCS += functions/gnutls_x509_trust_list_verify_named_crt FUNCS += functions/gnutls_x509_trust_list_verify_named_crt.short diff --git a/doc/Makefile.in b/doc/Makefile.in index f54ac39..2bf8fb9 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -35,17 +35,7 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -116,6 +106,11 @@ host_triplet = @host@ EXTRA_PROGRAMS = errcodes$(EXEEXT) printlist$(EXEEXT) \ alert-printlist$(EXEEXT) subdir = doc +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(top_srcdir)/build-aux/depcomp $(gnutls_TEXINFOS) \ + $(top_srcdir)/build-aux/mdate-sh $(srcdir)/version.texi \ + $(srcdir)/stamp-vti $(srcdir)/version-guile.texi \ + $(srcdir)/stamp-1 $(top_srcdir)/build-aux/texinfo.tex TODO ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/bison.m4 \ @@ -149,7 +144,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ $(top_srcdir)/src/gl/m4/xalloc.m4 \ $(top_srcdir)/src/libopts/m4/libopts.m4 \ - $(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \ $(top_srcdir)/gl/m4/00gnulib.m4 \ $(top_srcdir)/gl/m4/absolute-header.m4 \ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/base64.m4 \ @@ -226,9 +220,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/version.texi \ - $(srcdir)/stamp-vti $(srcdir)/version-guile.texi \ - $(srcdir)/stamp-1 $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -395,10 +386,6 @@ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = examples cyclo scripts manpages credentials latex \ reference -am__DIST_COMMON = $(gnutls_TEXINFOS) $(srcdir)/Makefile.in \ - $(top_srcdir)/build-aux/depcomp \ - $(top_srcdir)/build-aux/mdate-sh \ - $(top_srcdir)/build-aux/texinfo.tex TODO DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -475,7 +462,6 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ -ENABLE_PADLOCK = @ENABLE_PADLOCK@ ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ ENOLINK_VALUE = @ENOLINK_VALUE@ EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ @@ -635,7 +621,6 @@ GNULIB_PUTCHAR = @GNULIB_PUTCHAR@ GNULIB_PUTENV = @GNULIB_PUTENV@ GNULIB_PUTS = @GNULIB_PUTS@ GNULIB_PWRITE = @GNULIB_PWRITE@ -GNULIB_QSORT_R = @GNULIB_QSORT_R@ GNULIB_RAISE = @GNULIB_RAISE@ GNULIB_RANDOM = @GNULIB_RANDOM@ GNULIB_RANDOM_R = @GNULIB_RANDOM_R@ @@ -698,7 +683,6 @@ GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@ GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@ GNULIB_TIMEGM = @GNULIB_TIMEGM@ GNULIB_TIME_R = @GNULIB_TIME_R@ -GNULIB_TIME_RZ = @GNULIB_TIME_RZ@ GNULIB_TMPFILE = @GNULIB_TMPFILE@ GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@ GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@ @@ -848,7 +832,6 @@ HAVE_LCHMOD = @HAVE_LCHMOD@ HAVE_LCHOWN = @HAVE_LCHOWN@ HAVE_LIBDL = @HAVE_LIBDL@ HAVE_LIBICONV = @HAVE_LIBICONV@ -HAVE_LIBNSL = @HAVE_LIBNSL@ HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ HAVE_LIBRT = @HAVE_LIBRT@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -856,7 +839,6 @@ HAVE_LINK = @HAVE_LINK@ HAVE_LINKAT = @HAVE_LINKAT@ HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ HAVE_LSTAT = @HAVE_LSTAT@ -HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ HAVE_MBRLEN = @HAVE_MBRLEN@ HAVE_MBRTOWC = @HAVE_MBRTOWC@ HAVE_MBSINIT = @HAVE_MBSINIT@ @@ -947,7 +929,6 @@ HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ HAVE_TIMEGM = @HAVE_TIMEGM@ -HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ HAVE_UNISTD_H = @HAVE_UNISTD_H@ HAVE_UNLINKAT = @HAVE_UNLINKAT@ @@ -1023,8 +1004,6 @@ LIBICONV_PREFIX = @LIBICONV_PREFIX@ LIBIDN_CFLAGS = @LIBIDN_CFLAGS@ LIBIDN_LIBS = @LIBIDN_LIBS@ LIBINTL = @LIBINTL@ -LIBNSL = @LIBNSL@ -LIBNSL_PREFIX = @LIBNSL_PREFIX@ LIBOBJS = @LIBOBJS@ LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ LIBOPTS_DIR = @LIBOPTS_DIR@ @@ -1049,7 +1028,6 @@ LTALLOCA = @LTALLOCA@ LTLIBDL = @LTLIBDL@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ -LTLIBNSL = @LTLIBNSL@ LTLIBOBJS = @LTLIBOBJS@ LTLIBPTHREAD = @LTLIBPTHREAD@ LTLIBRT = @LTLIBRT@ @@ -1229,12 +1207,10 @@ REPLACE_PTSNAME = @REPLACE_PTSNAME@ REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ REPLACE_PUTENV = @REPLACE_PUTENV@ REPLACE_PWRITE = @REPLACE_PWRITE@ -REPLACE_QSORT_R = @REPLACE_QSORT_R@ REPLACE_RAISE = @REPLACE_RAISE@ REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ REPLACE_READ = @REPLACE_READ@ REPLACE_READLINK = @REPLACE_READLINK@ -REPLACE_READLINKAT = @REPLACE_READLINKAT@ REPLACE_REALLOC = @REPLACE_REALLOC@ REPLACE_REALPATH = @REPLACE_REALPATH@ REPLACE_REMOVE = @REPLACE_REMOVE@ @@ -1266,7 +1242,6 @@ REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ REPLACE_SYMLINK = @REPLACE_SYMLINK@ -REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ REPLACE_TIMEGM = @REPLACE_TIMEGM@ REPLACE_TMPFILE = @REPLACE_TMPFILE@ REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ @@ -1299,11 +1274,9 @@ STDALIGN_H = @STDALIGN_H@ STDBOOL_H = @STDBOOL_H@ STDDEF_H = @STDDEF_H@ STDINT_H = @STDINT_H@ -STDNORETURN_H = @STDNORETURN_H@ STRIP = @STRIP@ SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ -TROUSERS_LIB = @TROUSERS_LIB@ TSS_CFLAGS = @TSS_CFLAGS@ TSS_LIBS = @TSS_LIBS@ UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ @@ -1311,7 +1284,6 @@ UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ UNBOUND_LIBS = @UNBOUND_LIBS@ UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ -UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ USE_NLS = @USE_NLS@ @@ -1388,7 +1360,6 @@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -1465,8 +1436,7 @@ MAINTAINERCLEANFILES = $(API_FILES) $(guile_texi) # Generated texinfos. API_FILES = gnutls-api.texi x509-api.texi pgp-api.texi pkcs12-api.texi \ tpm-api.texi pkcs11-api.texi abstract-api.texi compat-api.texi \ - dtls-api.texi crypto-api.texi ocsp-api.texi tpm-api.texi dane-api.texi \ - pkcs7-api.texi + dtls-api.texi crypto-api.texi ocsp-api.texi tpm-api.texi dane-api.texi DISTCLEANFILES = error_codes.texi algorithms.texi alerts.texi \ enums.texi $(ENUMS) stamp_enums stamp_functions @@ -1499,7 +1469,7 @@ ENUMS = enums/dane_cert_type_t enums/dane_cert_usage_t \ enums/dane_match_type_t enums/dane_query_status_t \ enums/dane_state_flags_t enums/dane_verify_flags_t \ enums/dane_verify_status_t enums/gnutls_alert_description_t \ - enums/gnutls_alert_level_t enums/gnutls_certificate_flags \ + enums/gnutls_alert_level_t \ enums/gnutls_certificate_import_flags \ enums/gnutls_certificate_print_formats_t \ enums/gnutls_certificate_request_t \ @@ -1511,21 +1481,19 @@ ENUMS = enums/dane_cert_type_t enums/dane_cert_usage_t \ enums/gnutls_close_request_t enums/gnutls_compression_method_t \ enums/gnutls_credentials_type_t \ enums/gnutls_digest_algorithm_t enums/gnutls_ecc_curve_t \ - enums/gnutls_ext_parse_type_t \ enums/gnutls_handshake_description_t \ - enums/gnutls_keyid_flags_t enums/gnutls_kx_algorithm_t \ - enums/gnutls_mac_algorithm_t enums/gnutls_ocsp_cert_status_t \ + enums/gnutls_kx_algorithm_t enums/gnutls_mac_algorithm_t \ + enums/gnutls_ocsp_cert_status_t \ enums/gnutls_ocsp_print_formats_t \ enums/gnutls_ocsp_resp_status_t \ enums/gnutls_ocsp_verify_reason_t \ enums/gnutls_openpgp_crt_fmt_t \ enums/gnutls_openpgp_crt_status_t enums/gnutls_params_type_t \ enums/gnutls_pin_flag_t enums/gnutls_pk_algorithm_t \ - enums/gnutls_pkcs11_obj_flags enums/gnutls_pkcs11_obj_info_t \ + enums/gnutls_pkcs11_obj_attr_t enums/gnutls_pkcs11_obj_info_t \ enums/gnutls_pkcs11_obj_type_t \ enums/gnutls_pkcs11_token_info_t \ enums/gnutls_pkcs11_url_type_t enums/gnutls_pkcs12_bag_type_t \ - enums/gnutls_pkcs7_sign_flags \ enums/gnutls_pkcs_encrypt_flags_t enums/gnutls_privkey_flags_t \ enums/gnutls_privkey_type_t enums/gnutls_protocol_t \ enums/gnutls_psk_key_flags enums/gnutls_pubkey_flags_t \ @@ -1546,9 +1514,7 @@ FUNCS = functions/dane_cert_type_name \ functions/dane_query_deinit.short functions/dane_query_entries \ functions/dane_query_entries.short functions/dane_query_status \ functions/dane_query_status.short functions/dane_query_tlsa \ - functions/dane_query_tlsa.short \ - functions/dane_query_to_raw_tlsa \ - functions/dane_query_to_raw_tlsa.short functions/dane_raw_tlsa \ + functions/dane_query_tlsa.short functions/dane_raw_tlsa \ functions/dane_raw_tlsa.short functions/dane_state_deinit \ functions/dane_state_deinit.short functions/dane_state_init \ functions/dane_state_init.short \ @@ -1562,14 +1528,6 @@ FUNCS = functions/dane_cert_type_name \ functions/dane_verify_crt_raw.short \ functions/dane_verify_session_crt \ functions/dane_verify_session_crt.short \ - functions/gnutls_aead_cipher_decrypt \ - functions/gnutls_aead_cipher_decrypt.short \ - functions/gnutls_aead_cipher_deinit \ - functions/gnutls_aead_cipher_deinit.short \ - functions/gnutls_aead_cipher_encrypt \ - functions/gnutls_aead_cipher_encrypt.short \ - functions/gnutls_aead_cipher_init \ - functions/gnutls_aead_cipher_init.short \ functions/gnutls_alert_get functions/gnutls_alert_get.short \ functions/gnutls_alert_get_name \ functions/gnutls_alert_get_name.short \ @@ -1602,15 +1560,15 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_auth_get_type.short \ functions/gnutls_auth_server_get_type \ functions/gnutls_auth_server_get_type.short \ - functions/gnutls_buffer_append_data \ - functions/gnutls_buffer_append_data.short functions/gnutls_bye \ - functions/gnutls_bye.short \ + functions/gnutls_bye functions/gnutls_bye.short \ functions/gnutls_certificate_activation_time_peers \ functions/gnutls_certificate_activation_time_peers.short \ functions/gnutls_certificate_allocate_credentials \ functions/gnutls_certificate_allocate_credentials.short \ functions/gnutls_certificate_client_get_request_status \ functions/gnutls_certificate_client_get_request_status.short \ + functions/gnutls_certificate_client_set_retrieve_function \ + functions/gnutls_certificate_client_set_retrieve_function.short \ functions/gnutls_certificate_expiration_time_peers \ functions/gnutls_certificate_expiration_time_peers.short \ functions/gnutls_certificate_free_ca_names \ @@ -1627,32 +1585,20 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_certificate_get_crt_raw.short \ functions/gnutls_certificate_get_issuer \ functions/gnutls_certificate_get_issuer.short \ - functions/gnutls_certificate_get_openpgp_crt \ - functions/gnutls_certificate_get_openpgp_crt.short \ - functions/gnutls_certificate_get_openpgp_key \ - functions/gnutls_certificate_get_openpgp_key.short \ functions/gnutls_certificate_get_ours \ functions/gnutls_certificate_get_ours.short \ functions/gnutls_certificate_get_peers \ functions/gnutls_certificate_get_peers.short \ functions/gnutls_certificate_get_peers_subkey_id \ functions/gnutls_certificate_get_peers_subkey_id.short \ - functions/gnutls_certificate_get_trust_list \ - functions/gnutls_certificate_get_trust_list.short \ - functions/gnutls_certificate_get_verify_flags \ - functions/gnutls_certificate_get_verify_flags.short \ - functions/gnutls_certificate_get_x509_crt \ - functions/gnutls_certificate_get_x509_crt.short \ - functions/gnutls_certificate_get_x509_key \ - functions/gnutls_certificate_get_x509_key.short \ functions/gnutls_certificate_send_x509_rdn_sequence \ functions/gnutls_certificate_send_x509_rdn_sequence.short \ functions/gnutls_certificate_server_set_request \ functions/gnutls_certificate_server_set_request.short \ + functions/gnutls_certificate_server_set_retrieve_function \ + functions/gnutls_certificate_server_set_retrieve_function.short \ functions/gnutls_certificate_set_dh_params \ functions/gnutls_certificate_set_dh_params.short \ - functions/gnutls_certificate_set_flags \ - functions/gnutls_certificate_set_flags.short \ functions/gnutls_certificate_set_key \ functions/gnutls_certificate_set_key.short \ functions/gnutls_certificate_set_ocsp_status_request_file \ @@ -1681,6 +1627,8 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_certificate_set_retrieve_function.short \ functions/gnutls_certificate_set_retrieve_function2 \ functions/gnutls_certificate_set_retrieve_function2.short \ + functions/gnutls_certificate_set_rsa_export_params \ + functions/gnutls_certificate_set_rsa_export_params.short \ functions/gnutls_certificate_set_trust_list \ functions/gnutls_certificate_set_trust_list.short \ functions/gnutls_certificate_set_verify_flags \ @@ -1713,8 +1661,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_certificate_set_x509_system_trust.short \ functions/gnutls_certificate_set_x509_trust \ functions/gnutls_certificate_set_x509_trust.short \ - functions/gnutls_certificate_set_x509_trust_dir \ - functions/gnutls_certificate_set_x509_trust_dir.short \ functions/gnutls_certificate_set_x509_trust_file \ functions/gnutls_certificate_set_x509_trust_file.short \ functions/gnutls_certificate_set_x509_trust_mem \ @@ -1727,6 +1673,8 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_certificate_type_get_name.short \ functions/gnutls_certificate_type_list \ functions/gnutls_certificate_type_list.short \ + functions/gnutls_certificate_type_set_priority \ + functions/gnutls_certificate_type_set_priority.short \ functions/gnutls_certificate_verification_status_print \ functions/gnutls_certificate_verification_status_print.short \ functions/gnutls_certificate_verify_peers \ @@ -1768,6 +1716,8 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_cipher_list.short \ functions/gnutls_cipher_set_iv \ functions/gnutls_cipher_set_iv.short \ + functions/gnutls_cipher_set_priority \ + functions/gnutls_cipher_set_priority.short \ functions/gnutls_cipher_suite_get_name \ functions/gnutls_cipher_suite_get_name.short \ functions/gnutls_cipher_suite_info \ @@ -1781,20 +1731,14 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_compression_get_name.short \ functions/gnutls_compression_list \ functions/gnutls_compression_list.short \ + functions/gnutls_compression_set_priority \ + functions/gnutls_compression_set_priority.short \ functions/gnutls_credentials_clear \ functions/gnutls_credentials_clear.short \ functions/gnutls_credentials_get \ functions/gnutls_credentials_get.short \ functions/gnutls_credentials_set \ functions/gnutls_credentials_set.short \ - functions/gnutls_crypto_register_aead_cipher \ - functions/gnutls_crypto_register_aead_cipher.short \ - functions/gnutls_crypto_register_cipher \ - functions/gnutls_crypto_register_cipher.short \ - functions/gnutls_crypto_register_digest \ - functions/gnutls_crypto_register_digest.short \ - functions/gnutls_crypto_register_mac \ - functions/gnutls_crypto_register_mac.short \ functions/gnutls_db_check_entry \ functions/gnutls_db_check_entry.short \ functions/gnutls_db_check_entry_time \ @@ -1840,8 +1784,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_dh_params_import_pkcs3.short \ functions/gnutls_dh_params_import_raw \ functions/gnutls_dh_params_import_raw.short \ - functions/gnutls_dh_params_import_raw2 \ - functions/gnutls_dh_params_import_raw2.short \ functions/gnutls_dh_params_init \ functions/gnutls_dh_params_init.short \ functions/gnutls_dh_set_prime_bits \ @@ -1850,8 +1792,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_digest_get_id.short \ functions/gnutls_digest_get_name \ functions/gnutls_digest_get_name.short \ - functions/gnutls_digest_get_oid \ - functions/gnutls_digest_get_oid.short \ functions/gnutls_digest_list \ functions/gnutls_digest_list.short \ functions/gnutls_dtls_cookie_send \ @@ -1874,12 +1814,8 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_dtls_set_timeouts.short \ functions/gnutls_ecc_curve_get \ functions/gnutls_ecc_curve_get.short \ - functions/gnutls_ecc_curve_get_id \ - functions/gnutls_ecc_curve_get_id.short \ functions/gnutls_ecc_curve_get_name \ functions/gnutls_ecc_curve_get_name.short \ - functions/gnutls_ecc_curve_get_oid \ - functions/gnutls_ecc_curve_get_oid.short \ functions/gnutls_ecc_curve_get_size \ functions/gnutls_ecc_curve_get_size.short \ functions/gnutls_ecc_curve_list \ @@ -1890,12 +1826,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_error_to_alert.short \ functions/gnutls_est_record_overhead_size \ functions/gnutls_est_record_overhead_size.short \ - functions/gnutls_ext_get_data \ - functions/gnutls_ext_get_data.short \ - functions/gnutls_ext_register \ - functions/gnutls_ext_register.short \ - functions/gnutls_ext_set_data \ - functions/gnutls_ext_set_data.short \ functions/gnutls_fingerprint \ functions/gnutls_fingerprint.short \ functions/gnutls_fips140_mode_enabled \ @@ -1956,11 +1886,9 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_heartbeat_set_timeouts.short \ functions/gnutls_hex2bin functions/gnutls_hex2bin.short \ functions/gnutls_hex_decode functions/gnutls_hex_decode.short \ - functions/gnutls_hex_decode2 \ - functions/gnutls_hex_decode2.short functions/gnutls_hex_encode \ - functions/gnutls_hex_encode.short functions/gnutls_hex_encode2 \ - functions/gnutls_hex_encode2.short functions/gnutls_hmac \ - functions/gnutls_hmac.short functions/gnutls_hmac_deinit \ + functions/gnutls_hex_encode functions/gnutls_hex_encode.short \ + functions/gnutls_hmac functions/gnutls_hmac.short \ + functions/gnutls_hmac_deinit \ functions/gnutls_hmac_deinit.short functions/gnutls_hmac_fast \ functions/gnutls_hmac_fast.short functions/gnutls_hmac_get_len \ functions/gnutls_hmac_get_len.short functions/gnutls_hmac_init \ @@ -1973,10 +1901,12 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_kx_get.short functions/gnutls_kx_get_id \ functions/gnutls_kx_get_id.short functions/gnutls_kx_get_name \ functions/gnutls_kx_get_name.short functions/gnutls_kx_list \ - functions/gnutls_kx_list.short functions/gnutls_load_file \ - functions/gnutls_load_file.short functions/gnutls_mac_get \ - functions/gnutls_mac_get.short functions/gnutls_mac_get_id \ - functions/gnutls_mac_get_id.short \ + functions/gnutls_kx_list.short \ + functions/gnutls_kx_set_priority \ + functions/gnutls_kx_set_priority.short \ + functions/gnutls_load_file functions/gnutls_load_file.short \ + functions/gnutls_mac_get functions/gnutls_mac_get.short \ + functions/gnutls_mac_get_id functions/gnutls_mac_get_id.short \ functions/gnutls_mac_get_key_size \ functions/gnutls_mac_get_key_size.short \ functions/gnutls_mac_get_name \ @@ -1984,8 +1914,8 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_mac_get_nonce_size \ functions/gnutls_mac_get_nonce_size.short \ functions/gnutls_mac_list functions/gnutls_mac_list.short \ - functions/gnutls_memcmp functions/gnutls_memcmp.short \ - functions/gnutls_memset functions/gnutls_memset.short \ + functions/gnutls_mac_set_priority \ + functions/gnutls_mac_set_priority.short \ functions/gnutls_ocsp_req_add_cert \ functions/gnutls_ocsp_req_add_cert.short \ functions/gnutls_ocsp_req_add_cert_id \ @@ -2030,8 +1960,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_ocsp_resp_get_produced.short \ functions/gnutls_ocsp_resp_get_responder \ functions/gnutls_ocsp_resp_get_responder.short \ - functions/gnutls_ocsp_resp_get_responder_raw_id \ - functions/gnutls_ocsp_resp_get_responder_raw_id.short \ functions/gnutls_ocsp_resp_get_response \ functions/gnutls_ocsp_resp_get_response.short \ functions/gnutls_ocsp_resp_get_signature \ @@ -2060,15 +1988,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_ocsp_status_request_get.short \ functions/gnutls_ocsp_status_request_is_checked \ functions/gnutls_ocsp_status_request_is_checked.short \ - functions/gnutls_oid_to_digest \ - functions/gnutls_oid_to_digest.short \ - functions/gnutls_oid_to_ecc_curve \ - functions/gnutls_oid_to_ecc_curve.short \ - functions/gnutls_oid_to_pk functions/gnutls_oid_to_pk.short \ - functions/gnutls_oid_to_sign \ - functions/gnutls_oid_to_sign.short \ - functions/gnutls_openpgp_crt_check_email \ - functions/gnutls_openpgp_crt_check_email.short \ functions/gnutls_openpgp_crt_check_hostname \ functions/gnutls_openpgp_crt_check_hostname.short \ functions/gnutls_openpgp_crt_check_hostname2 \ @@ -2210,30 +2129,24 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_packet_get functions/gnutls_packet_get.short \ functions/gnutls_pcert_deinit \ functions/gnutls_pcert_deinit.short \ - functions/gnutls_pcert_export_openpgp \ - functions/gnutls_pcert_export_openpgp.short \ - functions/gnutls_pcert_export_x509 \ - functions/gnutls_pcert_export_x509.short \ functions/gnutls_pcert_import_openpgp \ functions/gnutls_pcert_import_openpgp.short \ functions/gnutls_pcert_import_openpgp_raw \ functions/gnutls_pcert_import_openpgp_raw.short \ functions/gnutls_pcert_import_x509 \ functions/gnutls_pcert_import_x509.short \ - functions/gnutls_pcert_import_x509_list \ - functions/gnutls_pcert_import_x509_list.short \ functions/gnutls_pcert_import_x509_raw \ functions/gnutls_pcert_import_x509_raw.short \ functions/gnutls_pcert_list_import_x509_raw \ functions/gnutls_pcert_list_import_x509_raw.short \ functions/gnutls_pem_base64_decode \ functions/gnutls_pem_base64_decode.short \ - functions/gnutls_pem_base64_decode2 \ - functions/gnutls_pem_base64_decode2.short \ + functions/gnutls_pem_base64_decode_alloc \ + functions/gnutls_pem_base64_decode_alloc.short \ functions/gnutls_pem_base64_encode \ functions/gnutls_pem_base64_encode.short \ - functions/gnutls_pem_base64_encode2 \ - functions/gnutls_pem_base64_encode2.short \ + functions/gnutls_pem_base64_encode_alloc \ + functions/gnutls_pem_base64_encode_alloc.short \ functions/gnutls_perror functions/gnutls_perror.short \ functions/gnutls_pk_algorithm_get_name \ functions/gnutls_pk_algorithm_get_name.short \ @@ -2241,20 +2154,12 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_pk_bits_to_sec_param.short \ functions/gnutls_pkcs11_add_provider \ functions/gnutls_pkcs11_add_provider.short \ - functions/gnutls_pkcs11_copy_attached_extension \ - functions/gnutls_pkcs11_copy_attached_extension.short \ - functions/gnutls_pkcs11_copy_pubkey \ - functions/gnutls_pkcs11_copy_pubkey.short \ functions/gnutls_pkcs11_copy_secret_key \ functions/gnutls_pkcs11_copy_secret_key.short \ functions/gnutls_pkcs11_copy_x509_crt \ functions/gnutls_pkcs11_copy_x509_crt.short \ - functions/gnutls_pkcs11_copy_x509_crt2 \ - functions/gnutls_pkcs11_copy_x509_crt2.short \ functions/gnutls_pkcs11_copy_x509_privkey \ functions/gnutls_pkcs11_copy_x509_privkey.short \ - functions/gnutls_pkcs11_copy_x509_privkey2 \ - functions/gnutls_pkcs11_copy_x509_privkey2.short \ functions/gnutls_pkcs11_crt_is_known \ functions/gnutls_pkcs11_crt_is_known.short \ functions/gnutls_pkcs11_deinit \ @@ -2265,10 +2170,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_pkcs11_get_pin_function.short \ functions/gnutls_pkcs11_get_raw_issuer \ functions/gnutls_pkcs11_get_raw_issuer.short \ - functions/gnutls_pkcs11_get_raw_issuer_by_dn \ - functions/gnutls_pkcs11_get_raw_issuer_by_dn.short \ - functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id \ - functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.short \ functions/gnutls_pkcs11_init \ functions/gnutls_pkcs11_init.short \ functions/gnutls_pkcs11_obj_deinit \ @@ -2281,12 +2182,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_pkcs11_obj_export3.short \ functions/gnutls_pkcs11_obj_export_url \ functions/gnutls_pkcs11_obj_export_url.short \ - functions/gnutls_pkcs11_obj_flags_get_str \ - functions/gnutls_pkcs11_obj_flags_get_str.short \ - functions/gnutls_pkcs11_obj_get_exts \ - functions/gnutls_pkcs11_obj_get_exts.short \ - functions/gnutls_pkcs11_obj_get_flags \ - functions/gnutls_pkcs11_obj_get_flags.short \ functions/gnutls_pkcs11_obj_get_info \ functions/gnutls_pkcs11_obj_get_info.short \ functions/gnutls_pkcs11_obj_get_type \ @@ -2295,28 +2190,20 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_pkcs11_obj_import_url.short \ functions/gnutls_pkcs11_obj_init \ functions/gnutls_pkcs11_obj_init.short \ - functions/gnutls_pkcs11_obj_list_import_url3 \ - functions/gnutls_pkcs11_obj_list_import_url3.short \ - functions/gnutls_pkcs11_obj_list_import_url4 \ - functions/gnutls_pkcs11_obj_list_import_url4.short \ - functions/gnutls_pkcs11_obj_set_info \ - functions/gnutls_pkcs11_obj_set_info.short \ + functions/gnutls_pkcs11_obj_list_import_url \ + functions/gnutls_pkcs11_obj_list_import_url.short \ + functions/gnutls_pkcs11_obj_list_import_url2 \ + functions/gnutls_pkcs11_obj_list_import_url2.short \ functions/gnutls_pkcs11_obj_set_pin_function \ functions/gnutls_pkcs11_obj_set_pin_function.short \ - functions/gnutls_pkcs11_privkey_cpy \ - functions/gnutls_pkcs11_privkey_cpy.short \ functions/gnutls_pkcs11_privkey_deinit \ functions/gnutls_pkcs11_privkey_deinit.short \ - functions/gnutls_pkcs11_privkey_export_pubkey \ - functions/gnutls_pkcs11_privkey_export_pubkey.short \ functions/gnutls_pkcs11_privkey_export_url \ functions/gnutls_pkcs11_privkey_export_url.short \ functions/gnutls_pkcs11_privkey_generate \ functions/gnutls_pkcs11_privkey_generate.short \ functions/gnutls_pkcs11_privkey_generate2 \ functions/gnutls_pkcs11_privkey_generate2.short \ - functions/gnutls_pkcs11_privkey_generate3 \ - functions/gnutls_pkcs11_privkey_generate3.short \ functions/gnutls_pkcs11_privkey_get_info \ functions/gnutls_pkcs11_privkey_get_info.short \ functions/gnutls_pkcs11_privkey_get_pk_algorithm \ @@ -2355,8 +2242,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_pkcs12_bag_decrypt.short \ functions/gnutls_pkcs12_bag_deinit \ functions/gnutls_pkcs12_bag_deinit.short \ - functions/gnutls_pkcs12_bag_enc_info \ - functions/gnutls_pkcs12_bag_enc_info.short \ functions/gnutls_pkcs12_bag_encrypt \ functions/gnutls_pkcs12_bag_encrypt.short \ functions/gnutls_pkcs12_bag_get_count \ @@ -2381,8 +2266,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_pkcs12_bag_set_friendly_name.short \ functions/gnutls_pkcs12_bag_set_key_id \ functions/gnutls_pkcs12_bag_set_key_id.short \ - functions/gnutls_pkcs12_bag_set_privkey \ - functions/gnutls_pkcs12_bag_set_privkey.short \ functions/gnutls_pkcs12_deinit \ functions/gnutls_pkcs12_deinit.short \ functions/gnutls_pkcs12_export \ @@ -2391,26 +2274,18 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_pkcs12_export2.short \ functions/gnutls_pkcs12_generate_mac \ functions/gnutls_pkcs12_generate_mac.short \ - functions/gnutls_pkcs12_generate_mac2 \ - functions/gnutls_pkcs12_generate_mac2.short \ functions/gnutls_pkcs12_get_bag \ functions/gnutls_pkcs12_get_bag.short \ functions/gnutls_pkcs12_import \ functions/gnutls_pkcs12_import.short \ functions/gnutls_pkcs12_init \ functions/gnutls_pkcs12_init.short \ - functions/gnutls_pkcs12_mac_info \ - functions/gnutls_pkcs12_mac_info.short \ functions/gnutls_pkcs12_set_bag \ functions/gnutls_pkcs12_set_bag.short \ functions/gnutls_pkcs12_simple_parse \ functions/gnutls_pkcs12_simple_parse.short \ functions/gnutls_pkcs12_verify_mac \ functions/gnutls_pkcs12_verify_mac.short \ - functions/gnutls_pkcs7_add_attr \ - functions/gnutls_pkcs7_add_attr.short \ - functions/gnutls_pkcs7_attrs_deinit \ - functions/gnutls_pkcs7_attrs_deinit.short \ functions/gnutls_pkcs7_deinit \ functions/gnutls_pkcs7_deinit.short \ functions/gnutls_pkcs7_delete_crl \ @@ -2421,31 +2296,17 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_pkcs7_export.short \ functions/gnutls_pkcs7_export2 \ functions/gnutls_pkcs7_export2.short \ - functions/gnutls_pkcs7_get_attr \ - functions/gnutls_pkcs7_get_attr.short \ functions/gnutls_pkcs7_get_crl_count \ functions/gnutls_pkcs7_get_crl_count.short \ functions/gnutls_pkcs7_get_crl_raw \ functions/gnutls_pkcs7_get_crl_raw.short \ - functions/gnutls_pkcs7_get_crl_raw2 \ - functions/gnutls_pkcs7_get_crl_raw2.short \ functions/gnutls_pkcs7_get_crt_count \ functions/gnutls_pkcs7_get_crt_count.short \ functions/gnutls_pkcs7_get_crt_raw \ functions/gnutls_pkcs7_get_crt_raw.short \ - functions/gnutls_pkcs7_get_crt_raw2 \ - functions/gnutls_pkcs7_get_crt_raw2.short \ - functions/gnutls_pkcs7_get_embedded_data \ - functions/gnutls_pkcs7_get_embedded_data.short \ - functions/gnutls_pkcs7_get_signature_count \ - functions/gnutls_pkcs7_get_signature_count.short \ - functions/gnutls_pkcs7_get_signature_info \ - functions/gnutls_pkcs7_get_signature_info.short \ functions/gnutls_pkcs7_import \ functions/gnutls_pkcs7_import.short \ functions/gnutls_pkcs7_init functions/gnutls_pkcs7_init.short \ - functions/gnutls_pkcs7_print \ - functions/gnutls_pkcs7_print.short \ functions/gnutls_pkcs7_set_crl \ functions/gnutls_pkcs7_set_crl.short \ functions/gnutls_pkcs7_set_crl_raw \ @@ -2454,27 +2315,13 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_pkcs7_set_crt.short \ functions/gnutls_pkcs7_set_crt_raw \ functions/gnutls_pkcs7_set_crt_raw.short \ - functions/gnutls_pkcs7_sign functions/gnutls_pkcs7_sign.short \ - functions/gnutls_pkcs7_signature_info_deinit \ - functions/gnutls_pkcs7_signature_info_deinit.short \ - functions/gnutls_pkcs7_verify \ - functions/gnutls_pkcs7_verify.short \ - functions/gnutls_pkcs7_verify_direct \ - functions/gnutls_pkcs7_verify_direct.short \ - functions/gnutls_pkcs8_info functions/gnutls_pkcs8_info.short \ - functions/gnutls_pkcs_schema_get_name \ - functions/gnutls_pkcs_schema_get_name.short \ - functions/gnutls_pkcs_schema_get_oid \ - functions/gnutls_pkcs_schema_get_oid.short \ functions/gnutls_pk_get_id functions/gnutls_pk_get_id.short \ functions/gnutls_pk_get_name \ - functions/gnutls_pk_get_name.short functions/gnutls_pk_get_oid \ - functions/gnutls_pk_get_oid.short functions/gnutls_pk_list \ + functions/gnutls_pk_get_name.short functions/gnutls_pk_list \ functions/gnutls_pk_list.short functions/gnutls_pk_to_sign \ functions/gnutls_pk_to_sign.short functions/gnutls_prf \ functions/gnutls_prf.short functions/gnutls_prf_raw \ - functions/gnutls_prf_raw.short functions/gnutls_prf_rfc5705 \ - functions/gnutls_prf_rfc5705.short \ + functions/gnutls_prf_raw.short \ functions/gnutls_priority_certificate_type_list \ functions/gnutls_priority_certificate_type_list.short \ functions/gnutls_priority_cipher_list \ @@ -2501,8 +2348,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_priority_set_direct.short \ functions/gnutls_priority_sign_list \ functions/gnutls_priority_sign_list.short \ - functions/gnutls_priority_string_list \ - functions/gnutls_priority_string_list.short \ functions/gnutls_privkey_decrypt_data \ functions/gnutls_privkey_decrypt_data.short \ functions/gnutls_privkey_deinit \ @@ -2511,14 +2356,8 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_privkey_export_dsa_raw.short \ functions/gnutls_privkey_export_ecc_raw \ functions/gnutls_privkey_export_ecc_raw.short \ - functions/gnutls_privkey_export_openpgp \ - functions/gnutls_privkey_export_openpgp.short \ - functions/gnutls_privkey_export_pkcs11 \ - functions/gnutls_privkey_export_pkcs11.short \ functions/gnutls_privkey_export_rsa_raw \ functions/gnutls_privkey_export_rsa_raw.short \ - functions/gnutls_privkey_export_x509 \ - functions/gnutls_privkey_export_x509.short \ functions/gnutls_privkey_generate \ functions/gnutls_privkey_generate.short \ functions/gnutls_privkey_get_pk_algorithm \ @@ -2533,8 +2372,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_privkey_import_ext.short \ functions/gnutls_privkey_import_ext2 \ functions/gnutls_privkey_import_ext2.short \ - functions/gnutls_privkey_import_ext3 \ - functions/gnutls_privkey_import_ext3.short \ functions/gnutls_privkey_import_openpgp \ functions/gnutls_privkey_import_openpgp.short \ functions/gnutls_privkey_import_openpgp_raw \ @@ -2563,6 +2400,8 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_privkey_sign_data.short \ functions/gnutls_privkey_sign_hash \ functions/gnutls_privkey_sign_hash.short \ + functions/gnutls_privkey_sign_raw_data \ + functions/gnutls_privkey_sign_raw_data.short \ functions/gnutls_privkey_status \ functions/gnutls_privkey_status.short \ functions/gnutls_privkey_verify_params \ @@ -2575,6 +2414,8 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_protocol_get_version.short \ functions/gnutls_protocol_list \ functions/gnutls_protocol_list.short \ + functions/gnutls_protocol_set_priority \ + functions/gnutls_protocol_set_priority.short \ functions/gnutls_psk_allocate_client_credentials \ functions/gnutls_psk_allocate_client_credentials.short \ functions/gnutls_psk_allocate_server_credentials \ @@ -2629,6 +2470,8 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_pubkey_get_pk_algorithm.short \ functions/gnutls_pubkey_get_preferred_hash_algorithm \ functions/gnutls_pubkey_get_preferred_hash_algorithm.short \ + functions/gnutls_pubkey_get_verify_algorithm \ + functions/gnutls_pubkey_get_verify_algorithm.short \ functions/gnutls_pubkey_import \ functions/gnutls_pubkey_import.short \ functions/gnutls_pubkey_import_dsa_raw \ @@ -2643,6 +2486,8 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_pubkey_import_openpgp_raw.short \ functions/gnutls_pubkey_import_pkcs11 \ functions/gnutls_pubkey_import_pkcs11.short \ + functions/gnutls_pubkey_import_pkcs11_url \ + functions/gnutls_pubkey_import_pkcs11_url.short \ functions/gnutls_pubkey_import_privkey \ functions/gnutls_pubkey_import_privkey.short \ functions/gnutls_pubkey_import_rsa_raw \ @@ -2667,8 +2512,12 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_pubkey_set_key_usage.short \ functions/gnutls_pubkey_set_pin_function \ functions/gnutls_pubkey_set_pin_function.short \ + functions/gnutls_pubkey_verify_data \ + functions/gnutls_pubkey_verify_data.short \ functions/gnutls_pubkey_verify_data2 \ functions/gnutls_pubkey_verify_data2.short \ + functions/gnutls_pubkey_verify_hash \ + functions/gnutls_pubkey_verify_hash.short \ functions/gnutls_pubkey_verify_hash2 \ functions/gnutls_pubkey_verify_hash2.short \ functions/gnutls_pubkey_verify_params \ @@ -2686,16 +2535,12 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_record_cork.short \ functions/gnutls_record_disable_padding \ functions/gnutls_record_disable_padding.short \ - functions/gnutls_record_discard_queued \ - functions/gnutls_record_discard_queued.short \ functions/gnutls_record_get_direction \ functions/gnutls_record_get_direction.short \ functions/gnutls_record_get_discarded \ functions/gnutls_record_get_discarded.short \ functions/gnutls_record_get_max_size \ functions/gnutls_record_get_max_size.short \ - functions/gnutls_record_get_state \ - functions/gnutls_record_get_state.short \ functions/gnutls_record_overhead_size \ functions/gnutls_record_overhead_size.short \ functions/gnutls_record_recv \ @@ -2708,20 +2553,38 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_record_send.short \ functions/gnutls_record_send_range \ functions/gnutls_record_send_range.short \ + functions/gnutls_record_set_max_empty_records \ + functions/gnutls_record_set_max_empty_records.short \ functions/gnutls_record_set_max_size \ functions/gnutls_record_set_max_size.short \ - functions/gnutls_record_set_state \ - functions/gnutls_record_set_state.short \ functions/gnutls_record_set_timeout \ functions/gnutls_record_set_timeout.short \ functions/gnutls_record_uncork \ functions/gnutls_record_uncork.short \ - functions/gnutls_register_custom_url \ - functions/gnutls_register_custom_url.short \ functions/gnutls_rehandshake \ functions/gnutls_rehandshake.short functions/gnutls_rnd \ functions/gnutls_rnd.short functions/gnutls_rnd_refresh \ functions/gnutls_rnd_refresh.short \ + functions/gnutls_rsa_export_get_modulus_bits \ + functions/gnutls_rsa_export_get_modulus_bits.short \ + functions/gnutls_rsa_export_get_pubkey \ + functions/gnutls_rsa_export_get_pubkey.short \ + functions/gnutls_rsa_params_cpy \ + functions/gnutls_rsa_params_cpy.short \ + functions/gnutls_rsa_params_deinit \ + functions/gnutls_rsa_params_deinit.short \ + functions/gnutls_rsa_params_export_pkcs1 \ + functions/gnutls_rsa_params_export_pkcs1.short \ + functions/gnutls_rsa_params_export_raw \ + functions/gnutls_rsa_params_export_raw.short \ + functions/gnutls_rsa_params_generate2 \ + functions/gnutls_rsa_params_generate2.short \ + functions/gnutls_rsa_params_import_pkcs1 \ + functions/gnutls_rsa_params_import_pkcs1.short \ + functions/gnutls_rsa_params_import_raw \ + functions/gnutls_rsa_params_import_raw.short \ + functions/gnutls_rsa_params_init \ + functions/gnutls_rsa_params_init.short \ functions/gnutls_safe_renegotiation_status \ functions/gnutls_safe_renegotiation_status.short \ functions/gnutls_sec_param_get_name \ @@ -2738,10 +2601,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_session_channel_binding.short \ functions/gnutls_session_enable_compatibility_mode \ functions/gnutls_session_enable_compatibility_mode.short \ - functions/gnutls_session_etm_status \ - functions/gnutls_session_etm_status.short \ - functions/gnutls_session_ext_master_secret_status \ - functions/gnutls_session_ext_master_secret_status.short \ functions/gnutls_session_force_valid \ functions/gnutls_session_force_valid.short \ functions/gnutls_session_get_data \ @@ -2758,8 +2617,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_session_get_ptr.short \ functions/gnutls_session_get_random \ functions/gnutls_session_get_random.short \ - functions/gnutls_session_get_verify_cert_status \ - functions/gnutls_session_get_verify_cert_status.short \ functions/gnutls_session_is_resumed \ functions/gnutls_session_is_resumed.short \ functions/gnutls_session_resumption_requested \ @@ -2772,18 +2629,14 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_session_set_premaster.short \ functions/gnutls_session_set_ptr \ functions/gnutls_session_set_ptr.short \ - functions/gnutls_session_set_verify_cert \ - functions/gnutls_session_set_verify_cert.short \ - functions/gnutls_session_set_verify_cert2 \ - functions/gnutls_session_set_verify_cert2.short \ - functions/gnutls_session_set_verify_function \ - functions/gnutls_session_set_verify_function.short \ functions/gnutls_session_ticket_enable_client \ functions/gnutls_session_ticket_enable_client.short \ functions/gnutls_session_ticket_enable_server \ functions/gnutls_session_ticket_enable_server.short \ functions/gnutls_session_ticket_key_generate \ functions/gnutls_session_ticket_key_generate.short \ + functions/gnutls_set_default_export_priority \ + functions/gnutls_set_default_export_priority.short \ functions/gnutls_set_default_priority \ functions/gnutls_set_default_priority.short \ functions/gnutls_sign_algorithm_get \ @@ -2792,14 +2645,16 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_sign_algorithm_get_client.short \ functions/gnutls_sign_algorithm_get_requested \ functions/gnutls_sign_algorithm_get_requested.short \ + functions/gnutls_sign_callback_get \ + functions/gnutls_sign_callback_get.short \ + functions/gnutls_sign_callback_set \ + functions/gnutls_sign_callback_set.short \ functions/gnutls_sign_get_hash_algorithm \ functions/gnutls_sign_get_hash_algorithm.short \ functions/gnutls_sign_get_id \ functions/gnutls_sign_get_id.short \ functions/gnutls_sign_get_name \ functions/gnutls_sign_get_name.short \ - functions/gnutls_sign_get_oid \ - functions/gnutls_sign_get_oid.short \ functions/gnutls_sign_get_pk_algorithm \ functions/gnutls_sign_get_pk_algorithm.short \ functions/gnutls_sign_is_secure \ @@ -2811,12 +2666,12 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_srp_allocate_server_credentials.short \ functions/gnutls_srp_base64_decode \ functions/gnutls_srp_base64_decode.short \ - functions/gnutls_srp_base64_decode2 \ - functions/gnutls_srp_base64_decode2.short \ + functions/gnutls_srp_base64_decode_alloc \ + functions/gnutls_srp_base64_decode_alloc.short \ functions/gnutls_srp_base64_encode \ functions/gnutls_srp_base64_encode.short \ - functions/gnutls_srp_base64_encode2 \ - functions/gnutls_srp_base64_encode2.short \ + functions/gnutls_srp_base64_encode_alloc \ + functions/gnutls_srp_base64_encode_alloc.short \ functions/gnutls_srp_free_client_credentials \ functions/gnutls_srp_free_client_credentials.short \ functions/gnutls_srp_free_server_credentials \ @@ -2869,22 +2724,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_subject_alt_names_set.short \ functions/gnutls_supplemental_get_name \ functions/gnutls_supplemental_get_name.short \ - functions/gnutls_supplemental_recv \ - functions/gnutls_supplemental_recv.short \ - functions/gnutls_supplemental_register \ - functions/gnutls_supplemental_register.short \ - functions/gnutls_supplemental_send \ - functions/gnutls_supplemental_send.short \ - functions/gnutls_system_key_add_x509 \ - functions/gnutls_system_key_add_x509.short \ - functions/gnutls_system_key_delete \ - functions/gnutls_system_key_delete.short \ - functions/gnutls_system_key_iter_deinit \ - functions/gnutls_system_key_iter_deinit.short \ - functions/gnutls_system_key_iter_get_info \ - functions/gnutls_system_key_iter_get_info.short \ - functions/gnutls_system_recv_timeout \ - functions/gnutls_system_recv_timeout.short \ functions/gnutls_tdb_deinit functions/gnutls_tdb_deinit.short \ functions/gnutls_tdb_init functions/gnutls_tdb_init.short \ functions/gnutls_tdb_set_store_commitment_func \ @@ -3071,8 +2910,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_crq_get_dn_oid.short \ functions/gnutls_x509_crq_get_extension_by_oid \ functions/gnutls_x509_crq_get_extension_by_oid.short \ - functions/gnutls_x509_crq_get_extension_by_oid2 \ - functions/gnutls_x509_crq_get_extension_by_oid2.short \ functions/gnutls_x509_crq_get_extension_data \ functions/gnutls_x509_crq_get_extension_data.short \ functions/gnutls_x509_crq_get_extension_data2 \ @@ -3091,8 +2928,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_crq_get_pk_algorithm.short \ functions/gnutls_x509_crq_get_private_key_usage_period \ functions/gnutls_x509_crq_get_private_key_usage_period.short \ - functions/gnutls_x509_crq_get_signature_algorithm \ - functions/gnutls_x509_crq_get_signature_algorithm.short \ functions/gnutls_x509_crq_get_subject_alt_name \ functions/gnutls_x509_crq_get_subject_alt_name.short \ functions/gnutls_x509_crq_get_subject_alt_othername_oid \ @@ -3139,8 +2974,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_crq_sign2.short \ functions/gnutls_x509_crq_verify \ functions/gnutls_x509_crq_verify.short \ - functions/gnutls_x509_crt_check_email \ - functions/gnutls_x509_crt_check_email.short \ functions/gnutls_x509_crt_check_hostname \ functions/gnutls_x509_crt_check_hostname.short \ functions/gnutls_x509_crt_check_hostname2 \ @@ -3183,8 +3016,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_crt_get_expiration_time.short \ functions/gnutls_x509_crt_get_extension_by_oid \ functions/gnutls_x509_crt_get_extension_by_oid.short \ - functions/gnutls_x509_crt_get_extension_by_oid2 \ - functions/gnutls_x509_crt_get_extension_by_oid2.short \ functions/gnutls_x509_crt_get_extension_data \ functions/gnutls_x509_crt_get_extension_data.short \ functions/gnutls_x509_crt_get_extension_data2 \ @@ -3225,8 +3056,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_crt_get_pk_algorithm.short \ functions/gnutls_x509_crt_get_pk_dsa_raw \ functions/gnutls_x509_crt_get_pk_dsa_raw.short \ - functions/gnutls_x509_crt_get_pk_ecc_raw \ - functions/gnutls_x509_crt_get_pk_ecc_raw.short \ functions/gnutls_x509_crt_get_pk_rsa_raw \ functions/gnutls_x509_crt_get_pk_rsa_raw.short \ functions/gnutls_x509_crt_get_policy \ @@ -3259,14 +3088,16 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_crt_get_subject_key_id.short \ functions/gnutls_x509_crt_get_subject_unique_id \ functions/gnutls_x509_crt_get_subject_unique_id.short \ + functions/gnutls_x509_crt_get_verify_algorithm \ + functions/gnutls_x509_crt_get_verify_algorithm.short \ functions/gnutls_x509_crt_get_version \ functions/gnutls_x509_crt_get_version.short \ functions/gnutls_x509_crt_import \ functions/gnutls_x509_crt_import.short \ functions/gnutls_x509_crt_import_pkcs11 \ functions/gnutls_x509_crt_import_pkcs11.short \ - functions/gnutls_x509_crt_import_url \ - functions/gnutls_x509_crt_import_url.short \ + functions/gnutls_x509_crt_import_pkcs11_url \ + functions/gnutls_x509_crt_import_pkcs11_url.short \ functions/gnutls_x509_crt_init \ functions/gnutls_x509_crt_init.short \ functions/gnutls_x509_crt_list_import \ @@ -3313,8 +3144,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_crt_set_issuer_dn.short \ functions/gnutls_x509_crt_set_issuer_dn_by_oid \ functions/gnutls_x509_crt_set_issuer_dn_by_oid.short \ - functions/gnutls_x509_crt_set_issuer_unique_id \ - functions/gnutls_x509_crt_set_issuer_unique_id.short \ functions/gnutls_x509_crt_set_key \ functions/gnutls_x509_crt_set_key.short \ functions/gnutls_x509_crt_set_key_purpose_oid \ @@ -3343,8 +3172,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_crt_set_subject_alt_name.short \ functions/gnutls_x509_crt_set_subject_key_id \ functions/gnutls_x509_crt_set_subject_key_id.short \ - functions/gnutls_x509_crt_set_subject_unique_id \ - functions/gnutls_x509_crt_set_subject_unique_id.short \ functions/gnutls_x509_crt_set_version \ functions/gnutls_x509_crt_set_version.short \ functions/gnutls_x509_crt_sign \ @@ -3353,8 +3180,10 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_crt_sign2.short \ functions/gnutls_x509_crt_verify \ functions/gnutls_x509_crt_verify.short \ - functions/gnutls_x509_crt_verify_data2 \ - functions/gnutls_x509_crt_verify_data2.short \ + functions/gnutls_x509_crt_verify_data \ + functions/gnutls_x509_crt_verify_data.short \ + functions/gnutls_x509_crt_verify_hash \ + functions/gnutls_x509_crt_verify_hash.short \ functions/gnutls_x509_dn_deinit \ functions/gnutls_x509_dn_deinit.short \ functions/gnutls_x509_dn_export \ @@ -3363,8 +3192,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_dn_export2.short \ functions/gnutls_x509_dn_get_rdn_ava \ functions/gnutls_x509_dn_get_rdn_ava.short \ - functions/gnutls_x509_dn_get_str \ - functions/gnutls_x509_dn_get_str.short \ functions/gnutls_x509_dn_import \ functions/gnutls_x509_dn_import.short \ functions/gnutls_x509_dn_init \ @@ -3373,8 +3200,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_dn_oid_known.short \ functions/gnutls_x509_dn_oid_name \ functions/gnutls_x509_dn_oid_name.short \ - functions/gnutls_x509_ext_deinit \ - functions/gnutls_x509_ext_deinit.short \ functions/gnutls_x509_ext_export_aia \ functions/gnutls_x509_ext_export_aia.short \ functions/gnutls_x509_ext_export_authority_key_id \ @@ -3423,8 +3248,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_ext_import_subject_alt_names.short \ functions/gnutls_x509_ext_import_subject_key_id \ functions/gnutls_x509_ext_import_subject_key_id.short \ - functions/gnutls_x509_ext_print \ - functions/gnutls_x509_ext_print.short \ functions/gnutls_x509_key_purpose_deinit \ functions/gnutls_x509_key_purpose_deinit.short \ functions/gnutls_x509_key_purpose_get \ @@ -3449,8 +3272,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_name_constraints_get_permitted.short \ functions/gnutls_x509_name_constraints_init \ functions/gnutls_x509_name_constraints_init.short \ - functions/gnutls_x509_othername_to_virtual \ - functions/gnutls_x509_othername_to_virtual.short \ functions/gnutls_x509_policies_deinit \ functions/gnutls_x509_policies_deinit.short \ functions/gnutls_x509_policies_get \ @@ -3511,8 +3332,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_privkey_init.short \ functions/gnutls_x509_privkey_sec_param \ functions/gnutls_x509_privkey_sec_param.short \ - functions/gnutls_x509_privkey_set_pin_function \ - functions/gnutls_x509_privkey_set_pin_function.short \ functions/gnutls_x509_privkey_sign_data \ functions/gnutls_x509_privkey_sign_data.short \ functions/gnutls_x509_privkey_sign_hash \ @@ -3533,8 +3352,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_trust_list_add_named_crt.short \ functions/gnutls_x509_trust_list_add_system_trust \ functions/gnutls_x509_trust_list_add_system_trust.short \ - functions/gnutls_x509_trust_list_add_trust_dir \ - functions/gnutls_x509_trust_list_add_trust_dir.short \ functions/gnutls_x509_trust_list_add_trust_file \ functions/gnutls_x509_trust_list_add_trust_file.short \ functions/gnutls_x509_trust_list_add_trust_mem \ @@ -3543,16 +3360,8 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_trust_list_deinit.short \ functions/gnutls_x509_trust_list_get_issuer \ functions/gnutls_x509_trust_list_get_issuer.short \ - functions/gnutls_x509_trust_list_get_issuer_by_dn \ - functions/gnutls_x509_trust_list_get_issuer_by_dn.short \ - functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id \ - functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id.short \ functions/gnutls_x509_trust_list_init \ functions/gnutls_x509_trust_list_init.short \ - functions/gnutls_x509_trust_list_iter_deinit \ - functions/gnutls_x509_trust_list_iter_deinit.short \ - functions/gnutls_x509_trust_list_iter_get_ca \ - functions/gnutls_x509_trust_list_iter_get_ca.short \ functions/gnutls_x509_trust_list_remove_cas \ functions/gnutls_x509_trust_list_remove_cas.short \ functions/gnutls_x509_trust_list_remove_trust_file \ @@ -3561,8 +3370,6 @@ FUNCS = functions/dane_cert_type_name \ functions/gnutls_x509_trust_list_remove_trust_mem.short \ functions/gnutls_x509_trust_list_verify_crt \ functions/gnutls_x509_trust_list_verify_crt.short \ - functions/gnutls_x509_trust_list_verify_crt2 \ - functions/gnutls_x509_trust_list_verify_crt2.short \ functions/gnutls_x509_trust_list_verify_named_crt \ functions/gnutls_x509_trust_list_verify_named_crt.short all: $(BUILT_SOURCES) @@ -3582,6 +3389,7 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/Makefile +.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -3707,16 +3515,15 @@ $(srcdir)/stamp-vti: gnutls.texi $(top_srcdir)/configure echo "@set UPDATED $$1 $$2 $$3"; \ echo "@set UPDATED-MONTH $$2 $$3"; \ echo "@set EDITION $(VERSION)"; \ - echo "@set VERSION $(VERSION)") > vti.tmp$$$$ && \ - (cmp -s vti.tmp$$$$ $(srcdir)/version.texi \ - || (echo "Updating $(srcdir)/version.texi" && \ - cp vti.tmp$$$$ $(srcdir)/version.texi.tmp$$$$ && \ - mv $(srcdir)/version.texi.tmp$$$$ $(srcdir)/version.texi)) && \ - rm -f vti.tmp$$$$ $(srcdir)/version.texi.$$$$ + echo "@set VERSION $(VERSION)") > vti.tmp + @cmp -s vti.tmp $(srcdir)/version.texi \ + || (echo "Updating $(srcdir)/version.texi"; \ + cp vti.tmp $(srcdir)/version.texi) + -@rm -f vti.tmp @cp $(srcdir)/version.texi $@ mostlyclean-vti: - -rm -f vti.tmp* $(srcdir)/version.texi.tmp* + -rm -f vti.tmp maintainer-clean-vti: -rm -f $(srcdir)/stamp-vti $(srcdir)/version.texi @@ -3731,16 +3538,15 @@ $(srcdir)/stamp-1: gnutls-guile.texi $(top_srcdir)/configure echo "@set UPDATED $$1 $$2 $$3"; \ echo "@set UPDATED-MONTH $$2 $$3"; \ echo "@set EDITION $(VERSION)"; \ - echo "@set VERSION $(VERSION)") > 1.tmp$$$$ && \ - (cmp -s 1.tmp$$$$ $(srcdir)/version-guile.texi \ - || (echo "Updating $(srcdir)/version-guile.texi" && \ - cp 1.tmp$$$$ $(srcdir)/version-guile.texi.tmp$$$$ && \ - mv $(srcdir)/version-guile.texi.tmp$$$$ $(srcdir)/version-guile.texi)) && \ - rm -f 1.tmp$$$$ $(srcdir)/version-guile.texi.$$$$ + echo "@set VERSION $(VERSION)") > 1.tmp + @cmp -s 1.tmp $(srcdir)/version-guile.texi \ + || (echo "Updating $(srcdir)/version-guile.texi"; \ + cp 1.tmp $(srcdir)/version-guile.texi) + -@rm -f 1.tmp @cp $(srcdir)/version-guile.texi $@ mostlyclean-1: - -rm -f 1.tmp* $(srcdir)/version-guile.texi.tmp* + -rm -f 1.tmp maintainer-clean-1: -rm -f $(srcdir)/stamp-1 $(srcdir)/version-guile.texi @@ -4248,13 +4054,11 @@ uninstall-am: uninstall-dvi-am uninstall-html-am uninstall-imagesDATA \ uninstall-dvi-am uninstall-html-am uninstall-imagesDATA \ uninstall-info-am uninstall-pdf-am uninstall-ps-am -.PRECIOUS: Makefile - -include $(top_srcdir)/doc/doc.mk invoke-gnutls-cli.texi: $(top_srcdir)/src/cli-args.def - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -L$(top_srcdir)/src -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -4262,7 +4066,7 @@ invoke-gnutls-cli.texi: $(top_srcdir)/src/cli-args.def mv -f $@.tmp $@ invoke-gnutls-cli-debug.texi: $(top_srcdir)/src/cli-debug-args.def invoke-gnutls-cli.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -4270,7 +4074,7 @@ invoke-gnutls-cli-debug.texi: $(top_srcdir)/src/cli-debug-args.def invoke-gnutls mv -f $@.tmp $@ invoke-gnutls-serv.texi: $(top_srcdir)/src/serv-args.def invoke-gnutls-cli-debug.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -4278,79 +4082,79 @@ invoke-gnutls-serv.texi: $(top_srcdir)/src/serv-args.def invoke-gnutls-cli-debug mv -f $@.tmp $@ invoke-certtool.texi: $(top_srcdir)/src/certtool-args.def invoke-gnutls-serv.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ rm -f $@ && \ - $(SED) -e 's/@subheading/@subsubheading/g' \ + sed -e 's/@subheading/@subsubheading/g' \ -e 's/@section/@subsection/g' $@.tmp > $@ && \ rm -f $@.tmp invoke-ocsptool.texi: $(top_srcdir)/src/ocsptool-args.def invoke-certtool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ rm -f $@ && \ - $(SED) -e 's/@subheading/@subsubheading/g' \ + sed -e 's/@subheading/@subsubheading/g' \ -e 's/@section/@subsection/g' $@.tmp > $@ && \ rm -f $@.tmp invoke-danetool.texi: $(top_srcdir)/src/danetool-args.def invoke-ocsptool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ rm -f $@ && \ - $(SED) -e 's/@subheading/@subsubheading/g' \ + sed -e 's/@subheading/@subsubheading/g' \ -e 's/@section/@subsection/g' $@.tmp > $@ && \ rm -f $@.tmp invoke-srptool.texi: $(top_srcdir)/src/srptool-args.def invoke-danetool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ rm -f $@ && \ - $(SED) -e 's/@subheading/@subsubheading/g' \ + sed -e 's/@subheading/@subsubheading/g' \ -e 's/@section/@subsubsection/g' $@.tmp > $@ && \ rm -f $@.tmp invoke-psktool.texi: $(top_srcdir)/src/psktool-args.def invoke-srptool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ rm -f $@ && \ - $(SED) -e 's/@subheading/@subsubheading/g' \ + sed -e 's/@subheading/@subsubheading/g' \ -e 's/@section/@subsubsection/g' $@.tmp > $@ && \ rm -f $@.tmp invoke-p11tool.texi: $(top_srcdir)/src/p11tool-args.def invoke-psktool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ rm -f $@ && \ - $(SED) -e 's/@subheading/@subsection/g' \ + sed -e 's/@subheading/@subsubheading/g' \ -e 's/@section/@subsection/g' $@.tmp > $@ && \ rm -f $@.tmp invoke-tpmtool.texi: $(top_srcdir)/src/tpmtool-args.def invoke-p11tool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ rm -f $@ && \ - $(SED) -e 's/@subheading/@subsection/g' \ + sed -e 's/@subheading/@subsubheading/g' \ -e 's/@section/@subsection/g' $@.tmp > $@ && \ rm -f $@.tmp @@ -4411,7 +4215,7 @@ pkcs12-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs12.h echo $(ECHO_N) "Creating documentation for $$i... " && \ $(srcdir)/scripts/gdoc -texinfo \ -function $$i \ - $(C_X509_SOURCE_FILES) >> $@-tmp 2>/dev/null && \ + $(C_SOURCE_FILES) >> $@-tmp 2>/dev/null && \ echo "ok"; \ done mv -f $@-tmp $@ @@ -4427,17 +4231,6 @@ pkcs11-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs11.h done mv -f $@-tmp $@ -pkcs7-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs7.h - echo "" > $@-tmp - for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ - echo $(ECHO_N) "Creating documentation for $$i... " && \ - $(srcdir)/scripts/gdoc -texinfo \ - -function $$i \ - $(C_X509_SOURCE_FILES) >> $@-tmp 2>/dev/null && \ - echo "ok"; \ - done - mv -f $@-tmp $@ - tpm-api.texi: $(top_srcdir)/lib/includes/gnutls/tpm.h echo "" > $@-tmp for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ @@ -4449,17 +4242,15 @@ tpm-api.texi: $(top_srcdir)/lib/includes/gnutls/tpm.h done mv -f $@-tmp $@ -abstract-api.texi: $(top_srcdir)/lib/includes/gnutls/abstract.h $(top_srcdir)/lib/includes/gnutls/urls.h $(top_srcdir)/lib/includes/gnutls/system-keys.h +abstract-api.texi: $(top_srcdir)/lib/includes/gnutls/abstract.h echo "" > $@-tmp - cat $^ >$@-headers-tmp - for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $@-headers-tmp |sort|uniq`; do \ + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ echo $(ECHO_N) "Creating documentation for $$i... " && \ $(srcdir)/scripts/gdoc -texinfo \ -function $$i \ $(C_SOURCE_FILES) >> $@-tmp 2>/dev/null && \ echo "ok"; \ done - rm -f $@-headers-tmp mv -f $@-tmp $@ compat-api.texi: $(top_srcdir)/lib/includes/gnutls/compat.h @@ -4501,7 +4292,7 @@ ocsp-api.texi: $(top_srcdir)/lib/includes/gnutls/ocsp.h echo $(ECHO_N) "Creating documentation for $$i... " && \ $(srcdir)/scripts/gdoc -texinfo \ -function $$i \ - $(C_X509_SOURCE_FILES) >> $@-tmp 2>/dev/null && \ + $(C_SOURCE_FILES) >> $@-tmp 2>/dev/null && \ echo "ok"; \ done mv -f $@-tmp $@ @@ -4536,9 +4327,9 @@ stamp_functions: $(API_FILES) for i in $^; do \ $(srcdir)/scripts/split-texi.pl functions < $$i; \ done - $(SED) -i 's/\@anchor{.*//g' functions/* - $(SED) -i 's/\@subheading.*//g' functions/* - cd functions && for i in *;do grep ^"@deftypefun" $$i | $(SED) 's/@deftypefun/@item/g;s/ {/ @var{/;s/ {/ @ref{/' > ../functions/$$i.short;done + sed -i 's/\@anchor{.*//g' functions/* + sed -i 's/\@subheading.*//g' functions/* + cd functions && for i in *;do grep ^"@deftypefun" $$i | sed 's/@deftypefun/@item/g;s/ {/ @var{/;s/ {/ @ref{/' > ../functions/$$i.short;done echo $@ > $@ stamp_enums: enums.texi @@ -4569,7 +4360,7 @@ compare-makefile: enums.texi @echo "******************************************************************************" @echo "If the following step fails copy $(srcdir)/doc/tmp-compare-makefile to doc/Makefile.am" @echo "******************************************************************************" - ENUMS=`grep '^@c ' $< | $(SED) 's/@c //g' | sort -d`; \ + ENUMS=`grep '^@c ' $< | sed 's/@c //g' | sort -d`; \ STR=""; \ for i in $$ENUMS; do \ STR="$$STR\nENUMS += enums/$$i"; \ @@ -4584,7 +4375,7 @@ compare-makefile: enums.texi MANS="$$MANS\nFUNCS += functions/$$i\nFUNCS += functions/$$i.short"; \ done; \ grep -v -e '^FUNCS += ' $(srcdir)/Makefile.am > tmp-$@; \ - echo "\"s,^FUNCS =,FUNCS =$$MANS,\" -i tmp-$@"|xargs $(SED) + echo "\"s,^FUNCS =,FUNCS =$$MANS,\" -i tmp-$@"|xargs sed @echo "******************************************************************************" @echo "If the following step fails copy $(srcdir)/doc/tmp-compare-makefile to doc/Makefile.am" @echo "******************************************************************************" @@ -4605,7 +4396,7 @@ compare-makefile: enums.texi gnutls.xml: epub.texi makeinfo --docbook $< - $(SED) -i 's/\&\#8226;//g' $@ + sed -i 's/\&\#8226;//g' $@ gnutls.epub: gnutls.xml dbtoepub $< diff --git a/doc/TODO b/doc/TODO index 22172ca..05fde85 100644 --- a/doc/TODO +++ b/doc/TODO @@ -3,15 +3,15 @@ anything), contact the developer's mailing list (gnutls-dev@lists.gnupg.org), in order to avoid having people working on the same thing. Current list: -* Add API to allow multiplexing multiple streams under DTLS. The streams - should be identified by the application using the raw packet, via a - callback. -* Check https://github.com/yymax/x509test and evaluate whether it makes - sense to include it in our self tests. -* gnutls-cli: Allow separation of the connecting IP and the hostname to - advertize or check. That is, allow specifying an IP to connect to and - a hostname to check. +* Allow setting a fixed key on the anonymous key exchange methods (to allow + it being used with the tofu API). +* Deprecate GNUTLS_E_CERTIFICATE_LIST_UNSORTED, and automatically sort + input chains in gnutls_certificate_set_x509_key_*. * Allow the manipulation of certificates, i.e., allow to remove fields. +* Add an authenticated-encryption API. +* Think about supporting the groups in RFC3526 and RFC5114. If other + implementations use them too we may be able to achieve some speedups + in DH (by knowing q). * Handle the following X.509 extensions: 2.5.29.36: Policy Constraints 2.5.29.33: Policy Mappings @@ -19,9 +19,6 @@ Current list: 2.5.29.46: Freshest CRL * Add support for RSA-PSS. This signature algorithm is seen in some passport CAs. Should be added in nettle and then in gnutls. -- Handle openconnect's TSS files in gnutls_certificate_set_x509_key_file(). -- Allow setting a fixed key on the anonymous key exchange methods (to allow - it being used with the tofu API). - Add certificate image support (see RFC3709, RFC6170) - RFC 3280 compliant certificate path validation. - Reject extensions in v1 certificates. @@ -30,8 +27,11 @@ Current list: That will allow the usage of tokens that do not allow plain RSA. - Support PKCS#8 DES-MD5 (tests/enc3pkcs8.pem) encrypted keys. (openssl seems to use DES-MD5 to encrypt keys by default) +- Add support for generating empty CRLs - Document the format for the supported DN attributes. - Audit the code +- Support replacing individual algorithms via a PKCS #11 module - + maybe use p11-kit for that. - Add function to extract the signers of an openpgp key. Should be similar to gnutls_x509_crt_get_dn_oid(). - Add function to verify an openpgp key against a plain key. diff --git a/doc/abstract-api.texi b/doc/abstract-api.texi index a7d5078..82a8415 100644 --- a/doc/abstract-api.texi +++ b/doc/abstract-api.texi @@ -2,7 +2,7 @@ @subheading gnutls_certificate_set_key @anchor{gnutls_certificate_set_key} @deftypefun {int} {gnutls_certificate_set_key} (gnutls_certificate_credentials_t @var{res}, const char ** @var{names}, int @var{names_size}, gnutls_pcert_st * @var{pcert_list}, int @var{pcert_list_size}, gnutls_privkey_t @var{key}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{names}: is an array of DNS name of the certificate (NULL if none) @@ -15,7 +15,7 @@ @var{key}: is a @code{gnutls_privkey_t} key This function sets a certificate/private key pair in the -gnutls_certificate_credentials_t type. This function may be +gnutls_certificate_credentials_t structure. This function may be called more than once, in case multiple keys/certificates exist for the server. For clients that wants to send more than its own end entity certificate (e.g., also an intermediate CA cert) then put @@ -23,10 +23,7 @@ the certificate chain in @code{pcert_list} . Note that the @code{pcert_list} and @code{key} will become part of the credentials structure and must not be deallocated. They will be automatically deallocated -when the @code{res} type is deinitialized. - -If that function fails to load the @code{res} structure is at an undefined state, it must -not be reused to load other keys or certificates. +when the @code{res} structure is deinitialized. @strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. @@ -36,29 +33,28 @@ not be reused to load other keys or certificates. @subheading gnutls_certificate_set_retrieve_function2 @anchor{gnutls_certificate_set_retrieve_function2} @deftypefun {void} {gnutls_certificate_set_retrieve_function2} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function2 * @var{func}) -@var{cred}: is a @code{gnutls_certificate_credentials_t} type. +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. @var{func}: is the callback function This function sets a callback to be called in order to retrieve the -certificate to be used in the handshake. The callback will take control -only if a certificate is requested by the peer. +certificate to be used in the handshake. The callback's function prototype is: int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_pcert_st** pcert, unsigned int *pcert_length, gnutls_privkey_t * pkey); - @code{req_ca_dn} is only used in X.509 certificates. + @code{req_ca_cert} is only used in X.509 certificates. Contains a list with the CA names that the server considers trusted. -This is a hint and typically the client should send a certificate that is signed -by one of these CAs. These names, when available, are DER encoded. To get a more +Normally we should send a certificate that is signed +by one of these CAs. These names are DER encoded. To get a more meaningful value use the function @code{gnutls_x509_rdn_get()} . @code{pk_algos} contains a list with server's acceptable signature algorithms. The certificate returned should support the server's given algorithms. - @code{pcert} should contain a single certificate and public key or a list of them. + @code{pcert} should contain a single certificate and public or a list of them. @code{pcert_length} is the size of the previous list. @@ -66,17 +62,13 @@ The certificate returned should support the server's given algorithms. If the callback function is provided then gnutls will call it, in the handshake, after the certificate request message has been received. -All the provided by the callback values will not be released or -modified by gnutls. In server side pk_algos and req_ca_dn are NULL. The callback function should set the certificate list to be sent, and return 0 on success. If no certificate was selected then the number of certificates should be set to zero. The value (-1) -indicates error and the handshake will be terminated. If both certificates -are set in the credentials and a callback is available, the callback -takes predence. +indicates error and the handshake will be terminated. @strong{Since:} 3.0 @end deftypefun @@ -91,42 +83,6 @@ This function will deinitialize a pcert structure. @strong{Since:} 3.0 @end deftypefun -@subheading gnutls_pcert_export_openpgp -@anchor{gnutls_pcert_export_openpgp} -@deftypefun {int} {gnutls_pcert_export_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t * @var{crt}) -@var{pcert}: The pcert structure. - -@var{crt}: An initialized @code{gnutls_openpgp_crt_t} . - -Converts the given @code{gnutls_pcert_t} type into a @code{gnutls_openpgp_crt_t} . -This function only works if the type of @code{pcert} is @code{GNUTLS_CRT_OPENPGP} . -When successful, the value written to @code{crt} must be freed with -@code{gnutls_openpgp_crt_deinit()} when no longer needed. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_pcert_export_x509 -@anchor{gnutls_pcert_export_x509} -@deftypefun {int} {gnutls_pcert_export_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t * @var{crt}) -@var{pcert}: The pcert structure. - -@var{crt}: An initialized @code{gnutls_x509_crt_t} . - -Converts the given @code{gnutls_pcert_t} type into a @code{gnutls_x509_crt_t} . -This function only works if the type of @code{pcert} is @code{GNUTLS_CRT_X509} . -When successful, the value written to @code{crt} must be freed with -@code{gnutls_x509_crt_deinit()} when no longer needed. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_pcert_import_openpgp @anchor{gnutls_pcert_import_openpgp} @deftypefun {int} {gnutls_pcert_import_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags}) @@ -174,7 +130,7 @@ negative error value. @deftypefun {int} {gnutls_pcert_import_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}) @var{pcert}: The pcert structure -@var{crt}: The certificate to be imported +@var{crt}: The raw certificate to be imported @var{flags}: zero for now @@ -188,32 +144,6 @@ negative error value. @strong{Since:} 3.0 @end deftypefun -@subheading gnutls_pcert_import_x509_list -@anchor{gnutls_pcert_import_x509_list} -@deftypefun {int} {gnutls_pcert_import_x509_list} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t * @var{crt}, unsigned * @var{ncrt}, unsigned int @var{flags}) -@var{pcert}: The pcert structure - -@var{crt}: The certificates to be imported - -@var{ncrt}: The number of certificates - -@var{flags}: zero or @code{GNUTLS_X509_CRT_LIST_SORT} - -This convenience function will import the given certificate to a -@code{gnutls_pcert_st} structure. The structure must be deinitialized -afterwards using @code{gnutls_pcert_deinit()} ; - -In the case @code{GNUTLS_X509_CRT_LIST_SORT} is specified and that -function cannot sort the list, @code{GNUTLS_E_CERTIFICATE_LIST_UNSORTED} -will be returned. Currently sorting can fail if the list size -exceeds an internal constraint (16). - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_pcert_import_x509_raw @anchor{gnutls_pcert_import_x509_raw} @deftypefun {int} {gnutls_pcert_import_x509_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t * @var{cert}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) @@ -283,7 +213,7 @@ negative error value. @subheading gnutls_privkey_deinit @anchor{gnutls_privkey_deinit} @deftypefun {void} {gnutls_privkey_deinit} (gnutls_privkey_t @var{key}) -@var{key}: The key to be deinitialized +@var{key}: The structure to be deinitialized This function will deinitialize a private key structure. @@ -336,42 +266,6 @@ in the given structure. The new parameters will be allocated using @strong{Since:} 3.3.0 @end deftypefun -@subheading gnutls_privkey_export_openpgp -@anchor{gnutls_privkey_export_openpgp} -@deftypefun {int} {gnutls_privkey_export_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t * @var{key}) -@var{pkey}: The private key - -@var{key}: Location for the key to be exported. - -Converts the given abstract private key to a @code{gnutls_openpgp_privkey_t} -type. The key must be of type @code{GNUTLS_PRIVKEY_OPENPGP} . The key -returned in @code{key} must be deinitialized with -@code{gnutls_openpgp_privkey_deinit()} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_privkey_export_pkcs11 -@anchor{gnutls_privkey_export_pkcs11} -@deftypefun {int} {gnutls_privkey_export_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t * @var{key}) -@var{pkey}: The private key - -@var{key}: Location for the key to be exported. - -Converts the given abstract private key to a @code{gnutls_pkcs11_privkey_t} -type. The key must be of type @code{GNUTLS_PRIVKEY_PKCS11} . The key -returned in @code{key} must be deinitialized with -@code{gnutls_pkcs11_privkey_deinit()} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_privkey_export_rsa_raw @anchor{gnutls_privkey_export_rsa_raw} @deftypefun {int} {gnutls_privkey_export_rsa_raw} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}) @@ -402,23 +296,6 @@ in the given structure. The new parameters will be allocated using @strong{Since:} 3.3.0 @end deftypefun -@subheading gnutls_privkey_export_x509 -@anchor{gnutls_privkey_export_x509} -@deftypefun {int} {gnutls_privkey_export_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t * @var{key}) -@var{pkey}: The private key - -@var{key}: Location for the key to be exported. - -Converts the given abstract private key to a @code{gnutls_x509_privkey_t} -type. The key must be of type @code{GNUTLS_PRIVKEY_X509} . The key returned -in @code{key} must be deinitialized with @code{gnutls_x509_privkey_deinit()} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_privkey_generate @anchor{gnutls_privkey_generate} @deftypefun {int} {gnutls_privkey_generate} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}) @@ -448,7 +325,7 @@ negative error value. @subheading gnutls_privkey_get_pk_algorithm @anchor{gnutls_privkey_get_pk_algorithm} @deftypefun {int} {gnutls_privkey_get_pk_algorithm} (gnutls_privkey_t @var{key}, unsigned int * @var{bits}) -@var{key}: should contain a @code{gnutls_privkey_t} type +@var{key}: should contain a @code{gnutls_privkey_t} structure @var{bits}: If set will return the number of bits of the parameters (may be NULL) @@ -465,7 +342,7 @@ success, or a negative error code on error. @subheading gnutls_privkey_get_type @anchor{gnutls_privkey_get_type} @deftypefun {gnutls_privkey_type_t} {gnutls_privkey_get_type} (gnutls_privkey_t @var{key}) -@var{key}: should contain a @code{gnutls_privkey_t} type +@var{key}: should contain a @code{gnutls_privkey_t} structure This function will return the type of the private key. This is actually the type of the subsystem used to set this private key. @@ -502,7 +379,7 @@ negative error value. @subheading gnutls_privkey_import_ecc_raw @anchor{gnutls_privkey_import_ecc_raw} @deftypefun {int} {gnutls_privkey_import_ecc_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) -@var{key}: The key +@var{key}: The structure to store the parsed key @var{curve}: holds the curve @@ -538,10 +415,10 @@ negative error value. @var{flags}: Flags for the import This function will associate the given callbacks with the -@code{gnutls_privkey_t} type. At least one of the two callbacks +@code{gnutls_privkey_t} structure. At least one of the two callbacks must be non-null. -See also @code{gnutls_privkey_import_ext3()} . +See also @code{gnutls_privkey_import_ext2()} . @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -551,23 +428,23 @@ negative error value. @subheading gnutls_privkey_import_ext2 @anchor{gnutls_privkey_import_ext2} -@deftypefun {int} {gnutls_privkey_import_ext2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, unsigned int @var{flags}) +@deftypefun {int} {gnutls_privkey_import_ext2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_func}, gnutls_privkey_decrypt_func @var{decrypt_func}, gnutls_privkey_deinit_func @var{deinit_func}, unsigned int @var{flags}) @var{pkey}: The private key @var{pk}: The public key algorithm @var{userdata}: private data to be provided to the callbacks -@var{sign_fn}: callback for signature operations +@var{sign_func}: callback for signature operations -@var{decrypt_fn}: callback for decryption operations +@var{decrypt_func}: callback for decryption operations -@var{deinit_fn}: a deinitialization function +@var{deinit_func}: a deinitialization function @var{flags}: Flags for the import This function will associate the given callbacks with the -@code{gnutls_privkey_t} type. At least one of the two callbacks +@code{gnutls_privkey_t} structure. At least one of the two callbacks must be non-null. If a deinitialization function is provided then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} . @@ -576,51 +453,12 @@ without any hashing or preprocessing. In case of RSA the DigestInfo will be provided, and the signing function is expected to do the PKCS @code{1} 1.5 padding and the exponentiation. -See also @code{gnutls_privkey_import_ext3()} . - @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @strong{Since:} 3.1 @end deftypefun -@subheading gnutls_privkey_import_ext3 -@anchor{gnutls_privkey_import_ext3} -@deftypefun {int} {gnutls_privkey_import_ext3} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags}) -@var{pkey}: The private key - -@var{userdata}: private data to be provided to the callbacks - -@var{sign_fn}: callback for signature operations - -@var{decrypt_fn}: callback for decryption operations - -@var{deinit_fn}: a deinitialization function - -@var{info_fn}: returns info about the public key algorithm (should not be @code{NULL} ) - -@var{flags}: Flags for the import - -This function will associate the given callbacks with the -@code{gnutls_privkey_t} type. At least one of the two callbacks -must be non-null. If a deinitialization function is provided -then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} . - -Note that the signing function is supposed to "raw" sign data, i.e., -without any hashing or preprocessing. In case of RSA the DigestInfo -will be provided, and the signing function is expected to do the PKCS @code{1} -1.5 padding and the exponentiation. - -The @code{info_fn} must provide information on the algorithms supported by -this private key, and should support the flags @code{GNUTLS_PRIVKEY_INFO_PK_ALGO} and -@code{GNUTLS_PRIVKEY_INFO_SIGN_ALGO} . It must return -1 on unknown flags. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_privkey_import_openpgp @anchor{gnutls_privkey_import_openpgp} @deftypefun {int} {gnutls_privkey_import_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t @var{key}, unsigned int @var{flags}) @@ -631,7 +469,7 @@ negative error value. @var{flags}: Flags for the import This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. The @code{gnutls_openpgp_privkey_t} object must not be deallocated during the lifetime of this structure. The subkey set as @@ -660,7 +498,7 @@ negative error value. @var{password}: A password (optional) This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -678,7 +516,7 @@ negative error value. @var{flags}: Flags for the import This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. The @code{gnutls_pkcs11_privkey_t} object must not be deallocated during the lifetime of this structure. @@ -700,7 +538,7 @@ negative error value. @var{url}: A PKCS 11 url This function will import a PKCS 11 private key to a @code{gnutls_private_key_t} -type. +structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -753,7 +591,7 @@ negative error value. @var{flags}: should be zero This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. With respect to passwords the same as in @code{gnutls_privkey_import_tpm_url()} apply. @@ -777,7 +615,7 @@ negative error value. @var{flags}: One of the GNUTLS_PRIVKEY_* flags This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. Note that unless @code{GNUTLS_PRIVKEY_DISABLE_CALLBACKS} is specified, if incorrect (or NULL) passwords are given @@ -822,7 +660,7 @@ negative error value. @var{flags}: Flags for the import This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. The @code{gnutls_x509_privkey_t} object must not be deallocated during the lifetime of this structure. @@ -850,7 +688,7 @@ negative error value. @var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. The supported formats are basic unencrypted key, PKCS8, PKCS12, and the openssl format. @@ -864,9 +702,9 @@ negative error value. @subheading gnutls_privkey_init @anchor{gnutls_privkey_init} @deftypefun {int} {gnutls_privkey_init} (gnutls_privkey_t * @var{key}) -@var{key}: A pointer to the type to be initialized +@var{key}: The structure to be initialized -This function will initialize a private key. +This function will initialize an private key structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -904,7 +742,7 @@ to have effect. @var{data}: holds the data to be signed -@var{signature}: will contain the signature allocated with @code{gnutls_malloc()} +@var{signature}: will contain the signature allocate with @code{gnutls_malloc()} This function will sign the given data using a signature algorithm supported by the private key. Signature algorithms are always used @@ -969,7 +807,7 @@ holding the private key is still available (inserted), and zero otherwise. @subheading gnutls_privkey_verify_params @anchor{gnutls_privkey_verify_params} @deftypefun {int} {gnutls_privkey_verify_params} (gnutls_privkey_t @var{key}) -@var{key}: should contain a @code{gnutls_privkey_t} type +@var{key}: should contain a @code{gnutls_privkey_t} structure This function will verify the private key parameters. @@ -982,7 +820,7 @@ negative error value. @subheading gnutls_pubkey_deinit @anchor{gnutls_pubkey_deinit} @deftypefun {void} {gnutls_pubkey_deinit} (gnutls_pubkey_t @var{key}) -@var{key}: The key to be deinitialized +@var{key}: The structure to be deinitialized This function will deinitialize a public key structure. @@ -1001,7 +839,7 @@ This function will deinitialize a public key structure. @var{ciphertext}: contains the encrypted data This function will encrypt the given data, using the public -key. On success the @code{ciphertext} will be allocated using @code{gnutls_malloc()} . +key. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -1067,20 +905,18 @@ returned, and 0 on success. @deftypefun {int} {gnutls_pubkey_export_dsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}) @var{key}: Holds the public key -@var{p}: will hold the p (may be @code{NULL} ) +@var{p}: will hold the p -@var{q}: will hold the q (may be @code{NULL} ) +@var{q}: will hold the q -@var{g}: will hold the g (may be @code{NULL} ) +@var{g}: will hold the g -@var{y}: will hold the y (may be @code{NULL} ) +@var{y}: will hold the y This function will export the DSA public key's parameters found in the given certificate. The new parameters will be allocated using @code{gnutls_malloc()} and will be stored in the appropriate datum. -This function allows for @code{NULL} parameters since 3.4.1. - @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. @strong{Since:} 3.3.0 @@ -1091,18 +927,16 @@ This function allows for @code{NULL} parameters since 3.4.1. @deftypefun {int} {gnutls_pubkey_export_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) @var{key}: Holds the public key -@var{curve}: will hold the curve (may be @code{NULL} ) +@var{curve}: will hold the curve -@var{x}: will hold x (may be @code{NULL} ) +@var{x}: will hold x -@var{y}: will hold y (may be @code{NULL} ) +@var{y}: will hold y This function will export the ECC public key's parameters found in -the given key. The new parameters will be allocated using +the given certificate. The new parameters will be allocated using @code{gnutls_malloc()} and will be stored in the appropriate datum. -This function allows for @code{NULL} parameters since 3.4.1. - @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. @strong{Since:} 3.0 @@ -1131,16 +965,14 @@ the given certificate. The new parameters will be allocated using @deftypefun {int} {gnutls_pubkey_export_rsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) @var{key}: Holds the certificate -@var{m}: will hold the modulus (may be @code{NULL} ) +@var{m}: will hold the modulus -@var{e}: will hold the public exponent (may be @code{NULL} ) +@var{e}: will hold the public exponent This function will export the RSA public key's parameters found in the given structure. The new parameters will be allocated using @code{gnutls_malloc()} and will be stored in the appropriate datum. -This function allows for @code{NULL} parameters since 3.4.1. - @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. @strong{Since:} 3.3.0 @@ -1151,7 +983,7 @@ This function allows for @code{NULL} parameters since 3.4.1. @deftypefun {int} {gnutls_pubkey_get_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) @var{key}: Holds the public key -@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} +@var{flags}: should be 0 for now @var{output_data}: will contain the key ID @@ -1176,7 +1008,7 @@ returned, and 0 on success. @subheading gnutls_pubkey_get_key_usage @anchor{gnutls_pubkey_get_key_usage} @deftypefun {int} {gnutls_pubkey_get_key_usage} (gnutls_pubkey_t @var{key}, unsigned int * @var{usage}) -@var{key}: should contain a @code{gnutls_pubkey_t} type +@var{key}: should contain a @code{gnutls_pubkey_t} structure @var{usage}: If set will return the number of bits of the parameters (may be NULL) @@ -1222,7 +1054,7 @@ returned, and 0 on success. @subheading gnutls_pubkey_get_pk_algorithm @anchor{gnutls_pubkey_get_pk_algorithm} @deftypefun {int} {gnutls_pubkey_get_pk_algorithm} (gnutls_pubkey_t @var{key}, unsigned int * @var{bits}) -@var{key}: should contain a @code{gnutls_pubkey_t} type +@var{key}: should contain a @code{gnutls_pubkey_t} structure @var{bits}: If set will return the number of bits of the parameters (may be NULL) @@ -1245,7 +1077,7 @@ success, or a negative error code on error. @var{mand}: If non zero it means that the algorithm MUST use this hash. May be NULL. -This function will read the certificate and return the appropriate digest +This function will read the certifcate and return the appropriate digest algorithm to use for signing with this certificate. Some certificates (i.e. DSA might not be able to sign without the preferred algorithm). @@ -1258,10 +1090,28 @@ returned on error. @strong{Since:} 2.12.0 @end deftypefun +@subheading gnutls_pubkey_get_verify_algorithm +@anchor{gnutls_pubkey_get_verify_algorithm} +@deftypefun {int} {gnutls_pubkey_get_verify_algorithm} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{signature}, gnutls_digest_algorithm_t * @var{hash}) +@var{key}: Holds the certificate + +@var{signature}: contains the signature + +@var{hash}: The result of the call with the hash algorithm used for signature + +This function will read the certifcate and the signed data to +determine the hash algorithm used to generate the signature. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + @subheading gnutls_pubkey_import @anchor{gnutls_pubkey_import} @deftypefun {int} {gnutls_pubkey_import} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) -@var{key}: The public key. +@var{key}: The structure to store the parsed public key. @var{data}: The DER or PEM encoded certificate. @@ -1269,7 +1119,7 @@ returned on error. This function will import the provided public key in a SubjectPublicKeyInfo X.509 structure to a native -@code{gnutls_pubkey_t} type. The output will be stored +@code{gnutls_pubkey_t} structure. The output will be stored in @code{key} . If the public key is PEM encoded it should have a header of "PUBLIC KEY". @@ -1351,7 +1201,7 @@ negative error value. Imports a public key from an openpgp key. This function will import the given public key to the abstract @code{gnutls_pubkey_t} -type. The subkey set as preferred will be imported or the +structure. The subkey set as preferred will be imported or the master key otherwise. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a @@ -1374,7 +1224,7 @@ negative error value. @var{flags}: Should be zero This function will import the given public key to the abstract -@code{gnutls_pubkey_t} type. +@code{gnutls_pubkey_t} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -1392,7 +1242,25 @@ negative error value. @var{flags}: should be zero Imports a public key from a pkcs11 key. This function will import -the given public key to the abstract @code{gnutls_pubkey_t} type. +the given public key to the abstract @code{gnutls_pubkey_t} structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_import_pkcs11_url +@anchor{gnutls_pubkey_import_pkcs11_url} +@deftypefun {int} {gnutls_pubkey_import_pkcs11_url} (gnutls_pubkey_t @var{key}, const char * @var{url}, unsigned int @var{flags}) +@var{key}: A key of type @code{gnutls_pubkey_t} + +@var{url}: A PKCS 11 url + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags + +This function will import a PKCS 11 certificate to a @code{gnutls_pubkey_t} +structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -1412,7 +1280,7 @@ negative error value. @var{flags}: should be zero Imports the public key from a private. This function will import -the given public key to the abstract @code{gnutls_pubkey_t} type. +the given public key to the abstract @code{gnutls_pubkey_t} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -1423,7 +1291,7 @@ negative error value. @subheading gnutls_pubkey_import_rsa_raw @anchor{gnutls_pubkey_import_rsa_raw} @deftypefun {int} {gnutls_pubkey_import_rsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}) -@var{key}: The key +@var{key}: Is a structure will hold the parameters @var{m}: holds the modulus @@ -1475,7 +1343,7 @@ negative error value. @var{flags}: should be zero This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. Note that unless @code{GNUTLS_PUBKEY_DISABLE_CALLBACKS} is specified, if incorrect (or NULL) passwords are given @@ -1498,7 +1366,8 @@ negative error value. @var{flags}: One of GNUTLS_PKCS11_OBJ_* flags -This function will import a public key from the provided URL. +This function will import a PKCS11 certificate or a TPM key +as a public key. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -1516,7 +1385,7 @@ negative error value. @var{flags}: should be zero This function will import the given public key to the abstract -@code{gnutls_pubkey_t} type. +@code{gnutls_pubkey_t} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -1534,7 +1403,7 @@ negative error value. @var{flags}: should be zero This function will import the given public key to the abstract -@code{gnutls_pubkey_t} type. +@code{gnutls_pubkey_t} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -1554,7 +1423,7 @@ negative error value. @var{flags}: should be zero This function will import the given public key to the abstract -@code{gnutls_pubkey_t} type. +@code{gnutls_pubkey_t} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -1565,9 +1434,9 @@ negative error value. @subheading gnutls_pubkey_init @anchor{gnutls_pubkey_init} @deftypefun {int} {gnutls_pubkey_init} (gnutls_pubkey_t * @var{key}) -@var{key}: A pointer to the type to be initialized +@var{key}: The structure to be initialized -This function will initialize a public key. +This function will initialize an public key structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -1578,11 +1447,11 @@ negative error value. @subheading gnutls_pubkey_print @anchor{gnutls_pubkey_print} @deftypefun {int} {gnutls_pubkey_print} (gnutls_pubkey_t @var{pubkey}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) -@var{pubkey}: The data to be printed +@var{pubkey}: The structure to be printed @var{format}: Indicate the format to use -@var{out}: Newly allocated datum with null terminated string. +@var{out}: Newly allocated datum with (0) terminated string. This function will pretty print public key information, suitable for display to a human. @@ -1634,6 +1503,29 @@ to have effect. @strong{Since:} 3.1.0 @end deftypefun +@subheading gnutls_pubkey_verify_data +@anchor{gnutls_pubkey_verify_data} +@deftypefun {int} {gnutls_pubkey_verify_data} (gnutls_pubkey_t @var{pubkey}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) +@var{pubkey}: Holds the public key + +@var{flags}: Zero or one of @code{gnutls_pubkey_flags_t} + +@var{data}: holds the signed data + +@var{signature}: contains the signature + +This function will verify the given signed data, using the +parameters from the certificate. + +Deprecated. This function cannot be easily used securely. +Use @code{gnutls_pubkey_verify_data2()} instead. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. + +@strong{Since:} 2.12.0 +@end deftypefun + @subheading gnutls_pubkey_verify_data2 @anchor{gnutls_pubkey_verify_data2} @deftypefun {int} {gnutls_pubkey_verify_data2} (gnutls_pubkey_t @var{pubkey}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) @@ -1641,7 +1533,7 @@ to have effect. @var{algo}: The signature algorithm used -@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} +@var{flags}: Zero or one of @code{gnutls_pubkey_flags_t} @var{data}: holds the signed data @@ -1651,13 +1543,34 @@ This function will verify the given signed data, using the parameters from the certificate. @strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} -is returned, and zero or positive code on success. For known to be insecure -signatures this function will return @code{GNUTLS_E_INSUFFICIENT_SECURITY} unless -the flag @code{GNUTLS_VERIFY_ALLOW_BROKEN} is specified. +is returned, and zero or positive code on success. @strong{Since:} 3.0 @end deftypefun +@subheading gnutls_pubkey_verify_hash +@anchor{gnutls_pubkey_verify_hash} +@deftypefun {int} {gnutls_pubkey_verify_hash} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature}) +@var{key}: Holds the public key + +@var{flags}: Zero or one of @code{gnutls_pubkey_flags_t} + +@var{hash}: holds the hash digest to be verified + +@var{signature}: contains the signature + +This function will verify the given signed digest, using the +parameters from the public key. + +Deprecated. This function cannot be easily used securely. +Use @code{gnutls_pubkey_verify_hash2()} instead. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. + +@strong{Since:} 2.12.0 +@end deftypefun + @subheading gnutls_pubkey_verify_hash2 @anchor{gnutls_pubkey_verify_hash2} @deftypefun {int} {gnutls_pubkey_verify_hash2} (gnutls_pubkey_t @var{key}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature}) @@ -1665,7 +1578,7 @@ the flag @code{GNUTLS_VERIFY_ALLOW_BROKEN} is specified. @var{algo}: The signature algorithm used -@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} +@var{flags}: Zero or one of @code{gnutls_pubkey_flags_t} @var{hash}: holds the hash digest to be verified @@ -1685,7 +1598,7 @@ is returned, and zero or positive code on success. @subheading gnutls_pubkey_verify_params @anchor{gnutls_pubkey_verify_params} @deftypefun {int} {gnutls_pubkey_verify_params} (gnutls_pubkey_t @var{key}) -@var{key}: should contain a @code{gnutls_pubkey_t} type +@var{key}: should contain a @code{gnutls_pubkey_t} structure This function will verify the private key parameters. @@ -1695,111 +1608,10 @@ negative error value. @strong{Since:} 3.3.0 @end deftypefun -@subheading gnutls_register_custom_url -@anchor{gnutls_register_custom_url} -@deftypefun {int} {gnutls_register_custom_url} (const gnutls_custom_url_st * @var{st}) -@var{st}: A @code{gnutls_custom_url_st} structure - -Register a custom URL. This will affect the following functions: -@code{gnutls_url_is_supported()} , @code{gnutls_privkey_import_url()} , -gnutls_pubkey_import_url, @code{gnutls_x509_crt_import_url()} -and all functions that depend on -them, e.g., @code{gnutls_certificate_set_x509_key_file2()} . - -The provided structure and callback functions must be valid throughout -the lifetime of the process. The registration of an existing URL type -will fail with @code{GNUTLS_E_INVALID_REQUEST} . - -This function is not thread safe. - -@strong{Returns:} returns zero if the given structure was imported or a negative value otherwise. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_system_key_add_x509 -@anchor{gnutls_system_key_add_x509} -@deftypefun {int} {gnutls_system_key_add_x509} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{privkey}, const char * @var{label}, char ** @var{cert_url}, char ** @var{key_url}) -@var{crt}: the certificate to be added - -@var{privkey}: the key to be added - -@var{label}: the friendly name to describe the key - -@var{cert_url}: if non-NULL it will contain an allocated value with the certificate URL - -@var{key_url}: if non-NULL it will contain an allocated value with the key URL - -This function will added the given key and certificate pair, -to the system list. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_system_key_delete -@anchor{gnutls_system_key_delete} -@deftypefun {int} {gnutls_system_key_delete} (const char * @var{cert_url}, const char * @var{key_url}) -@var{cert_url}: the URL of the certificate - -@var{key_url}: the URL of the key - -This function will delete the key and certificate pair. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_system_key_iter_deinit -@anchor{gnutls_system_key_iter_deinit} -@deftypefun {void} {gnutls_system_key_iter_deinit} (gnutls_system_key_iter_t @var{iter}) -@var{iter}: an iterator of system keys - -This function will deinitialize the iterator. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_system_key_iter_get_info -@anchor{gnutls_system_key_iter_get_info} -@deftypefun {int} {gnutls_system_key_iter_get_info} (gnutls_system_key_iter_t * @var{iter}, unsigned @var{cert_type}, char ** @var{cert_url}, char ** @var{key_url}, char ** @var{label}, gnutls_datum_t * @var{der}, unsigned int @var{flags}) -@var{iter}: an iterator of the system keys (must be set to @code{NULL} initially) - -@var{cert_type}: A value of gnutls_certificate_type_t which indicates the type of certificate to look for - -@var{cert_url}: The certificate URL of the pair (may be @code{NULL} ) - -@var{key_url}: The key URL of the pair (may be @code{NULL} ) - -@var{label}: The friendly name (if any) of the pair (may be @code{NULL} ) - -@var{der}: if non-NULL the DER data of the certificate - -@var{flags}: should be zero - -This function will return on each call a certificate -and key pair URLs, as well as a label associated with them, -and the DER-encoded certificate. When the iteration is complete it will -return @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . - -Typically @code{cert_type} should be @code{GNUTLS_CRT_X509} . - -All values set are allocated and must be cleared using @code{gnutls_free()} , - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_x509_crl_privkey_sign @anchor{gnutls_x509_crl_privkey_sign} @deftypefun {int} {gnutls_x509_crl_privkey_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{issuer}: is the certificate of the certificate issuer @@ -1824,7 +1636,7 @@ Since 2.12.0 @subheading gnutls_x509_crq_privkey_sign @anchor{gnutls_x509_crq_privkey_sign} @deftypefun {int} {gnutls_x509_crq_privkey_sign} (gnutls_x509_crq_t @var{crq}, gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{key}: holds a private key @@ -1851,12 +1663,12 @@ information in the certificate request (e.g., the version using @subheading gnutls_x509_crq_set_pubkey @anchor{gnutls_x509_crq_set_pubkey} @deftypefun {int} {gnutls_x509_crq_set_pubkey} (gnutls_x509_crq_t @var{crq}, gnutls_pubkey_t @var{key}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{key}: holds a public key This function will set the public parameters from the given public -key to the request. The @code{key} can be deallocated after that. +key to the request. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -1890,12 +1702,12 @@ negative error value. @subheading gnutls_x509_crt_set_pubkey @anchor{gnutls_x509_crt_set_pubkey} @deftypefun {int} {gnutls_x509_crt_set_pubkey} (gnutls_x509_crt_t @var{crt}, gnutls_pubkey_t @var{key}) -@var{crt}: should contain a @code{gnutls_x509_crt_t} type +@var{crt}: should contain a @code{gnutls_x509_crt_t} structure @var{key}: holds a public key This function will set the public parameters from the given public -key to the certificate. The @code{key} can be deallocated after that. +key to the request. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/alerts.texi b/doc/alerts.texi index 571d7a7..11bf29f 100644 --- a/doc/alerts.texi +++ b/doc/alerts.texi @@ -67,9 +67,6 @@ @item GNUTLS_@-A_@-INTERNAL_@-ERROR @tab 80 @tab Internal error -@item GNUTLS_@-A_@-INAPPROPRIATE_@-FALLBACK -@tab 86 -@tab Inappropriate fallback @item GNUTLS_@-A_@-USER_@-CANCELED @tab 90 @tab User canceled diff --git a/doc/algorithms.texi b/doc/algorithms.texi index d1b7c48..4ba9794 100644 --- a/doc/algorithms.texi +++ b/doc/algorithms.texi @@ -9,7 +9,7 @@ @tab SSL3.0 @item TLS_@-RSA_@-NULL_@-SHA256 @tab 0x00 0x3B -@tab TLS1.2 +@tab SSL3.0 @item TLS_@-RSA_@-ARCFOUR_@-128_@-SHA1 @tab 0x00 0x05 @tab SSL3.0 @@ -27,10 +27,10 @@ @tab SSL3.0 @item TLS_@-RSA_@-CAMELLIA_@-128_@-CBC_@-SHA256 @tab 0x00 0xBA -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-RSA_@-CAMELLIA_@-256_@-CBC_@-SHA256 @tab 0x00 0xC0 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-RSA_@-CAMELLIA_@-128_@-CBC_@-SHA1 @tab 0x00 0x41 @tab SSL3.0 @@ -39,10 +39,10 @@ @tab SSL3.0 @item TLS_@-RSA_@-AES_@-128_@-CBC_@-SHA256 @tab 0x00 0x3C -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-RSA_@-AES_@-256_@-CBC_@-SHA256 @tab 0x00 0x3D -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-RSA_@-AES_@-128_@-GCM_@-SHA256 @tab 0x00 0x9C @tab TLS1.2 @@ -55,18 +55,12 @@ @item TLS_@-RSA_@-CAMELLIA_@-256_@-GCM_@-SHA384 @tab 0xC0 0x7B @tab TLS1.2 -@item TLS_@-RSA_@-AES_@-128_@-CCM -@tab 0xC0 0x9C -@tab TLS1.2 -@item TLS_@-RSA_@-AES_@-256_@-CCM -@tab 0xC0 0x9D -@tab TLS1.2 -@item TLS_@-RSA_@-AES_@-128_@-CCM_@-8 -@tab 0xC0 0xA0 -@tab TLS1.2 -@item TLS_@-RSA_@-AES_@-256_@-CCM_@-8 -@tab 0xC0 0xA1 -@tab TLS1.2 +@item TLS_@-RSA_@-SALSA20_@-256_@-SHA1 +@tab 0xE4 0x11 +@tab SSL3.0 +@item TLS_@-RSA_@-ESTREAM_@-SALSA20_@-256_@-SHA1 +@tab 0xE4 0x10 +@tab SSL3.0 @item TLS_@-DHE_@-DSS_@-ARCFOUR_@-128_@-SHA1 @tab 0x00 0x66 @tab SSL3.0 @@ -81,10 +75,10 @@ @tab SSL3.0 @item TLS_@-DHE_@-DSS_@-CAMELLIA_@-128_@-CBC_@-SHA256 @tab 0x00 0xBD -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DHE_@-DSS_@-CAMELLIA_@-256_@-CBC_@-SHA256 @tab 0x00 0xC3 -@tab TLS1.2 +@tab SSL3.0 @item TLS_@-DHE_@-DSS_@-CAMELLIA_@-128_@-CBC_@-SHA1 @tab 0x00 0x44 @tab SSL3.0 @@ -93,10 +87,10 @@ @tab SSL3.0 @item TLS_@-DHE_@-DSS_@-AES_@-128_@-CBC_@-SHA256 @tab 0x00 0x40 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DHE_@-DSS_@-AES_@-256_@-CBC_@-SHA256 @tab 0x00 0x6A -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DHE_@-DSS_@-AES_@-128_@-GCM_@-SHA256 @tab 0x00 0xA2 @tab TLS1.2 @@ -120,10 +114,10 @@ @tab SSL3.0 @item TLS_@-DHE_@-RSA_@-CAMELLIA_@-128_@-CBC_@-SHA256 @tab 0x00 0xBE -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DHE_@-RSA_@-CAMELLIA_@-256_@-CBC_@-SHA256 @tab 0x00 0xC4 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DHE_@-RSA_@-CAMELLIA_@-128_@-CBC_@-SHA1 @tab 0x00 0x45 @tab SSL3.0 @@ -132,10 +126,10 @@ @tab SSL3.0 @item TLS_@-DHE_@-RSA_@-AES_@-128_@-CBC_@-SHA256 @tab 0x00 0x67 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DHE_@-RSA_@-AES_@-256_@-CBC_@-SHA256 @tab 0x00 0x6B -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DHE_@-RSA_@-AES_@-128_@-GCM_@-SHA256 @tab 0x00 0x9E @tab TLS1.2 @@ -148,21 +142,6 @@ @item TLS_@-DHE_@-RSA_@-CAMELLIA_@-256_@-GCM_@-SHA384 @tab 0xC0 0x7D @tab TLS1.2 -@item TLS_@-DHE_@-RSA_@-CHACHA20_@-POLY1305 -@tab 0xCC 0xAA -@tab TLS1.2 -@item TLS_@-DHE_@-RSA_@-AES_@-128_@-CCM -@tab 0xC0 0x9E -@tab TLS1.2 -@item TLS_@-DHE_@-RSA_@-AES_@-256_@-CCM -@tab 0xC0 0x9F -@tab TLS1.2 -@item TLS_@-DHE_@-RSA_@-AES_@-128_@-CCM_@-8 -@tab 0xC0 0xA2 -@tab TLS1.2 -@item TLS_@-DHE_@-RSA_@-AES_@-256_@-CCM_@-8 -@tab 0xC0 0xA3 -@tab TLS1.2 @item TLS_@-ECDHE_@-RSA_@-NULL_@-SHA1 @tab 0xC0 0x10 @tab SSL3.0 @@ -177,16 +156,16 @@ @tab SSL3.0 @item TLS_@-ECDHE_@-RSA_@-AES_@-256_@-CBC_@-SHA384 @tab 0xC0 0x28 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-ECDHE_@-RSA_@-ARCFOUR_@-128_@-SHA1 @tab 0xC0 0x11 @tab SSL3.0 @item TLS_@-ECDHE_@-RSA_@-CAMELLIA_@-128_@-CBC_@-SHA256 @tab 0xC0 0x76 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-ECDHE_@-RSA_@-CAMELLIA_@-256_@-CBC_@-SHA384 @tab 0xC0 0x77 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-ECDHE_@-ECDSA_@-NULL_@-SHA1 @tab 0xC0 0x06 @tab SSL3.0 @@ -204,16 +183,16 @@ @tab SSL3.0 @item TLS_@-ECDHE_@-ECDSA_@-CAMELLIA_@-128_@-CBC_@-SHA256 @tab 0xC0 0x72 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-ECDHE_@-ECDSA_@-CAMELLIA_@-256_@-CBC_@-SHA384 @tab 0xC0 0x73 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-ECDHE_@-ECDSA_@-AES_@-128_@-CBC_@-SHA256 @tab 0xC0 0x23 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-ECDHE_@-RSA_@-AES_@-128_@-CBC_@-SHA256 @tab 0xC0 0x27 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-ECDHE_@-ECDSA_@-CAMELLIA_@-128_@-GCM_@-SHA256 @tab 0xC0 0x86 @tab TLS1.2 @@ -234,31 +213,25 @@ @tab TLS1.2 @item TLS_@-ECDHE_@-ECDSA_@-AES_@-256_@-CBC_@-SHA384 @tab 0xC0 0x24 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-ECDHE_@-RSA_@-CAMELLIA_@-128_@-GCM_@-SHA256 @tab 0xC0 0x8A @tab TLS1.2 @item TLS_@-ECDHE_@-RSA_@-CAMELLIA_@-256_@-GCM_@-SHA384 @tab 0xC0 0x8B @tab TLS1.2 -@item TLS_@-ECDHE_@-RSA_@-CHACHA20_@-POLY1305 -@tab 0xCC 0xA8 -@tab TLS1.2 -@item TLS_@-ECDHE_@-ECDSA_@-CHACHA20_@-POLY1305 -@tab 0xCC 0xA9 -@tab TLS1.2 -@item TLS_@-ECDHE_@-ECDSA_@-AES_@-128_@-CCM -@tab 0xC0 0xAC -@tab TLS1.2 -@item TLS_@-ECDHE_@-ECDSA_@-AES_@-256_@-CCM -@tab 0xC0 0xAD -@tab TLS1.2 -@item TLS_@-ECDHE_@-ECDSA_@-AES_@-128_@-CCM_@-8 -@tab 0xC0 0xAE -@tab TLS1.2 -@item TLS_@-ECDHE_@-ECDSA_@-AES_@-256_@-CCM_@-8 -@tab 0xC0 0xAF -@tab TLS1.2 +@item TLS_@-ECDHE_@-RSA_@-SALSA20_@-256_@-SHA1 +@tab 0xE4 0x13 +@tab SSL3.0 +@item TLS_@-ECDHE_@-ECDSA_@-SALSA20_@-256_@-SHA1 +@tab 0xE4 0x15 +@tab SSL3.0 +@item TLS_@-ECDHE_@-RSA_@-ESTREAM_@-SALSA20_@-256_@-SHA1 +@tab 0xE4 0x12 +@tab SSL3.0 +@item TLS_@-ECDHE_@-ECDSA_@-ESTREAM_@-SALSA20_@-256_@-SHA1 +@tab 0xE4 0x14 +@tab SSL3.0 @item TLS_@-ECDHE_@-PSK_@-3DES_@-EDE_@-CBC_@-SHA1 @tab 0xC0 0x34 @tab SSL3.0 @@ -270,10 +243,10 @@ @tab SSL3.0 @item TLS_@-ECDHE_@-PSK_@-AES_@-128_@-CBC_@-SHA256 @tab 0xC0 0x37 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-ECDHE_@-PSK_@-AES_@-256_@-CBC_@-SHA384 @tab 0xC0 0x38 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-ECDHE_@-PSK_@-ARCFOUR_@-128_@-SHA1 @tab 0xC0 0x33 @tab SSL3.0 @@ -282,16 +255,22 @@ @tab SSL3.0 @item TLS_@-ECDHE_@-PSK_@-NULL_@-SHA256 @tab 0xC0 0x3A -@tab TLS1.2 +@tab SSL3.0 @item TLS_@-ECDHE_@-PSK_@-NULL_@-SHA384 @tab 0xC0 0x3B -@tab TLS1.0 +@tab SSL3.0 @item TLS_@-ECDHE_@-PSK_@-CAMELLIA_@-128_@-CBC_@-SHA256 @tab 0xC0 0x9A -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-ECDHE_@-PSK_@-CAMELLIA_@-256_@-CBC_@-SHA384 @tab 0xC0 0x9B -@tab TLS1.2 +@tab TLS1.0 +@item TLS_@-ECDHE_@-PSK_@-SALSA20_@-256_@-SHA1 +@tab 0xE4 0x19 +@tab SSL3.0 +@item TLS_@-ECDHE_@-PSK_@-ESTREAM_@-SALSA20_@-256_@-SHA1 +@tab 0xE4 0x18 +@tab SSL3.0 @item TLS_@-PSK_@-ARCFOUR_@-128_@-SHA1 @tab 0x00 0x8A @tab SSL3.0 @@ -306,7 +285,7 @@ @tab SSL3.0 @item TLS_@-PSK_@-AES_@-128_@-CBC_@-SHA256 @tab 0x00 0xAE -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-PSK_@-AES_@-256_@-GCM_@-SHA384 @tab 0x00 0xA9 @tab TLS1.2 @@ -324,31 +303,37 @@ @tab SSL3.0 @item TLS_@-PSK_@-NULL_@-SHA256 @tab 0x00 0xB0 -@tab TLS1.2 +@tab SSL3.0 @item TLS_@-PSK_@-CAMELLIA_@-128_@-CBC_@-SHA256 @tab 0xC0 0x94 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-PSK_@-CAMELLIA_@-256_@-CBC_@-SHA384 @tab 0xC0 0x95 -@tab TLS1.2 +@tab TLS1.0 +@item TLS_@-PSK_@-SALSA20_@-256_@-SHA1 +@tab 0xE4 0x17 +@tab SSL3.0 +@item TLS_@-PSK_@-ESTREAM_@-SALSA20_@-256_@-SHA1 +@tab 0xE4 0x16 +@tab SSL3.0 @item TLS_@-PSK_@-AES_@-256_@-CBC_@-SHA384 @tab 0x00 0xAF -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-PSK_@-NULL_@-SHA384 @tab 0x00 0xB1 -@tab TLS1.2 +@tab SSL3.0 @item TLS_@-RSA_@-PSK_@-ARCFOUR_@-128_@-SHA1 @tab 0x00 0x92 -@tab TLS1.0 +@tab SSL3.0 @item TLS_@-RSA_@-PSK_@-3DES_@-EDE_@-CBC_@-SHA1 @tab 0x00 0x93 -@tab TLS1.0 +@tab SSL3.0 @item TLS_@-RSA_@-PSK_@-AES_@-128_@-CBC_@-SHA1 @tab 0x00 0x94 -@tab TLS1.0 +@tab SSL3.0 @item TLS_@-RSA_@-PSK_@-AES_@-256_@-CBC_@-SHA1 @tab 0x00 0x95 -@tab TLS1.0 +@tab SSL3.0 @item TLS_@-RSA_@-PSK_@-CAMELLIA_@-128_@-GCM_@-SHA256 @tab 0xC0 0x92 @tab TLS1.2 @@ -360,28 +345,28 @@ @tab TLS1.2 @item TLS_@-RSA_@-PSK_@-AES_@-128_@-CBC_@-SHA256 @tab 0x00 0xB6 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-RSA_@-PSK_@-NULL_@-SHA1 @tab 0x00 0x2E -@tab TLS1.0 +@tab SSL3.0 @item TLS_@-RSA_@-PSK_@-NULL_@-SHA256 @tab 0x00 0xB8 -@tab TLS1.2 +@tab SSL3.0 @item TLS_@-RSA_@-PSK_@-AES_@-256_@-GCM_@-SHA384 @tab 0x00 0xAD @tab TLS1.2 @item TLS_@-RSA_@-PSK_@-AES_@-256_@-CBC_@-SHA384 @tab 0x00 0xB7 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-RSA_@-PSK_@-NULL_@-SHA384 @tab 0x00 0xB9 -@tab TLS1.2 +@tab SSL3.0 @item TLS_@-RSA_@-PSK_@-CAMELLIA_@-128_@-CBC_@-SHA256 @tab 0xC0 0x98 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-RSA_@-PSK_@-CAMELLIA_@-256_@-CBC_@-SHA384 @tab 0xC0 0x99 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DHE_@-PSK_@-ARCFOUR_@-128_@-SHA1 @tab 0x00 0x8E @tab SSL3.0 @@ -396,7 +381,7 @@ @tab SSL3.0 @item TLS_@-DHE_@-PSK_@-AES_@-128_@-CBC_@-SHA256 @tab 0x00 0xB2 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DHE_@-PSK_@-AES_@-128_@-GCM_@-SHA256 @tab 0x00 0xAA @tab TLS1.2 @@ -405,64 +390,28 @@ @tab SSL3.0 @item TLS_@-DHE_@-PSK_@-NULL_@-SHA256 @tab 0x00 0xB4 -@tab TLS1.2 +@tab SSL3.0 @item TLS_@-DHE_@-PSK_@-NULL_@-SHA384 @tab 0x00 0xB5 -@tab TLS1.2 +@tab SSL3.0 @item TLS_@-DHE_@-PSK_@-AES_@-256_@-CBC_@-SHA384 @tab 0x00 0xB3 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DHE_@-PSK_@-AES_@-256_@-GCM_@-SHA384 @tab 0x00 0xAB @tab TLS1.2 @item TLS_@-DHE_@-PSK_@-CAMELLIA_@-128_@-CBC_@-SHA256 @tab 0xC0 0x96 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DHE_@-PSK_@-CAMELLIA_@-256_@-CBC_@-SHA384 @tab 0xC0 0x97 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DHE_@-PSK_@-CAMELLIA_@-128_@-GCM_@-SHA256 @tab 0xC0 0x90 @tab TLS1.2 @item TLS_@-DHE_@-PSK_@-CAMELLIA_@-256_@-GCM_@-SHA384 @tab 0xC0 0x91 @tab TLS1.2 -@item TLS_@-PSK_@-AES_@-128_@-CCM -@tab 0xC0 0xA4 -@tab TLS1.2 -@item TLS_@-PSK_@-AES_@-256_@-CCM -@tab 0xC0 0xA5 -@tab TLS1.2 -@item TLS_@-DHE_@-PSK_@-AES_@-128_@-CCM -@tab 0xC0 0xA6 -@tab TLS1.2 -@item TLS_@-DHE_@-PSK_@-AES_@-256_@-CCM -@tab 0xC0 0xA7 -@tab TLS1.2 -@item TLS_@-PSK_@-AES_@-128_@-CCM_@-8 -@tab 0xC0 0xA8 -@tab TLS1.2 -@item TLS_@-PSK_@-AES_@-256_@-CCM_@-8 -@tab 0xC0 0xA9 -@tab TLS1.2 -@item TLS_@-DHE_@-PSK_@-AES_@-128_@-CCM_@-8 -@tab 0xC0 0xAA -@tab TLS1.2 -@item TLS_@-DHE_@-PSK_@-AES_@-256_@-CCM_@-8 -@tab 0xC0 0xAB -@tab TLS1.2 -@item TLS_@-DHE_@-PSK_@-CHACHA20_@-POLY1305 -@tab 0xCC 0xAD -@tab TLS1.2 -@item TLS_@-ECDHE_@-PSK_@-CHACHA20_@-POLY1305 -@tab 0xCC 0xAC -@tab TLS1.2 -@item TLS_@-RSA_@-PSK_@-CHACHA20_@-POLY1305 -@tab 0xCC 0xAE -@tab TLS1.2 -@item TLS_@-PSK_@-CHACHA20_@-POLY1305 -@tab 0xCC 0xAB -@tab TLS1.2 @item TLS_@-DH_@-ANON_@-ARCFOUR_@-128_@-MD5 @tab 0x00 0x18 @tab SSL3.0 @@ -477,10 +426,10 @@ @tab SSL3.0 @item TLS_@-DH_@-ANON_@-CAMELLIA_@-128_@-CBC_@-SHA256 @tab 0x00 0xBF -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DH_@-ANON_@-CAMELLIA_@-256_@-CBC_@-SHA256 @tab 0x00 0xC5 -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DH_@-ANON_@-CAMELLIA_@-128_@-CBC_@-SHA1 @tab 0x00 0x46 @tab SSL3.0 @@ -489,10 +438,10 @@ @tab SSL3.0 @item TLS_@-DH_@-ANON_@-AES_@-128_@-CBC_@-SHA256 @tab 0x00 0x6C -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DH_@-ANON_@-AES_@-256_@-CBC_@-SHA256 @tab 0x00 0x6D -@tab TLS1.2 +@tab TLS1.0 @item TLS_@-DH_@-ANON_@-AES_@-128_@-GCM_@-SHA256 @tab 0x00 0xA6 @tab TLS1.2 @@ -574,21 +523,17 @@ @item AES-128-CBC @item AES-128-GCM @item AES-256-GCM -@item AES-128-CCM -@item AES-256-CCM -@item AES-128-CCM-8 -@item AES-256-CCM-8 @item ARCFOUR-128 @item ESTREAM-SALSA20-256 @item SALSA20-256 @item CAMELLIA-256-CBC @item CAMELLIA-192-CBC @item CAMELLIA-128-CBC -@item CHACHA20-POLY1305 @item CAMELLIA-128-GCM @item CAMELLIA-256-GCM @item 3DES-CBC @item DES-CBC +@item ARCFOUR-40 @item RC2-40 @item NULL @end table @@ -622,7 +567,6 @@ @item RSA-PSK @item DHE-PSK @item ECDHE-PSK -@item RSA-EXPORT @end table @heading Public key algorithms diff --git a/doc/certtool.cfg b/doc/certtool.cfg index 52b6c8b..47d4d38 100644 --- a/doc/certtool.cfg +++ b/doc/certtool.cfg @@ -48,10 +48,9 @@ cn = "Cindy Lauper" # jurisdictionOfIncorporationStateOrProvinceName, # jurisdictionOfIncorporationCountryName, XmppAddr, and numeric OIDs. -#dn = "cn = Nikos,st = New\, Something,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias" +#dn = "cn=Nik,st=Attiki,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias" # The serial number of the certificate -# Comment the field for a time-based serial number. serial = 007 # In how many days, counting from today, this certificate will expire. @@ -151,41 +150,24 @@ encryption_key # ca_issuers_uri = http://my.ca.issuer # Certificate policies -#policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0 -#policy1_txt = "This is a long policy to summarize" -#policy1_url = http://www.example.com/a-policy-to-read +# policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0 +# policy1_txt = "This is a long policy to summarize" +# policy1_url = http://www.example.com/a-policy-to-read -#policy2 = 1.3.6.1.4.1.5484.1.10.99.1.1 -#policy2_txt = "This is a short policy" -#policy2_url = http://www.example.com/another-policy-to-read - -# Name constraints - -# DNS -#nc_permit_dns = example.com -#nc_exclude_dns = test.example.com - -# EMAIL -#nc_permit_email = "nmav@@ex.net" - -# Exclude subdomains of example.com -#nc_exclude_email = .example.com - -# Exclude all e-mail addresses of example.com -#nc_exclude_email = example.com +# policy2 = 1.3.6.1.4.1.5484.1.10.99.1.1 +# policy2_txt = "This is a short policy" +# policy2_url = http://www.example.com/another-policy-to-read # Options for proxy certificates -#proxy_policy_language = 1.3.6.1.5.5.7.21.1 +# proxy_policy_language = 1.3.6.1.5.5.7.21.1 # Options for generating a CRL -# The number of days the next CRL update will be due. -# next CRL update will be in 43 days +# next CRL update will be in 43 days (wow) #crl_next_update = 43 # this is the 5th CRL by this CA -# Comment the field for a time-based number. #crl_number = 5 diff --git a/doc/cha-auth.texi b/doc/cha-auth.texi index da1a114..4079985 100644 --- a/doc/cha-auth.texi +++ b/doc/cha-auth.texi @@ -33,7 +33,7 @@ methods in @acronym{GnuTLS} in various scenarios. @subsection Two peers with an out-of-band channel -Let's consider two peers who need to communicate over an untrusted channel +Let's consider two peers need to communicate over an untrusted channel (the Internet), but have an out-of-band channel available. The latter channel is considered safe from eavesdropping and message modification and thus can be used for an initial bootstrapping of the protocol. The options @@ -44,7 +44,7 @@ client communicate a shared randomly generated key over the trusted channel and use it to negotiate further sessions over the untrusted channel. @item Passwords (see @ref{SRP authentication}). The client communicates -to the server its username and password of choice and uses it to +to the server his username and password of choice and uses it to negotiate further sessions over the untrusted channel. @item Public keys (see @ref{Certificate authentication}). The client @@ -101,7 +101,7 @@ the client provided over the initial server-authenticated channel. The available options are: @itemize @item Passwords (see @ref{SRP authentication}). The client communicates -to the server its username and password of choice on the initial +to the server his username and password of choice on the initial server-authenticated connection and uses it to negotiate further sessions. This is possible because the SRP protocol allows for the server to be authenticated using a certificate and the client using the diff --git a/doc/cha-bib.texi b/doc/cha-bib.texi index e4a6f1b..c5f7107 100644 --- a/doc/cha-bib.texi +++ b/doc/cha-bib.texi @@ -26,11 +26,6 @@ NIST Special Publication 800-57, "Recommendation for Key Management - Part 1: General (Revised)", March 2007, available from @url{http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf}. -@item @anchor{RFC6125}[RFC6125] -Peter Saint-Andre and Jeff Hodges, "Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)", -March 2011, Available from -@url{http://www.ietf.org/rfc/rfc6125.txt}. - @item @anchor{RFC2246}[RFC2246] Tim Dierks and Christopher Allen, "The TLS Protocol Version 1.0", January 1999, Available from @@ -90,10 +85,6 @@ Eric Rescorla, "HTTP Over TLS", May 2000, Available from Tom Wu, "The SRP Authentication and Key Exchange System", September 2000, Available from @url{http://www.ietf.org/rfc/rfc2945.txt}. -@item @anchor{RFC7301}[RFC7301] -S. Friedl, A. Popov, A. Langley, E. Stephan, "Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension", -July 2014, Available from @url{http://www.ietf.org/rfc/rfc7301.txt}. - @item @anchor{RFC2986}[RFC2986] Magnus Nystrom and Burt Kaliski, "PKCS 10 v1.7: Certification Request Syntax Specification", November 2000, Available from @@ -205,8 +196,8 @@ J. Altman, N. Williams, L. Zhu, "Channel Bindings for TLS", July 2010, available from @url{http://www.ietf.org/rfc/rfc5929}. @item @anchor{PKCS11URI}[PKCS11URI] -J. Pechanec, D. Moffat, "The PKCS#11 URI Scheme", April 2015, -available from @url{http://www.ietf.org/rfc/rfc7512}. +J. Pechanec, D. Moffat, "The PKCS#11 URI Scheme", January 2013, +Work in progress, available from @url{http://tools.ietf.org/html/draft-pechanec-pkcs11uri-08}. @item @anchor{TPMURI}[TPMURI] C. Latze, N. Mavrogiannopoulos, "The TPMKEY URI Scheme", January 2013, diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi index 60faccb..00bc542 100644 --- a/doc/cha-cert-auth.texi +++ b/doc/cha-cert-auth.texi @@ -80,13 +80,11 @@ acceptable. The framework is illustrated on @ref{fig-x509}. @menu * X.509 certificate structure:: * Importing an X.509 certificate:: -* X.509 certificate names:: * X.509 distinguished names:: * X.509 extensions:: * X.509 public and private keys:: * Verifying X.509 certificate paths:: * Verifying a certificate in the context of TLS session:: -* Verification using PKCS11:: @end menu @node X.509 certificate structure @@ -167,25 +165,6 @@ In all cases after use a certificate must be deinitialized using @funcref{gnutls Note that although the functions above apply to @code{gnutls_x509_crt_t} structure, similar functions exist for the CRL structure @code{gnutls_x509_crl_t}. -@node X.509 certificate names -@subsubsection X.509 certificate names -@cindex X.509 certificate name - -X.509 certificates allow for multiple names and types of names to be specified. -CA certificates often rely on X.509 distinguished names (see @ref{X.509 distinguished names}) -for unique identification, while end-user and server certificates rely on the -'subject alternative names'. The subject alternative names provide a typed name, e.g., -a DNS name, or an email address, which identifies the owner of the certificate. -The following functions provide access to that names. - -@showfuncB{gnutls_x509_crt_get_subject_alt_name2,gnutls_x509_crt_set_subject_alt_name} -@showfuncC{gnutls_subject_alt_names_init,gnutls_subject_alt_names_get,gnutls_subject_alt_names_set} - -Note however, that server certificates often used the Common Name (CN), part of the -certificate DistinguishedName to place a single DNS address. That practice is discouraged -(see @xcite{RFC6125}), because only a single address can be specified, and the CN field is -free-form making matching ambiguous. - @node X.509 distinguished names @subsubsection X.509 distinguished names @cindex X.509 distinguished name @@ -228,11 +207,13 @@ requires to retrieve the extension, and the second is the parsing part. To enumerate and retrieve the DER-encoded extension data available in a certificate the following two functions are available. -@showfuncC{gnutls_x509_crt_get_extension_info,gnutls_x509_crt_get_extension_data2,gnutls_x509_crt_get_extension_by_oid2} +@showfuncB{gnutls_x509_crt_get_extension_info,gnutls_x509_crt_get_extension_data2} After a supported DER-encoded extension is retrieved it can be parsed using the APIs in @code{x509-ext.h}. Complex extensions may require initializing an intermediate structure that holds the -parsed extension data. Examples of simple parsing functions are shown below. +parsed extension data. + +Examples of simple parsing functions are shown below. @showfuncD{gnutls_x509_ext_import_basic_constraints,gnutls_x509_ext_export_basic_constraints,gnutls_x509_ext_import_key_usage,gnutls_x509_ext_export_key_usage} More complex extensions, such as Name Constraints, require an intermediate structure, in that @@ -340,7 +321,6 @@ provided. @showfuncdesc{gnutls_x509_trust_list_add_named_crt} @showfuncdesc{gnutls_x509_trust_list_add_crls} @showfuncdesc{gnutls_x509_trust_list_verify_crt} -@showfuncdesc{gnutls_x509_trust_list_verify_crt2} @showfuncdesc{gnutls_x509_trust_list_verify_named_crt} @showfuncdesc{gnutls_x509_trust_list_add_trust_file} @@ -367,99 +347,26 @@ This purpose is served by the functions @funcref{gnutls_x509_trust_list_add_name When operating in the context of a TLS session, the trusted certificate authority list may also be set using: -@showfuncD{gnutls_certificate_set_x509_trust_file,gnutls_certificate_set_x509_trust_dir,gnutls_certificate_set_x509_crl_file,gnutls_certificate_set_x509_system_trust} - -These functions allow the specification of the trusted certificate authorities, either -via a file, a directory or use the system-specified certificate authorities. -Unless the authorities are application specific, it is generally recommended -to use the system trust storage (see @funcref{gnutls_certificate_set_x509_system_trust}). - -Unlike the previous section it is not required to setup a trusted list, and there -are two approaches to verify the peer's certificate and identity. -The recommended in GnuTLS 3.5.0 and later is via the @funcref{gnutls_session_set_verify_cert}, -but for older GnuTLS versions you may use an explicit callback set via -@funcref{gnutls_certificate_set_verify_function} and then utilize -@funcref{gnutls_certificate_verify_peers3} for verification. -The reported verification status is identical to the verification functions described -in the previous section. +@showfuncC{gnutls_certificate_set_x509_trust_file,gnutls_certificate_set_x509_crl_file,gnutls_certificate_set_x509_system_trust} +In that case it is not required to setup a trusted list as above, and +the function @funcref{gnutls_certificate_verify_peers3} +may be used to verify the peer's certificate chain and identity. The flags +are set similarly to the verification functions in the previous section. Note that in certain cases it is required to check the marked purpose of -the end certificate (e.g. @code{GNUTLS_KP_TLS_WWW_SERVER}); in these cases -the more advanced @funcref{gnutls_session_set_verify_cert2} and +the end certificate (e.g. @code{GNUTLS_KP_TLS_WWW_SERVER}); in these case @funcref{gnutls_certificate_verify_peers} should be used instead. There is also the possibility to pass some input to the verification -functions in the form of flags. For @funcref{gnutls_x509_trust_list_verify_crt2} the -flags are passed directly, but for -@funcref{gnutls_certificate_verify_peers3}, the flags are set using -@funcref{gnutls_certificate_set_verify_flags}. All the available +functions in the form of flags. For @funcref{gnutls_x509_trust_list_verify_crt} the +flags are passed straightforward, but +@funcref{gnutls_certificate_verify_peers3} depends on the flags set by +calling @funcref{gnutls_certificate_set_verify_flags}. All the available flags are part of the enumeration @code{gnutls_@-certificate_@-verify_@-flags} shown in @ref{gnutls_certificate_verify_flags}. @showenumdesc{gnutls_certificate_verify_flags,The @code{gnutls_@-certificate_@-verify_@-flags} enumeration.} -@node Verification using PKCS11 -@subsubsection Verifying a certificate using PKCS #11 -@cindex verifying certificate with pkcs11 - -Some systems provide a system wide trusted certificate storage accessible using -the PKCS #11 API. That is, the trusted certificates are queried and accessed using the -PKCS #11 API, and trusted certificate properties, such as purpose, are marked using -attached extensions. One example is the p11-kit trust module@footnote{see @url{http://p11-glue.freedesktop.org/trust-module.html}.}. - -These special PKCS #11 modules can be used for GnuTLS certificate verification if marked as trust -policy modules, i.e., with @code{trust-policy: yes} in the p11-kit module file. -The way to use them is by specifying to the file verification function (e.g., @funcref{gnutls_certificate_set_x509_trust_file}), -a pkcs11 URL, or simply @code{pkcs11:} to use all the marked with trust policy modules. - -The trust modules of p11-kit assign a purpose to trusted authorities using the extended -key usage object identifiers. The common purposes are shown in @ref{tab:purposes}. Note -that typically according to @xcite{RFC5280} the extended key usage object identifiers apply to end certificates. Their -application to CA certificates is an extension used by the trust modules. - -@float Table,tab:purposes -@multitable @columnfractions .2 .2 .6 - -@headitem Purpose @tab OID @tab Description - -@item GNUTLS_KP_TLS_WWW_SERVER @tab -1.3.6.1.5.5.7.3.1 @tab -The certificate is to be used for TLS WWW authentication. When in a CA certificate, it -indicates that the CA is allowed to sign certificates for TLS WWW authentication. - -@item GNUTLS_KP_TLS_WWW_CLIENT @tab -1.3.6.1.5.5.7.3.2 @tab -The certificate is to be used for TLS WWW client authentication. When in a CA certificate, it -indicates that the CA is allowed to sign certificates for TLS WWW client authentication. - -@item GNUTLS_KP_CODE_SIGNING @tab -1.3.6.1.5.5.7.3.3 @tab -The certificate is to be used for code signing. When in a CA certificate, it -indicates that the CA is allowed to sign certificates for code signing. - -@item GNUTLS_KP_EMAIL_PROTECTION @tab -1.3.6.1.5.5.7.3.4 @tab -The certificate is to be used for email protection. When in a CA certificate, it -indicates that the CA is allowed to sign certificates for email users. - -@item GNUTLS_KP_OCSP_SIGNING @tab -1.3.6.1.5.5.7.3.9 @tab -The certificate is to be used for signing OCSP responses. When in a CA certificate, it -indicates that the CA is allowed to sign certificates which sign OCSP reponses. - -@item GNUTLS_KP_ANY @tab -2.5.29.37.0 @tab -The certificate is to be used for any purpose. When in a CA certificate, it -indicates that the CA is allowed to sign any kind of certificates. - -@end multitable -@caption{Key purpose object identifiers.} -@end float - -With such modules, it is recommended to use the verification functions @funcref{gnutls_x509_trust_list_verify_crt2}, -or @funcref{gnutls_certificate_verify_peers}, which allow to explicitly specify the key purpose. The -other verification functions which do not allow setting a purpose, would operate as if -@code{GNUTLS_KP_TLS_WWW_SERVER} was requested from the trusted authorities. @node OpenPGP certificates @subsection @acronym{OpenPGP} certificates @@ -679,7 +586,7 @@ used to preprocess the input to the signature algorithm. This works as long as it is difficult enough to generate two different messages with the same hash algorithm output. In that case the same signature could be used as a proof for both messages. Nobody wants to sign an innocent -message of donating 1 euro to Greenpeace and find out that they +message of donating 1 euro to Greenpeace and find out that he donated 1.000.000 euros to Bad Inc. For a hash algorithm to be called cryptographic the following three diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi index e3708ba..a6482a8 100644 --- a/doc/cha-cert-auth2.texi +++ b/doc/cha-cert-auth2.texi @@ -146,14 +146,14 @@ revocation checking, however, several problems with CRLs have been identified @xcite{RIVESTCRL}. The Online Certificate Status Protocol, or @acronym{OCSP} @xcite{RFC2560}, -is a widely implemented protocol which performs certificate revocation status +is a widely implemented protocol to perform certificate revocation status checking. An application that wish to verify the identity of a peer will verify the certificate against a set of trusted certificates and then check whether the certificate is listed in a CRL and/or perform an OCSP check for the certificate. Note that in the context of a TLS session the server may provide an -OCSP response that will be used during the TLS certificate verification +OCSP response that will used during the TLS certificate verification (see @funcref{gnutls_certificate_verify_peers2}). You may obtain this response using @funcref{gnutls_ocsp_status_request_get}. @@ -169,8 +169,8 @@ extracts this information from a certificate. There are several functions in GnuTLS for creating and manipulating OCSP requests and responses. The general idea is that a client -application creates an OCSP request object, stores some information -about the certificate to check in the request, and then exports the +application create an OCSP request object, store some information +about the certificate to check in the request, and then export the request in DER format. The request will then need to be sent to the OCSP responder, which needs to be done by the application (GnuTLS does not send and receive OCSP packets). Normally an OCSP response is diff --git a/doc/cha-crypto.texi b/doc/cha-crypto.texi index 04ec357..8c92deb 100644 --- a/doc/cha-crypto.texi +++ b/doc/cha-crypto.texi @@ -5,15 +5,13 @@ it does not provide access to basic cryptographic primitives. However it abstracts the internal cryptographic back-end (see @ref{Cryptographic Backend}), providing symmetric crypto, hash and HMAC algorithms, as well access -to the random number generation. For a low-level crypto API the usage of nettle -@footnote{See @uref{http://www.lysator.liu.se/~nisse/nettle/}.} library is recommended. +to the random number generation. @menu * Symmetric algorithms:: * Public key algorithms:: -* Hash and MAC functions:: +* Hash and HMAC functions:: * Random number generation:: -* Overriding algorithms:: @end menu @node Symmetric algorithms @@ -23,19 +21,14 @@ to the random number generation. For a low-level crypto API the usage of nettle The available functions to access symmetric crypto algorithms operations are shown below. The supported algorithms are the algorithms required by the TLS protocol. -They are listed in @ref{gnutls_cipher_algorithm_t}. - -@showenumdesc{gnutls_cipher_algorithm_t,The supported ciphers.} +They are listed in @ref{tab:ciphers}. @showfuncE{gnutls_cipher_init,gnutls_cipher_encrypt2,gnutls_cipher_decrypt2,gnutls_cipher_set_iv,gnutls_cipher_deinit} -@showfuncB{gnutls_cipher_add_auth,gnutls_cipher_tag} -While the latter two functions allow the same API can be used with authenticated encryption ciphers, -it is recommended to use the following functions which are solely for AEAD ciphers. The latter -API is designed to be simple to use and also hard to misuse, by handling the tag verification -and addition in transparent way. +In order to support authenticated encryption with associated data (AEAD) algorithms the following +functions are provided to set the associated data and retrieve the authentication tag. -@showfuncD{gnutls_aead_cipher_init,gnutls_aead_cipher_encrypt,gnutls_aead_cipher_decrypt,gnutls_aead_cipher_deinit} +@showfuncB{gnutls_cipher_add_auth,gnutls_cipher_tag} @node Public key algorithms @section Public key algorithms @@ -46,57 +39,22 @@ accessed using the abstract key API in @ref{Abstract key types}. This is a high level API with the advantage of transparently handling keys in memory and keys present in smart cards. -@subsection PKCS #7 signing -@cindex PKCS #7 -@cindex file signing - -The PKCS #7 format is common format used for digital signatures. It allows to sign -by embedding the data into the signature, or creating detached signatures of the data, -including a timestamp, additional certificates etc. In certain cases this format is also -used to transport lists of certificates and CRLs. - -The basic functions to initialize, deinitialize, import, export or print information -about a PKCS #7 structure are shown below. -@showfuncE{gnutls_pkcs7_init,gnutls_pkcs7_deinit,gnutls_pkcs7_export2,gnutls_pkcs7_import,gnutls_pkcs7_print} - -The following functions allow the verification of a structure using either a trust list, or -individual certificates. The @funcref{gnutls_pkcs7_sign} function is the data signing function. - -@showfuncB{gnutls_pkcs7_verify_direct,gnutls_pkcs7_verify} -@showfuncdesc{gnutls_pkcs7_sign} - -@showenumdesc{gnutls_pkcs7_sign_flags,Flags applicable to gnutls_pkcs7_sign()} - -Other helper functions which allow to access the signatures, or certificates attached -in the structure are listed below. - -@showfuncF{gnutls_pkcs7_get_signature_count,gnutls_pkcs7_get_signature_info,gnutls_pkcs7_get_crt_count,gnutls_pkcs7_get_crt_raw2,gnutls_pkcs7_get_crl_count,gnutls_pkcs7_get_crl_raw2} - -To append certificates, or CRLs in the structure the following functions are provided. -@showfuncD{gnutls_pkcs7_set_crt_raw,gnutls_pkcs7_set_crt,gnutls_pkcs7_set_crl_raw,gnutls_pkcs7_set_crl} - -@node Hash and MAC functions -@section Hash and MAC functions +@node Hash and HMAC functions +@section Hash and HMAC functions @cindex hash functions @cindex HMAC functions -@cindex MAC functions The available operations to access hash functions and hash-MAC (HMAC) algorithms -are shown below. HMAC algorithms provided keyed hash functionality. The supported MAC and HMAC -algorithms are listed in @ref{gnutls_mac_algorithm_t}. - -@showenumdesc{gnutls_mac_algorithm_t,The supported MAC and HMAC algorithms.} +are shown below. HMAC algorithms provided keyed hash functionality. They supported HMAC algorithms are listed in @ref{tab:macs}. @showfuncF{gnutls_hmac_init,gnutls_hmac,gnutls_hmac_output,gnutls_hmac_deinit,gnutls_hmac_get_len,gnutls_hmac_fast} The available functions to access hash functions are shown below. The supported hash functions -are shown in @ref{gnutls_digest_algorithm_t}. +are the same as the HMAC algorithms. @showfuncF{gnutls_hash_init,gnutls_hash,gnutls_hash_output,gnutls_hash_deinit,gnutls_hash_get_len,gnutls_hash_fast} @showfuncA{gnutls_fingerprint} -@showenumdesc{gnutls_digest_algorithm_t,The supported hash algorithms.} - @node Random number generation @section Random number generation @cindex random numbers @@ -106,19 +64,3 @@ function. It allows obtaining random data of various levels. @showenumdesc{gnutls_rnd_level_t,The random number levels.} @showfuncdesc{gnutls_rnd} - -@node Overriding algorithms -@section Overriding algorithms -@cindex overriding algorithms - -In systems which provide a hardware accelerated cipher implementation -that is not directly supported by GnuTLS, it is possible to utilize it. -There are functions which allow overriding the default cipher, digest and MAC -implementations. Those are described below. - -To override public key operations see @ref{Abstract private keys}. - -@showfuncdesc{gnutls_crypto_register_cipher} -@showfuncdesc{gnutls_crypto_register_aead_cipher} -@showfuncdesc{gnutls_crypto_register_mac} -@showfuncdesc{gnutls_crypto_register_digest} diff --git a/doc/cha-errors.texi b/doc/cha-errors.texi index 1154c01..0948d05 100644 --- a/doc/cha-errors.texi +++ b/doc/cha-errors.texi @@ -3,7 +3,7 @@ @cindex error codes The error codes used throughout the library are described below. The -return code @code{GNUTLS_E_SUCCESS} indicates a successful operation, and +return code @code{GNUTLS_E_SUCCESS} indicate successful operation, and is guaranteed to have the value 0, so you can use it in logical expressions. diff --git a/doc/cha-functions.texi b/doc/cha-functions.texi index 87c2f87..da86cc4 100644 --- a/doc/cha-functions.texi +++ b/doc/cha-functions.texi @@ -6,7 +6,6 @@ * Core TLS API:: * Datagram TLS API:: * X509 certificate API:: -* PKCS 7 API:: * OCSP API:: * OpenPGP API:: * PKCS 12 API:: @@ -43,14 +42,6 @@ Their prototypes lie in @file{gnutls/x509.h}. @include x509-api.texi -@node PKCS 7 API -@section @acronym{PKCS} 7 API - -The following functions are to be used for PKCS 7 structures handling. -Their prototypes lie in @file{gnutls/pkcs7.h}. - -@include pkcs7-api.texi - @node OCSP API @section @acronym{OCSP} API @cindex OCSP Functions diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 276be64..61d748a 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -30,8 +30,6 @@ and the manpages is recommended. * Common types:: * Debugging and auditing:: * Thread safety:: -* Running in a sandbox:: -* Sessions and fork:: * Callback functions:: @end menu @@ -59,12 +57,12 @@ finished using @acronym{GnuTLS}. The credentials structures are used by the authentication methods, such as certificate authentication. They store certificates, privates keys, and other information that is needed to prove the identity to the peer, -and/or verify the identity of the peer. The information stored in +and/or verify the indentity of the peer. The information stored in the credentials structures is initialized once and then can be shared by many @acronym{TLS} sessions. -A @acronym{GnuTLS} session contains all the required state and -information to handle one secure connection. The session communicates with the +A @acronym{GnuTLS} session contains all the required information +to handle one secure connection. The session communicates with the peers using the provided functions of the transport layer. Every session has a unique session ID shared with the peer. @@ -149,38 +147,7 @@ verbose information on the @acronym{GnuTLS} functions internal flow. Alternatively the environment variable @code{GNUTLS_DEBUG_LEVEL} can be set to a logging level and GnuTLS will output debugging output to standard -error. Other available environment variables are shown in @ref{tab:environment}. - -@float Table,tab:environment -@multitable @columnfractions .30 .70 - -@headitem Variable @tab Purpose - -@item @code{GNUTLS_DEBUG_LEVEL} -@tab When set to a numeric value, it sets the default debugging level for GnuTLS applications. - -@item @code{GNUTLS_CPUID_OVERRIDE} -@tab That environment variable can be used to -explicitly enable/disable the use of certain CPU capabilities. Note that CPU -detection cannot be overridden, i.e., VIA options cannot be enabled on an Intel -CPU. The currently available options are: -@itemize -@item 0x1: Disable all run-time detected optimizations -@item 0x2: Enable AES-NI -@item 0x4: Enable SSSE3 -@item 0x8: Enable PCLMUL -@item 0x100000: Enable VIA padlock -@item 0x200000: Enable VIA PHE -@item 0x400000: Enable VIA PHE SHA512 -@end itemize - -@item @code{GNUTLS_FORCE_FIPS_MODE} -@tab In setups where GnuTLS is compiled with support for FIPS140-2 (see --enable-fips140-mode in configure), that option if set to one enforces the FIPS140 mode. - -@end multitable -@caption{Environment variables used by the library.} -@end float - +error. When debugging is not required, important issues, such as detected attacks on the protocol still need to be logged. This is provided @@ -204,13 +171,6 @@ If, however, an object needs to be shared across threads then access must be protected with a mutex. Read-only access to objects, for example the credentials holding structures, is also thread-safe. -A @code{gnutls_session_t} object can be shared by two threads, one sending, -the other receiving. In that case rehandshakes, if required, -must only be handled by a single thread being active. The termination of a session -should be handled, either by a single thread being active, or by the sender thread -using @funcref{gnutls_bye} with @code{GNUTLS_SHUT_WR} and the receiving thread -waiting for a return value of zero. - The random generator of the cryptographic back-end, utilizes mutex locks (e.g., pthreads on GNU/Linux and CriticalSection on Windows) which are setup by @acronym{GnuTLS} on library initialization. Prior to version 3.3.0 they were setup by calling @funcref{gnutls_global_init}. On special systems @@ -234,56 +194,6 @@ int main() @showfuncdesc{gnutls_global_set_mutex} -@node Running in a sandbox -@subsection Running in a sandbox -@cindex seccomp -@cindex isolated mode - -Given that TLS protocol handling as well as X.509 certificate -parsing are complicated processes involving several thousands lines of code, -it is often desirable (and recommended) to run the TLS session handling in -a sandbox like seccomp. That has to be allowed by the overall software design, -but if available, it adds an additional layer of protection by -preventing parsing errors from becoming vessels for further security issues such -as code execution. - -GnuTLS requires the following system calls to be available for its proper -operation. - -@itemize -@item nanosleep -@item time -@item gettimeofday -@item clock_gettime -@item getrusage -@item getpid -@item send -@item recv -@item writev -@item read (to read from /dev/urandom) -@item getrandom (this is Linux-kernel specific) -@item select -@end itemize - -As well as any calls needed for memory allocation to work. Note however, that GnuTLS -depends on libc for the system calls, and there is no guarantee that libc will -call the expected system call. For that it is recommended to test your -program in all the targetted platforms when filters like seccomp are in place. - -An example with a seccomp filter from GnuTLS' test suite is at: -@url{http://gitlab.com/gnutls/gnutls/blob/master/tests/seccomp.c}. - -@node Sessions and fork -@subsection Sessions and fork -@cindex fork - -A @code{gnutls_session_t} object can be shared by two processes after a fork, -one sending, the other receiving. In that case rehandshakes, -cannot and must not be performed. As with threads, the termination of a session should be -handled by the sender process using @funcref{gnutls_bye} with @code{GNUTLS_SHUT_WR} -and the receiving process waiting for a return value of zero. - - @node Callback functions @subsection Callback functions @cindex callback functions @@ -330,21 +240,14 @@ library. @node Initialization @subsection Initialization -The GnuTLS library is initialized on load; prior to 3.3.0 was initialized by calling @funcref{gnutls_global_init}@footnote{ -The original behavior of requiring explicit initialization can obtained by setting the -GNUTLS_NO_EXPLICIT_INIT environment variable to 1, or by using the macro GNUTLS_SKIP_GLOBAL_INIT -in a global section of your program.}. +GnuTLS must be initialized before it can be used. The library is +initialized on load; prior to 3.3.0 was initialized by calling @funcref{gnutls_global_init}. The initialization typically enables CPU-specific acceleration, performs any required precalculations needed, opens any required system devices (e.g., /dev/urandom on Linux) and initializes subsystems that could be used later. The resources allocated by the initialization process will be released -on library deinitialization, or explicitly by calling @funcref{gnutls_global_deinit}. - -Note that during initialization file descriptors may be kept open by -GnuTLS (e.g. /dev/urandom) on library load. Applications closing all unknown file -descriptors must immediately call @funcref{gnutls_global_init}, after that, to -ensure they don't disrupt GnuTLS' operation. +on library deinitialization, or explictly by calling @funcref{gnutls_global_deinit}. @c In order to take advantage of the internationalization features in @c GnuTLS, such as translated error messages, the application must set @@ -476,7 +379,8 @@ with the credential types is shown in @ref{tab:key-exchange-cred}. @code{KX_DHE_RSA}, @code{KX_DHE_DSS}, @code{KX_ECDHE_RSA}, -@code{KX_ECDHE_ECDSA} +@code{KX_ECDHE_ECDSA}, +@code{KX_RSA_EXPORT} @tab @code{CRD_CERTIFICATE} @tab @code{CRD_CERTIFICATE} @@ -530,16 +434,15 @@ certificate certifies the one before it. The trusted authority's certificate need not to be included since the peer should possess it already. -@showfuncC{gnutls_certificate_set_x509_key_file2,gnutls_certificate_set_x509_key_mem2,gnutls_certificate_set_x509_key} +@showfuncC{gnutls_certificate_set_x509_key_mem2,gnutls_certificate_set_x509_key,gnutls_certificate_set_x509_key_file2} -@showfuncC{gnutls_certificate_set_openpgp_key_file,gnutls_certificate_set_openpgp_key_mem,gnutls_certificate_set_openpgp_key} +@showfuncC{gnutls_certificate_set_openpgp_key_mem,gnutls_certificate_set_openpgp_key,gnutls_certificate_set_openpgp_key_file} -It is recommended to use the higher level functions such as @funcref{gnutls_certificate_set_x509_key_file2} -which accept not only file names but URLs that specify objects stored in token, -or system certificates and keys (see @ref{Application-specific keys}). For these cases, another important -function is @funcref{gnutls_certificate_set_pin_function}, that +Note however, that since functions like @funcref{gnutls_certificate_set_x509_key_file2} +may accept URLs that specify objects stored in token, another important +function is @funcref{gnutls_certificate_set_pin_function}. That allows setting a callback function to retrieve a PIN if the input keys are -protected by PIN. +protected by PIN by the token. @showfuncdesc{gnutls_certificate_set_pin_function} @@ -614,27 +517,25 @@ Certificate verification is possible by loading the trusted authorities into the credentials structure by using the following functions, applicable to X.509 and OpenPGP certificates. -@showfuncD{gnutls_certificate_set_x509_system_trust,gnutls_certificate_set_x509_trust_file,gnutls_certificate_set_x509_trust_dir,gnutls_certificate_set_openpgp_keyring_file} +@showfuncC{gnutls_certificate_set_x509_system_trust,gnutls_certificate_set_x509_trust_file,gnutls_certificate_set_openpgp_keyring_file} + +The peer's certificate is not automatically verified and one +must call @funcref{gnutls_certificate_verify_peers3} +after a successful handshake to verify the certificate's signature and the owner +of the certificate. The verification status returned can be printed using +@funcref{gnutls_certificate_verification_status_print}. -The peer's certificate will be automatically verified if -@funcref{gnutls_session_set_verify_cert} is called prior to handshake. +Alternatively the verification can occur during the handshake +by using @funcref{gnutls_certificate_set_verify_function}. -Alternatively, one must set a callback function during the handshake -using @funcref{gnutls_certificate_set_verify_function}, which -will verify the peer's certificate once received. The verification -should happen using @funcref{gnutls_certificate_verify_peers3} within -the callback. It will verify the certificate's signature and the owner -of the certificate. That will provide a brief verification output. If a +The functions above provide a brief verification output. If a detailed output is required one should call @funcref{gnutls_certificate_get_peers} to obtain the raw certificate of the peer and verify it using the functions discussed in @ref{X.509 certificates}. -In both the automatic and the manual cases, the verification status returned -can be printed using @funcref{gnutls_certificate_verification_status_print}. - -@showfuncdesc{gnutls_session_set_verify_cert} +@showfuncdesc{gnutls_certificate_verify_peers3} -@showfuncB{gnutls_certificate_verify_peers3,gnutls_certificate_set_verify_function} +@showfuncdesc{gnutls_certificate_set_verify_function} @node SRP credentials @@ -783,7 +684,6 @@ remaining until the next retransmission, or better the time until @node Asynchronous operation @subsection Asynchronous operation - @acronym{GnuTLS} can be used with asynchronous socket or event-driven programming. The approach is similar to using Berkeley sockets under such an environment. The blocking, due to network interaction, calls such as @@ -791,7 +691,7 @@ The blocking, due to network interaction, calls such as can be set to non-blocking by setting the underlying sockets to non-blocking. If other push and pull functions are setup, then they should behave the same way as @funcintref{recv} and @funcintref{send} when used in a non-blocking -way, i.e., return -1 and set errno to @code{EAGAIN}. Since, during a TLS protocol session +way, i.e., set errno to @code{EAGAIN}. Since, during a TLS protocol session @acronym{GnuTLS} does not block except for network interaction, the non blocking @code{EAGAIN} errno will be propagated and @acronym{GnuTLS} functions will return the @code{GNUTLS_E_AGAIN} error code. Such calls can be resumed the @@ -800,33 +700,17 @@ The only exception is @funcref{gnutls_record_send}, which if interrupted subsequent calls need not to include the data to be sent (can be called with NULL argument). -When using the @funcintref{poll} or @funcintref{select} system calls though, one should remember -that they only apply to the kernel sockets API. To check for any -available buffered data in a @acronym{GnuTLS} session, -utilize @funcref{gnutls_record_check_pending}, -either before the @funcintref{poll} system call, or after a call to -@funcref{gnutls_record_recv}. Data queued by @funcref{gnutls_record_send} -(when interrupted) can be discarded using @funcref{gnutls_record_discard_queued}. - -The following paragraphs describe the detailed requirements for non-blocking -operation when using the TLS or DTLS protocols. - -@subsubsection TLS protocol -There are no special requirements for the TLS protocol operation in non-blocking -mode if a non-blocking socket is used. - -It is recommended, however, for future compatibility, when in non-blocking mode, to -call the @funcref{gnutls_init} function with the -@code{GNUTLS_NONBLOCK} flag set (see @ref{Session initialization}). - -@subsubsection Datagram TLS protocol -When in non-blocking mode the function, the @funcref{gnutls_init} function -must be called with the @code{GNUTLS_NONBLOCK} flag set (see @ref{Session initialization}). - -In contrast with the TLS protocol, the pull timeout function is required, -but will only be called with a timeout of zero. In that case it should indicate -whether there are data to be received or not. When not using the default pull function, -then @funcref{gnutls_transport_set_pull_timeout_function} should be called. +The @funcintref{select} system call can also be used in combination with the +@acronym{GnuTLS} functions. @funcintref{select} allows monitoring of sockets +and notifies on them being ready for reading or writing data. Note however +that this system call cannot notify on data present in @acronym{GnuTLS} +read buffers, it is only applicable to the kernel sockets API. Thus if +you are using it for reading from a @acronym{GnuTLS} session, make sure +that any cached data are read completely. That can be achieved by checking there +are no data waiting to be read (using @funcref{gnutls_record_check_pending}), +either before the @funcintref{select} system call, or after a call to +@funcref{gnutls_record_recv}. @acronym{GnuTLS} does not keep a write buffer, +thus when writing no additional actions are required. Although in the TLS protocol implementation each call to receive or send function implies to restoring the same function that was interrupted, in @@ -836,11 +720,13 @@ a received message and thus @funcref{gnutls_record_get_direction} must be called to decide which direction to check prior to restoring a function call. @showfuncdesc{gnutls_record_get_direction} -When calling @funcref{gnutls_handshake} through a multi-plexer, -to be able to handle properly the DTLS handshake retransmission timers, -the function @funcref{gnutls_dtls_get_timeout} -should be used to estimate when to call @funcref{gnutls_handshake} if -no data have been received. +Moreover, to prevent blocking from DTLS' retransmission timers to block a +handshake, the @funcref{gnutls_init} function should be called with the +@code{GNUTLS_NONBLOCK} flag set (see @ref{Session initialization}). In that +case, in order to be able to use the DTLS handshake timers, the function +@funcref{gnutls_dtls_get_timeout} should be used to estimate when to call +@funcref{gnutls_handshake} if no packets have been received. + @node DTLS sessions @subsection DTLS sessions @@ -883,15 +769,15 @@ exchange. @showfuncdesc{gnutls_handshake_set_timeout} -In GnuTLS 3.5.0 and later it is recommended to use @funcref{gnutls_session_set_verify_cert} -for the handshake process to ensure the verification of the peer's identity. +The handshake process doesn't ensure the verification +of the peer's identity. When certificates are in use, +this can be done, either after the handshake is complete, or during +the handshake if @funcref{gnutls_certificate_set_verify_function} +has been used. In both cases the @funcref{gnutls_certificate_verify_peers2} function can be +used to verify the peer's certificate (see @ref{Certificate authentication} +for more information). -In older GnuTLS versions it is required to manually verify the peer's certificate -during the handshake by using @funcref{gnutls_certificate_set_verify_function}, and -@funcref{gnutls_certificate_verify_peers2}. See @ref{Certificate authentication} -for more information. - -@showfuncB{gnutls_session_set_verify_cert,gnutls_certificate_verify_peers2} +@showfuncA{gnutls_certificate_verify_peers2} @node Data transfer and termination @section Data transfer and termination @@ -921,8 +807,8 @@ protocol, this field allows distinguishing out-of-order messages. The @funcref{gnutls_record_check_pending} helper function is available to allow checking whether data are available to be read in a @acronym{GnuTLS} session -buffers. Note that this function complements but does not replace @funcintref{poll}, -i.e., @funcref{gnutls_record_check_pending} reports no data to be read, @funcintref{poll} +buffers. Note that this function complements but does not replace @funcintref{select}, +i.e., @funcref{gnutls_record_check_pending} reports no data to be read, @funcintref{select} should be called to check for data in the network buffers. @showfuncdesc{gnutls_record_check_pending} @@ -1000,7 +886,7 @@ Means that a compile-time specified system configuration file@footnote{The defau will be used to expand the provided keyword. That is used to impose system-specific policies. It may be followed by additional options that will be appended to the system string (e.g., "@@SYSTEM:+SRP"). The system file should have the -format 'KEYWORD=VALUE', e.g., 'SYSTEM=NORMAL:+ARCFOUR-128'. +format 'KEYWORD=VALUE', e.g., 'SYSTEM=NORMAL:-ARCFOUR-128'. @item PERFORMANCE @tab All the known to be secure ciphersuites are enabled, @@ -1045,9 +931,7 @@ The message authenticity security level is of 128 bits or more, and the certificate verification profile is set to GNUTLS_PROFILE_HIGH (128-bits). @item SECURE256 @tab -Currently alias for SECURE192. This option, will enable ciphers which use a -256-bit key but, due to limitations of the TLS protocol, the overall security -level will be 192-bits (the security level depends on more factors than cipher key size). +Currently alias for SECURE192. @item SUITEB128 @tab Means all the NSA Suite B cryptography (RFC5430) ciphersuites @@ -1059,6 +943,10 @@ Means all the NSA Suite B cryptography (RFC5430) ciphersuites with an 192 bit security level, as well as the enabling of the corresponding verification profile. +@item EXPORT @tab +This priority string should be treated as deprecated. +GnuTLS no longer negotiates 40-bit ciphers. + @item NONE @tab Means nothing is enabled. This disables even protocols and compression methods. It should be followed by the @@ -1069,7 +957,7 @@ algorithms to be enabled. @end float Unless the initial keyword is "NONE" the defaults (in preference -order) are for TLS protocols TLS 1.2, TLS1.1, TLS1.0; for +order) are for TLS protocols TLS 1.2, TLS1.1, TLS1.0, SSL3.0; for compression NULL; for certificate types X.509. In key exchange algorithms when in NORMAL or SECURE levels the perfect forward secrecy algorithms take precedence of the other @@ -1096,9 +984,8 @@ are shown in @ref{tab:prio-algorithms}. To avoid collisions in order to specify a compression algorithm in the priority string you have to prefix it with "COMP-", protocol versions with "VERS-", signature algorithms with "SIGN-" and certificate types with "CTYPE-". -All other algorithms don't need a prefix. Each specified keyword (except -for @emph{special keywords}) can be prefixed with any of the following -characters. +All other algorithms don't need a prefix. Each specified keyword can +be prefixed with any of the following characters. @table @asis @item '!' or '-' @@ -1112,7 +999,7 @@ appended with an algorithm will add this algorithm. @headitem Type @tab Keywords @item Ciphers @tab AES-128-CBC, AES-256-CBC, AES-128-GCM, CAMELLIA-128-CBC, -CAMELLIA-256-CBC, ARCFOUR-128, 3DES-CBC. Catch all +CAMELLIA-256-CBC, ARCFOUR-128, 3DES-CBC ARCFOUR-40. Catch all name is CIPHER-ALL which will add all the algorithms from NORMAL priority. @@ -1132,9 +1019,9 @@ GCM ciphers only). All algorithms from NORMAL priority can be accessed with MAC- COMP-NULL, COMP-DEFLATE. Catch all is COMP-ALL. @item TLS versions @tab -VERS-TLS1.0, VERS-TLS1.1, VERS-TLS1.2, -VERS-DTLS1.0, VERS-DTLS1.2. -Catch all are VERS-ALL, VERS-TLS-ALL and VERS-DTLS-ALL. +VERS-SSL3.0, VERS-TLS1.0, VERS-TLS1.1, +VERS-TLS1.2, VERS-DTLS1.2, VERS-DTLS1.0. +Catch all is VERS-TLS-ALL and VERS-DTLS-ALL. @item Signature algorithms @tab SIGN-RSA-SHA1, SIGN-RSA-SHA224, @@ -1145,9 +1032,6 @@ is SIGN-ALL. This is only valid for TLS 1.2 and later. @item Elliptic curves @tab CURVE-SECP192R1, CURVE-SECP224R1, CURVE-SECP256R1, CURVE-SECP384R1, CURVE-SECP521R1. Catch all is CURVE-ALL. -@item Certificate type @tab -CTYPE-OPENPGP, CTYPE-X509. Catch all is CTYPE-ALL. - @end multitable @caption{The supported algorithm keywords in priority strings.} @end float @@ -1186,14 +1070,6 @@ will prevent the sending of any TLS extensions in client side. Note that TLS 1.2 requires extensions to be used, as well as safe renegotiation thus this option must be used with care. -@item %NO_TICKETS @tab -will prevent the advertizing of the TLS session ticket extension. -This is implied by the PFS keyword. - -@item %NO_SESSION_HASH @tab -will prevent the advertizing the TLS extended master secret (session hash) -extension. - @item %SERVER_PRECEDENCE @tab The ciphersuite will be selected according to server priorities and not the client's. @@ -1224,10 +1100,6 @@ separate records. will disable matching wildcards when comparing hostnames in certificates. -@item %NO_ETM @tab -will disable the encrypt-then-mac TLS extension (RFC7366). This is -implied by the %COMPAT keyword. - @item %DISABLE_SAFE_RENEGOTIATION @tab will completely disable safe renegotiation completely. Do not use unless you know what you are doing. @@ -1252,12 +1124,6 @@ will enforce safe renegotiation. Clients and servers will refuse to talk to an insecure peer. Currently this causes interoperability problems, but is required for full protection. -@item %FALLBACK_SCSV @tab -will enable the use of the fallback signaling cipher suite value in the -client hello. Note that this should be set only by applications that -try to reconnect with a downgraded protocol version. See RFC7507 for -details. - @item %VERIFY_ALLOW_SIGN_RSA_MD5 @tab will allow RSA-MD5 signatures in certificate chains. @@ -1295,11 +1161,11 @@ The default priority without the HMAC-MD5: Specifying RSA with AES-128-CBC: "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL" -Specifying the defaults plus ARCFOUR-128: - "NORMAL:+ARCFOUR-128" +Specifying the defaults except ARCFOUR-128: + "NORMAL:-ARCFOUR-128" -Enabling the 128-bit secure ciphers, while disabling TLS 1.0 and enabling compression: - "SECURE128:-VERS-TLS1.0:+COMP-DEFLATE" +Enabling the 128-bit secure ciphers, while disabling SSL 3.0 and enabling compression: + "SECURE128:-VERS-SSL3.0:+COMP-DEFLATE" Enabling the 128-bit and 192-bit secure ciphers, while disabling all TLS versions except TLS 1.2: @@ -1321,11 +1187,11 @@ authentication. @float Table,tab:key-sizes @multitable @columnfractions .10 .12 .10 .20 .32 -@headitem Security bits @tab RSA, DH and SRP parameter size @tab ECC key size @tab Security parameter (profile) @tab Description +@headitem Security bits @tab RSA, DH and SRP parameter size @tab ECC key size @tab Security parameter @tab Description -@item <64 -@tab <768 -@tab <128 +@item <72 +@tab <1008 +@tab <160 @tab @code{INSECURE} @tab Considered to be insecure @@ -1363,18 +1229,12 @@ authentication. @tab 3072 @tab 256 @tab @code{HIGH} -@tab Long term protection (corresponds to ENISA future level) - -@item 192 -@tab 8192 -@tab 384 -@tab @code{ULTRA} -@tab Even longer term protection +@tab Long term protection @item 256 @tab 15424 @tab 512 -@tab @code{FUTURE} +@tab @code{ULTRA} @tab Foreseeable future @end multitable @@ -1428,7 +1288,6 @@ and SRP authentication. @menu * Session resumption:: * Certificate verification:: -* Re-authentication:: * Parameter generation:: * Deriving keys for other applications/protocols:: * Channel Bindings:: @@ -1478,9 +1337,7 @@ for expiration. A server utilizing tickets should generate ticket encryption and authentication keys using @funcref{gnutls_session_ticket_key_generate}. Those keys should be associated with the GnuTLS session using -@funcref{gnutls_session_ticket_enable_server}, and should be rotated regularly -(e.g., every few hours), to prevent them from becoming long-term keys which -if revealed could be used to decrypt all previous sessions. +@funcref{gnutls_session_ticket_enable_server}. @showfuncdesc{gnutls_session_ticket_enable_server} @showfuncdesc{gnutls_session_ticket_key_generate} @@ -1504,7 +1361,7 @@ the risk of a compromised CA being undetected. @subsubsection Trust on first use -The GnuTLS library includes functionality to use an SSH-like trust on first use authentication. +The GnuTLS library includes functionlity to use an SSH-like trust on first use authentication. The available functions to store and verify public keys are listed below. @showfuncdesc{gnutls_verify_stored_pubkey} @@ -1560,46 +1417,6 @@ you may use danetool (see @ref{danetool Invocation}). -@node Re-authentication -@subsection Re-authentication -@cindex renegotiation -@cindex reauthentication - -In TLS there is no distinction between rekey, re-authentication, and re-negotiation. -All of these use cases are handled by the TLS' rehandshake process. For that reason -in GnuTLS rehandshake is not transparent to the application, and the application -must take control of that process. The following paragraphs explain how to safely -use the rehandshake process. - -@subsubsection Client side - -According to the TLS specification a client may initiate a rehandshake at any -time. That can be achieved by calling @funcref{gnutls_handshake} and rely on its -return value for the outcome of the handshake (the server may deny a rehandshake). -If a server requests a re-handshake, then a call to @funcref{gnutls_record_recv} will -return GNUTLS_E_REHANDSHAKE in the client, instructing it to call @funcref{gnutls_handshake}. -To deny a rehandshake request by the server it is recommended to send a warning alert -of type GNUTLS_A_NO_RENEGOTIATION. - -Due to limitations of early protocol versions, it is required to check whether -safe renegotiation is in place, i.e., using @funcref{gnutls_safe_renegotiation_status}, -which ensures that the server remains the same as the initial. For older servers, -which do not support renegotiation, it is required on the second handshake -to verify that their certificate/credentials remained the same as in the initial -session. - -@showfuncdesc{gnutls_safe_renegotiation_status} - -@subsubsection Server side - -A server which wants to instruct the client to re-authenticate, should call -@funcref{gnutls_rehandshake} and wait for the client to re-authenticate. -It is recommended to only request re-handshake when safe renegotiation is -enabled for that session (see @funcref{gnutls_safe_renegotiation_status} and -the discussion in @ref{Safe renegotiation}). - -@showfuncdesc{gnutls_rehandshake} - @node Parameter generation @subsection Parameter generation @cindex parameter generation @@ -1739,7 +1556,7 @@ options that are known to cause compatibility problems, is shown below. NORMAL:%COMPAT @end verbatim -For very old broken peers that do not tolerate TLS version numbers over TLS 1.0 +For broken peers that do not tolerate TLS version numbers over TLS 1.0 another priority string is: @verbatim NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi index daf5f36..6a04ac2 100644 --- a/doc/cha-internals.texi +++ b/doc/cha-internals.texi @@ -123,9 +123,7 @@ Adding support for a new TLS extension is done from time to time, and the process to do so is not difficult. Here are the steps you need to follow if you wish to do this yourself. For sake of discussion, let's consider adding support for the hypothetical TLS extension -@code{foobar}. The following section is about adding an extension to GnuTLS, -for custom application extensions you should check the exported function -@funcref{gnutls_ext_register}. +@code{foobar}. @subsubheading Add @code{configure} option like @code{--enable-foobar} or @code{--disable-foobar}. @@ -323,41 +321,18 @@ When writing GTK-DOC style documentation for your new APIs, don't forget to add @code{Since:} tags to indicate the GnuTLS version the API was introduced in. -@subsubheading Heartbeat extension. - -One such extension is HeartBeat protocol (RFC6520: -@url{https://tools.ietf.org/html/rfc6520}) implementation. To enable -it use option --heartbeat with example client and server supplied with -gnutls: - -@example -./doc/credentials/gnutls-http-serv --priority "NORMAL:-CIPHER-ALL:+NULL" -d 100 \ - --heartbeat --echo -./src/gnutls-cli --priority "NORMAL:-CIPHER-ALL:+NULL" -d 100 localhost -p 5556 \ - --insecure --heartbeat -@end example - -After that pasting -@example -**HEARTBEAT** -@end example -command into gnutls-cli will trigger corresponding command on the server and it will send HeartBeat Request with random length to client. - -Another way is to run capabilities check with: - -@example -./doc/credentials/gnutls-http-serv -d 100 --heartbeat -./src/gnutls-cli-debug localhost -p 5556 -@end example - @subheading Adding a new Supplemental Data Handshake Message TLS handshake extensions allow to send so called supplemental data handshake messages @xcite{RFC4680}. This short section explains how to implement a supplemental data handshake message for a given TLS extension. -First of all, modify your extension @code{foobar} in the way, to instruct -the handshake process to send and receive supplemental data, as shown below. +First of all, modify your extension @code{foobar} in the way, the that +flags +@code{session->security_parameters.@-do_send_supplemental} +and +@code{session->security_parameters.@-do_recv_supplemental} +are set: @example int @@ -365,7 +340,7 @@ _gnutls_foobar_recv_params (gnutls_session_t session, const opaque * data, size_t _data_size) @{ ... - gnutls_supplemental_recv(session, 1); + session->security_parameters.do_recv_supplemental=1; ... @} @@ -373,25 +348,15 @@ int _gnutls_foobar_send_params (gnutls_session_t session, gnutls_buffer_st *extdata) @{ ... - gnutls_supplemental_send(session, 1); + session->security_parameters.do_send_supplemental=1; ... @} @end example -Furthermore you'll need two new functions @funcintref{_foobar_supp_recv_params} -and @funcintref{_foobar_supp_send_params}, which must conform to the following -prototypes. - -@example -typedef int (*gnutls_supp_recv_func)(gnutls_session_t session, - const unsigned char *data, - size_t data_size); -typedef int (*gnutls_supp_send_func)(gnutls_session_t session, - gnutls_buffer_t buf); -@end example - -The following example code shows how to send a -``Hello World'' string in the supplemental data handshake message. +Furthermore add the functions @funcintref{_foobar_supp_recv_params} +and @funcintref{_foobar_supp_send_params} to @code{_foobar.h} and +@code{_foobar.c}. The following example code shows how to send a +``Hello World'' string in the supplemental data handshake message: @example int @@ -413,20 +378,75 @@ _foobar_supp_recv_params(gnutls_session_t session, const opaque *data, size_t _d @} int -_foobar_supp_send_params(gnutls_session_t session, gnutls_buffer_t buf) +_foobar_supp_send_params(gnutls_session_t session, gnutls_buffer_st *buf) @{ unsigned char *msg = "hello world"; int len = strlen(msg); - if (gnutls_buffer_append_data(buf, msg, len) < 0) - abort(); + _gnutls_buffer_append_data_prefix(buf, 8, msg, len); return len; @} @end example -Afterwards, register the new supplemental data using @funcref{gnutls_supplemental_register}, -at some point in your program. +Afterwards, add the new supplemental data handshake message to +@code{lib/gnutls_supplemental.c} by adding a new entry to the +@code{_gnutls_supplemental[]} structure: + +@example +gnutls_supplemental_entry _gnutls_supplemental[] = +@{ + @{"foobar", + GNUTLS_SUPPLEMENTAL_FOOBAR_DATA, + _foobar_supp_recv_params, + _foobar_supp_send_params@}, + @{0, 0, 0, 0@} +@}; +@end example + +You have to include your @code{foobar.h} header file as well: + +@example +#include "foobar.h" +@end example + +Lastly, add the new supplemental data type to +@code{lib/includes/gnutls/gnutls.h}: + +@example +typedef enum +@{ + GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0, + GNUTLS_SUPPLEMENTAL_FOOBAR_DATA = 1 +@} gnutls_supplemental_data_format_type_t; +@end example + +@subsubheading Heartbeat extension. + +One such extension is HeartBeat protocol (RFC6520: +@url{https://tools.ietf.org/html/rfc6520}) implementation. To enable +it use option --heartbeat with example client and server supplied with +gnutls: + +@example +./doc/credentials/gnutls-http-serv --priority "NORMAL:-CIPHER-ALL:+NULL" -d 100 \ + --heartbeat --echo +./src/gnutls-cli --priority "NORMAL:-CIPHER-ALL:+NULL" -d 100 localhost -p 5556 \ + --insecure --heartbeat +@end example + +After that pasting +@example +**HEARTBEAT** +@end example +command into gnutls-cli will trigger corresponding command on the server and it will send HeartBeat Request with random length to client. + +Another way is to run capabilities check with: + +@example +./doc/credentials/gnutls-http-serv -d 100 --heartbeat +./src/gnutls-cli-debug localhost -p 5556 +@end example @node Cryptographic Backend @section Cryptographic Backend @@ -434,8 +454,9 @@ Today most new processors, either for embedded or desktop systems include either instructions intended to speed up cryptographic operations, or a co-processor with cryptographic capabilities. Taking advantage of those is a challenging task for every cryptographic application or -library. GnuTLS handles the cryptographic provider in a modular -way, following a layered approach to access +library. Unfortunately the cryptographic library that GnuTLS is based +on takes no advantage of these capabilities. For this reason GnuTLS handles +this internally by following a layered approach to accessing cryptographic operations as in @ref{fig-crypto-layers}. @float Figure,fig-crypto-layers @@ -486,26 +507,44 @@ source code in @code{lib/accelerated/}. @subsubheading Overriding specific algorithms When an optimized implementation of a single algorithm is available, say a hardware assisted version of @acronym{AES-CBC} then the -following functions, from @code{crypto.h}, can +following (internal) functions, from @code{crypto-backend.h}, can be used to register those algorithms. @itemize -@item @funcref{gnutls_crypto_register_cipher}: +@item @code{gnutls_crypto_single_cipher_register}: To register a cipher algorithm. -@item @funcref{gnutls_crypto_register_aead_cipher}: -To register an AEAD cipher algorithm. - -@item @funcref{gnutls_crypto_register_mac}: -To register a MAC algorithm. - -@item @funcref{gnutls_crypto_register_digest}: -To register a hash algorithm. +@item @code{gnutls_crypto_single_digest_register}: +To register a hash (digest) or MAC algorithm. @end itemize Those registration functions will only replace the specified algorithm and leave the rest of subsystem intact. +@subsubheading Overriding the cryptographic library +In some systems, that might contain a broad acceleration engine, it +might be desirable to override big parts of the cryptographic back-end, +or even all of them. The following functions are provided for this reason. + +@itemize + +@item @code{gnutls_crypto_cipher_register}: +To override the cryptographic algorithms back-end. + +@item @code{gnutls_crypto_digest_register}: +To override the digest algorithms back-end. + +@item @code{gnutls_crypto_rnd_register}: +To override the random number generator back-end. + +@item @code{gnutls_crypto_bigint_register}: +To override the big number number operations back-end. + +@item @code{gnutls_crypto_pk_register}: +To override the public key encryption back-end. This is tied to the +big number operations so either none or both of them should be overridden. + +@end itemize diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi index 22e86f8..6075020 100644 --- a/doc/cha-intro-tls.texi +++ b/doc/cha-intro-tls.texi @@ -32,7 +32,7 @@ noted otherwise. @end menu @node TLS layers -@section TLS Layers +@section TLS layers @cindex TLS layers @acronym{TLS} is a layered protocol, and consists of the record @@ -56,7 +56,7 @@ protocol. The protocol layering in TLS is shown in @ref{fig-tls-layers}. @end float @node The transport layer -@section The Transport Layer +@section The transport layer @cindex transport protocol @cindex transport layer @@ -116,6 +116,14 @@ The supported in @acronym{GnuTLS} ciphers and MAC algorithms are shown in @ref{t @float Table,tab:ciphers @multitable @columnfractions .20 .70 @headitem Algorithm @tab Description +@item 3DES_@-CBC @tab +This is the DES block cipher algorithm used with triple +encryption (EDE). Has 64 bits block size and is used in CBC mode. + +@item ARCFOUR_@-128 @tab +ARCFOUR_128 is a compatible algorithm with RSA's RC4 algorithm, which is considered to be a trade +secret. It is a fast cipher but considered weak today. + @item AES_@-CBC @tab AES or RIJNDAEL is the block cipher algorithm that replaces the old DES algorithm. Has 128 bits block size and is used in CBC mode. @@ -125,38 +133,22 @@ This is the AES algorithm in the authenticated encryption GCM mode. This mode combines message authentication and encryption and can be extremely fast on CPUs that support hardware acceleration. -@item AES_@-CCM @tab -This is the AES algorithm in the authenticated encryption CCM mode. -This mode combines message authentication and encryption and is -often used by systems without AES or GCM acceleration support. - -@item AES_@-CCM_@-8 @tab -This is the AES algorithm in the authenticated encryption CCM mode -with a truncated to 64-bit authentication tag. This mode is for -communication with restricted systems. - @item CAMELLIA_@-CBC @tab This is an 128-bit block cipher developed by Mitsubishi and NTT. It is one of the approved ciphers of the European NESSIE and Japanese CRYPTREC projects. -@item CHACHA20_@-POLY1305 @tab -CHACHA20-POLY1305 is an authenticated encryption algorithm based on CHACHA20 cipher and -POLY1305 MAC. CHACHA20 is a refinement of SALSA20 algorithm, an approved cipher by -the European ESTREAM project. POLY1305 is Wegman-Carter, one-time authenticator. The -combination provides a fast stream cipher suitable for systems where a hardware AES -accelerator is not available. +@item SALSA20_@-256 @tab +SALSA20_256 is a fast stream cipher. This is currently a GnuTLS +extension. -@item 3DES_@-CBC @tab -This is the DES block cipher algorithm used with triple -encryption (EDE). Has 64 bits block size and is used in CBC mode. - -@item ARCFOUR_@-128 @tab -ARCFOUR-128 is a compatible algorithm with RSA's RC4 algorithm, which is considered to be a trade -secret. It is a fast cipher but considered weak today, and thus it is not enabled by default. +@item ESTREAM_@-SALSA20_@-256 @tab +ESTREAM_@-SALSA20_@-256 is a faster variant of SALSA20, and is one of the +selected ciphers of the ESTREAM competition. This is currently a GnuTLS +extension. @end multitable -@caption{Supported ciphers in TLS.} +@caption{Supported ciphers.} @end float @@ -172,17 +164,18 @@ An HMAC based on the SHA1 cryptographic hash algorithm designed by NSA. Outputs 160 bits of data. @item MAC_@-SHA256 @tab -An HMAC based on SHA2-256. Outputs 256 bits of data. +An HMAC based on SHA256. Outputs 256 bits of data. -@item MAC_@-SHA384 @tab -An HMAC based on SHA2-384. Outputs 384 bits of data. +@item MAC_@-UMAC @tab +This is a very fast MAC algorithm based on universal hashing, described in +@xcite{RFC4418}. This is currently a GnuTLS extension. @item MAC_@-AEAD @tab This indicates that an authenticated encryption algorithm, such as GCM, is in use. @end multitable -@caption{Supported MAC algorithms in TLS.} +@caption{Supported MAC algorithms.} @end float @@ -411,7 +404,6 @@ in @acronym{GnuTLS} are discussed in the subsections that follow. * OCSP status request:: * SRTP:: * Application Layer Protocol Negotiation (ALPN):: -* Extensions and Supplemental Data:: @end menu @node Maximum fragment length negotiation @@ -458,14 +450,7 @@ to the client. Because session parameters are sensitive they are encrypted and authenticated with a key only known to the server and then sent to the client. The Session Tickets extension is described in RFC 5077 @xcite{TLSTKT}. -A disadvantage of session tickets is that they eliminate the effects of -forward secrecy when a server uses the same key for long time. That is, -the secrecy of all sessions on a server using tickets depends on the ticket -key being kept secret. For that reason server keys should be rotated and discarded -regularly. - -Since version 3.1.3 GnuTLS clients transparently support session tickets, -unless forward secrecy is explicitly requested (with the PFS priority string). +Since version 3.1.3 GnuTLS clients transparently support session tickets. @node HeartBeat @subsection HeartBeat @@ -477,7 +462,7 @@ and is described in @xcite{RFC6520}. The extension is disabled by default and @funcref{gnutls_heartbeat_enable} can be used to enable it. A policy may be negotiated to only allow sending heartbeat messages or sending and receiving. The current session policy can be checked with @funcref{gnutls_heartbeat_allowed}. -The requests coming from the peer result to @code{GNUTLS_@-E_@-HEARTBEAT_@-PING_@-RECEIVED} +The requests coming from the peer result to @code{GNUTLS_@-E_@-HERTBEAT_@-PING_@-RECEIVED} being returned from the receive function. Ping requests to peer can be send via @funcref{gnutls_heartbeat_ping}. @@ -642,7 +627,7 @@ Other helper functions are listed below. @cindex ALPN @cindex Application Layer Protocol Negotiation -The TLS protocol was extended in @code{RFC7301} +The TLS protocol was extended in @code{draft-ietf-tls-applayerprotoneg-00} to provide the application layer a method of negotiating the application protocol version. This allows for negotiation of the application protocol during the TLS handshake, thus reducing @@ -656,16 +641,6 @@ registered in the Application Layer Protocol Negotiation IANA registry. While you can use them for other protocols (at the risk of collisions), it is preferable to register them. -@node Extensions and Supplemental Data -@subsection Extensions and Supplemental Data -@cindex Supplemental data - -It is possible to transfer supplemental data during the TLS handshake, following -@xcite{RFC4680}. This is for "custom" protocol modifications for applications which -may want to transfer additional data (e.g. additional authentication messages). Such -an exchange requires a custom extension to be registered. -The provided API for this functionality is low-level and described in @ref{TLS Extension Handling}. - @include sec-tls-app.texi @node On SSL 2 and older protocols diff --git a/doc/cha-library.texi b/doc/cha-library.texi index 8ac36cc..cb65d68 100644 --- a/doc/cha-library.texi +++ b/doc/cha-library.texi @@ -42,7 +42,6 @@ and gmplib libraries. @menu * Downloading and installing:: -* Installing for a software distribution:: * Document overview:: @end menu @@ -80,11 +79,11 @@ want to install it separately (e.g., to make it possibly to use libtasn1 in other programs), you can get it from @url{http://www.gnu.org/software/libtasn1/}. -The compression library, @code{libz}, the PKCS #11 helper library @code{p11-kit}, -the TPM library @code{trousers}, as well as the IDN library @code{libidn}@footnote{Needed -to use RFC6125 name comparison in internationalized domains.} are -optional dependencies. Check the README file in the distribution on how -to obtain these libraries. +The compression library, @code{libz}, the PKCS #11 helper library @code{p11-kit}, as well +as the TPM library @code{trousers}, are +optional dependencies. You may get libz from @url{http://www.zlib.net/}, +p11-kit from @url{http://p11-glue.freedesktop.org/} and trousers from +@url{http://trousers.sourceforge.net/}. A few @code{configure} options may be relevant, summarized below. They disable or enable particular features, @@ -113,38 +112,6 @@ options are given. For the complete list, refer to the output from @code{configure --help}. -@node Installing for a software distribution -@section Installing for a software distribution -@cindex installation - -When installing for a software distribution, it is often desirable to preconfigure -GnuTLS with the system-wide paths and files. There two important configuration -options, one sets the trust store in system, which are the CA certificates -to be used by programs by default (if they don't override it), and the other sets -to DNSSEC root key file used by unbound for DNSSEC verification. - -For the latter the following configuration option is available, and if not specified -GnuTLS will try to auto-detect the location of that file. -@verbatim ---with-unbound-root-key-file - -@end verbatim - -To set the trust store the following options are available. -@verbatim ---with-default-trust-store-file ---with-default-trust-store-dir ---with-default-trust-store-pkcs11 - -@end verbatim -The first option is used to set a PEM file which contains a list of trusted certificates, -while the second will read all certificates in the given path. The recommended option is -the last, which allows to use a PKCS #11 trust policy module. That module not only -provides the trusted certificates, but allows the categorization of them using purpose, -e.g., CAs can be restricted for e-mail usage only, or administrative restrictions of CAs, for -examples by restricting a CA to only issue certificates for a given DNS domain using NameConstraints. -A publicly available PKCS #11 trust module is p11-kit's trust module@footnote{@url{http://p11-glue.freedesktop.org/doc/p11-kit/trust-module.html}}. - @node Document overview @section Overview In this document we present an overview of the supported security protocols in @ref{Introduction to TLS}, and diff --git a/doc/cha-shared-key.texi b/doc/cha-shared-key.texi index 78c1f36..bf7e3ef 100644 --- a/doc/cha-shared-key.texi +++ b/doc/cha-shared-key.texi @@ -73,7 +73,7 @@ authenticated using a certificate with RSA parameters. @showfuncdesc{gnutls_srp_verifier} -@showfuncB{gnutls_srp_base64_encode2,gnutls_srp_base64_decode2} +@showfuncB{gnutls_srp_base64_encode_alloc,gnutls_srp_base64_decode_alloc} @include invoke-srptool.texi diff --git a/doc/cha-support.texi b/doc/cha-support.texi index 6ba2792..4ff30c5 100644 --- a/doc/cha-support.texi +++ b/doc/cha-support.texi @@ -168,5 +168,5 @@ specific product using the library, and typically in the case of software they a @end itemize Obtaining such a certification is an expensive and elaborate job that has no immediate value for a continuously developed free software library (as the certification is tied to the -particular version tested). While, as a free software project, we are not actively pursuing this kind of certification, GnuTLS has been FIPS-140-2 certified in several systems by -third parties. If you are, interested, see @ref{Commercial Support}. +particular version tested), and in the case of algorithm verification of FIPS 140-2 it doesn't make much sense as the library is freely available and anyone can verify the correctness +of algorithm implementation. As such we are not actively pursuing this kind of certification. If you are, nevertheless, interested, see @ref{Commercial Support}. diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi index 3310561..8898d44 100644 --- a/doc/cha-tokens.texi +++ b/doc/cha-tokens.texi @@ -1,41 +1,19 @@ @node Hardware security modules and abstract key types -@chapter Abstract keys types and Hardware security modules +@chapter Hardware security modules and abstract key types In several cases storing the long term cryptographic keys in a hard disk or even in memory poses a significant risk. Once the system they are stored is compromised the keys must be replaced as the secrecy of future sessions -is no longer guaranteed. Moreover, past sessions that were not protected by a +is no longer guarranteed. Moreover, past sessions that were not protected by a perfect forward secrecy offering ciphersuite are also to be assumed compromised. If such threats need to be addressed, then it may be wise storing the keys in a security module such as a smart card, an HSM or the TPM chip. Those modules ensure the protection of the cryptographic keys by only allowing operations on them and -preventing their extraction. The purpose of the abstract key API is to provide -an API that will allow the handle of keys in memory and files, as well as keys -stored in such modules. - -In GnuTLS the approach is to handle all keys transparently by the high level API, e.g., -the API that loads a key or certificate from a file. -The high-level API will accept URIs in addition to files that specify keys on an HSM or in TPM, -and a callback function will be used to obtain any required keys. The URI format is defined in -@xcite{TPMURI} and the standardized @xcite{PKCS11URI}. - -More information on the API is provided in the next sections. Examples of a URI of a certificate -stored in an HSM, as well as a key stored in the TPM chip are shown below. To discover the URIs -of the objects the @code{p11tool} (see @ref{p11tool Invocation}), -or @code{tpmtool} (see @ref{tpmtool Invocation}) may be used. - -@example -pkcs11:token=Nikos;serial=307521161601031;model=PKCS%2315; \ -manufacturer=EnterSafe;object=test1;type=cert - -tpmkey:uuid=42309df8-d101-11e1-a89a-97bb33c23ad1;storage=user -@end example - +preventing their extraction. @menu * Abstract key types:: -* Application-specific keys:: * Smart cards and HSMs:: * Trusted Platform Module:: @end menu @@ -49,7 +27,7 @@ Since there are many forms of a public or private keys supported by @acronym{Gnu on them. For these reasons the abstract @code{gnutls_privkey_t} and @code{gnutls_pubkey_t} were introduced in @code{gnutls/@-abstract.h} header. Those types are initialized using a specific type of key and then can be used to perform operations in an abstract way. For example in order -to sign an X.509 certificate with a key that resides in a token the following steps can be +to sign an X.509 certificate with a key that resides in a token the following steps must be used. @example @@ -67,7 +45,7 @@ gnutls_privkey_t abs_key; gnutls_privkey_import_url(abs_key, key_url); gnutls_x509_crt_init(&ca_cert); - gnutls_x509_crt_import_url(&ca_cert, cert_url); + gnutls_x509_crt_import_pkcs11_url(&ca_cert, cert_url); /* sign the certificate to be signed */ gnutls_x509_crt_privkey_sign(to_be_signed, ca_cert, abs_key, @@ -148,7 +126,7 @@ an external API, the following function is provided. This allows for a simple extensibility API without resorting to @acronym{PKCS} #11. -@showfuncdesc{gnutls_privkey_import_ext3} +@showfuncdesc{gnutls_privkey_import_ext2} @node Operations @subsection Operations @@ -172,71 +150,6 @@ key abstractions. @showfuncdesc{gnutls_x509_crt_set_pubkey} @showfuncC{gnutls_x509_crt_privkey_sign,gnutls_x509_crl_privkey_sign,gnutls_x509_crq_privkey_sign} - -@node Application-specific keys -@section System and application-specific keys -@cindex Application-specific keys -@cindex System-specific keys - -@subsection System-specific keys -In several systems there are keystores which allow to read, store and use certificates -and private keys. For these systems GnuTLS provides the system-key API in @code{gnutls/system-keys.h}. -That API provides the ability to iterate through all stored keys, add and delete keys as well -as use these keys using a URL which starts with "system:". The format of the URLs is system-specific. - -@showfuncdesc{gnutls_system_key_iter_get_info} - -@showfuncC{gnutls_system_key_iter_deinit,gnutls_system_key_add_x509,gnutls_system_key_delete} - -@subsection Application-specific keys -For systems where GnuTLS doesn't provide a system specific store, -it may often be desirable to define a custom class of keys -that are identified via URLs and available to GnuTLS calls such as @funcref{gnutls_certificate_set_x509_key_file2}. -Such keys can be registered using the API in @code{gnutls/urls.h}. The function -which registers such keys is @funcref{gnutls_register_custom_url}. - -@showfuncdesc{gnutls_register_custom_url} - -The input to this function are three callback functions as well as -the prefix of the URL, (e.g., "mypkcs11:") and the length of the prefix. -The types of the callbacks are shown below, and are expected to -use the exported gnutls functions to import the keys and certificates. -E.g., a typical @code{import_key} callback should use @funcref{gnutls_privkey_import_ext3}. - -@example -typedef int (*gnutls_privkey_import_url_func)(gnutls_privkey_t pkey, - const char *url, - unsigned flags); - -typedef int (*gnutls_x509_crt_import_url_func)(gnutls_x509_crt_t pkey, - const char *url, - unsigned flags); - -/* The following callbacks are optional */ - -/* This is to enable gnutls_pubkey_import_url() */ -typedef int (*gnutls_pubkey_import_url_func)(gnutls_pubkey_t pkey, - const char *url, unsigned flags); - -/* This is to allow constructing a certificate chain. It will be provided - * the initial certificate URL and the certificate to find its issuer, and must - * return zero and the DER encoding of the issuer's certificate. If not available, - * it should return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE. */ -typedef int (*gnutls_get_raw_issuer_func)(const char *url, gnutls_x509_crt_t crt, - gnutls_datum_t *issuer_der, unsigned flags); - -typedef struct custom_url_st @{ - const char *name; - unsigned name_size; - gnutls_privkey_import_url_func import_key; - gnutls_x509_crt_import_url_func import_crt; - gnutls_pubkey_import_url_func import_pubkey; - gnutls_get_raw_issuer_func get_issuer; -@} gnutls_custom_url_st; -@end example - - - @node Smart cards and HSMs @section Smart cards and HSMs @cindex PKCS #11 tokens @@ -256,7 +169,7 @@ separation subsystem. @acronym{PKCS} #11 is plugin API allowing applications to access cryptographic operations on a security module, as well as to objects residing on it. PKCS -#11 modules exist for hardware tokens such as smart cards@footnote{For example, OpenSC-supported cards.}, +#11 modules exist for hardware tokens such as smart cards@footnote{@url{http://www.opensc-project.org}}, cryptographic tokens, as well as for software modules like @acronym{Gnome Keyring}. The objects residing on a security module may be certificates, public keys, private keys or secret keys. Of those certificates and public/private key @@ -268,8 +181,8 @@ available in @code{gnutls/pkcs11.h}. Moreover @acronym{PKCS} #11 can be (ab)used to allow all applications in the same operating system to access shared cryptographic keys and certificates in a uniform way, as in @ref{fig-pkcs11-vision}. That way applications could load their trusted certificate list, as well as user -certificates from a common PKCS #11 module. Such a provider is the p11-kit trust -storage module@footnote{@url{http://p11-glue.freedesktop.org/trust-module.html}}. +certificates from a common PKCS #11 module. Such a provider exists in the @acronym{Gnome} +system, being the @acronym{Gnome Keyring}. @float Figure,fig-pkcs11-vision @image{pkcs11-vision,9cm} @@ -282,48 +195,42 @@ storage module@footnote{@url{http://p11-glue.freedesktop.org/trust-module.html}} * Reading objects:: * Writing objects:: * Using a PKCS11 token with TLS:: -* p11tool Invocation:: +* p11tool Invocation:: Invoking p11tool @end menu @node PKCS11 Initialization @subsection Initialization -To allow all @acronym{GnuTLS} applications to transparently access smart cards -and tokens, @acronym{PKCS} #11 is automatically initialized during the first -call of a @acronym{PKCS} #11 related function. The initialization process, based -on p11-kit configuration, loads any appropriate modules. The p11-kit configuration -files@footnote{@url{http://p11-glue.freedesktop.org/}} are typically stored in @code{/etc/pkcs11/modules/}. -For example a file that will instruct GnuTLS to load the @acronym{OpenSC} module, -could be named @code{/etc/pkcs11/modules/opensc.module} and contain the following: +To allow all @acronym{GnuTLS} applications to transparently access smard cards +and tokens, @acronym{PKCS} #11 is automatically initialized during the global +initialization (see @funcref{gnutls_global_init}). The initialization function, to select +which modules to load reads certain module configuration files. +Those are stored in @code{/etc/pkcs11/modules/} and +are the configuration files of @acronym{p11-kit}@footnote{@url{http://p11-glue.freedesktop.org/}}. +For example a file that will load the @acronym{OpenSC} module, could be named +@code{/etc/pkcs11/modules/opensc.module} and contain the following: @example module: /usr/lib/opensc-pkcs11.so @end example If you use these configuration files, then there is no need for other initialization in -@acronym{GnuTLS}, except for the PIN and token callbacks (see next section). -In several cases, however, it is desirable to limit badly behaving modules +@acronym{GnuTLS}, except for the PIN and token functions (see next section). +In several cases, however, it is desirable to limit badly behaving modules (e.g., modules that add an unacceptable delay on initialization) to single applications. That can be done using the ``enable-in:'' option followed by the base name of applications that this module should be used. -It is also possible to manually initialize the PKCS #11 subsystem if the +In all cases, you can also manually initialize the PKCS #11 subsystem if the default settings are not desirable. To completely disable PKCS #11 support you need to call @funcref{gnutls_pkcs11_init} with the flag @code{GNUTLS_PKCS11_FLAG_MANUAL} prior to @funcref{gnutls_global_init}. @showfuncdesc{gnutls_pkcs11_init} -Note that, PKCS #11 modules behave in a peculiar way after a fork; they -require a reinitialization of all the used PKCS #11 resources. -While GnuTLS automates that process, there are corner cases where -it is not possible to handle it correctly in an automated way@footnote{For -example when an open session is to be reinitialized, but the PIN is not available -to GnuTLS (e.g., it was entered at a pinpad).}. For that reasons it is -recommended not to mix fork() and PKCS #11 module usage. It is recommended -to initialize and use any PKCS #11 resources in a single process. - -Older versions of @acronym{GnuTLS} required to call @funcref{gnutls_pkcs11_reinit} -after a fork() call; since 3.3.0 this is no longer required. +Note that PKCS #11 modules must be reinitialized on the child processes +after a @funcintref{fork}. In older versions of @acronym{GnuTLS} it was +required to call @funcref{gnutls_pkcs11_reinit}; since 3.3.0 this is no +longer required, as reinitialization occurs automatically. @node Accessing objects that require a PIN @subsection Accessing objects that require a PIN @@ -377,7 +284,7 @@ key on a smart card may be referenced as: @example pkcs11:token=Nikos;serial=307521161601031;model=PKCS%2315; \ -manufacturer=EnterSafe;object=test1;type=public;\ +manufacturer=EnterSafe;object=test1;objecttype=public;\ id=32f153f3e37990b08624141077ca5dec2d15faed @end example @@ -396,7 +303,7 @@ are shown below. @showfuncdesc{gnutls_pkcs11_obj_get_info} -@showfuncC{gnutls_x509_crt_import_pkcs11,gnutls_x509_crt_import_url,gnutls_x509_crt_list_import_pkcs11} +@showfuncC{gnutls_x509_crt_import_pkcs11,gnutls_x509_crt_import_pkcs11_url,gnutls_x509_crt_list_import_pkcs11} Properties of the physical token can also be accessed and altered with @acronym{GnuTLS}. For example data in a token can be erased (initialized), PIN can be altered, etc. @@ -440,9 +347,9 @@ to prevent its extraction. An object can be marked as private using the flag @code{GNUTLS_@-PKCS11_OBJ_@-FLAG_@-MARK_@-PRIVATE}, to require PIN to be entered before accessing the object (for operations or otherwise). -@showfuncdesc{gnutls_pkcs11_copy_x509_privkey2} +@showfuncdesc{gnutls_pkcs11_copy_x509_privkey} -@showfuncdesc{gnutls_pkcs11_copy_x509_crt2} +@showfuncdesc{gnutls_pkcs11_copy_x509_crt} @showfuncdesc{gnutls_pkcs11_delete_url} @@ -486,7 +393,7 @@ In GnuTLS the TPM functionality is available in @code{gnutls/tpm.h}. * Keys in TPM:: * Key generation:: * Using keys:: -* tpmtool Invocation:: +* tpmtool Invocation:: Invoking tpmtool @end menu @node Keys in TPM diff --git a/doc/cha-upgrade.texi b/doc/cha-upgrade.texi index b2ef482..5621ee0 100644 --- a/doc/cha-upgrade.texi +++ b/doc/cha-upgrade.texi @@ -44,10 +44,10 @@ They are replaced by the safer function @funcref{gnutls_session_get_random} @tab Replaced by the keying material exporters discussed in @ref{Deriving keys for other applications/protocols} @item @funcintref{gnutls_transport_set_global_errno} -@tab Replaced by using the system's errno facility or @funcref{gnutls_transport_set_errno}. +@tab Replaced by using the system's errno fascility or @funcref{gnutls_transport_set_errno}. @item @funcintref{gnutls_x509_privkey_verify_data} -@tab Replaced by @funcref{gnutls_pubkey_verify_data2}. +@tab Replaced by @funcref{gnutls_pubkey_verify_data}. @item @funcintref{gnutls_certificate_verify_peers} @tab Replaced by @funcref{gnutls_certificate_verify_peers2}. @@ -67,7 +67,7 @@ They are replaced by the safer function @funcref{gnutls_session_get_random} @item @funcintref{gnutls_certificate_get_openpgp_keyring} @tab Removed. -@item @funcintref{gnutls_ia_} +@item @funcintref{gnutls_ia_*} @tab Removed. The inner application extensions were completely removed (they failed to be standardized). @end multitable @@ -104,81 +104,3 @@ when the flag @code{GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA} is specified. @end multitable -@heading Upgrading to 3.3.x from 3.2.x - -GnuTLS 3.3.x is source and binary compatible with GnuTLS 3.2.x releases; -however there few changes in semantics which are listed below. - -@multitable @columnfractions .30 .60 -@headitem Old function @tab Replacement - -@item @funcintref{gnutls_global_init} -@tab No longer required. The library is initialized using a constructor. - -@item @funcintref{gnutls_global_deinit} -@tab No longer required. The library is deinitialized using a destructor. - -@end multitable - -@heading Upgrading to 3.4.x from 3.3.x - -GnuTLS 3.4.x is source compatible with GnuTLS 3.3.x releases; -however, several deprecated functions were removed, and are listed below. - -@multitable @columnfractions .30 .60 -@headitem Old function @tab Replacement - -@item Priority string "NORMAL" has been modified -@tab The following string emulates the 3.3.x behavior "NORMAL:+VERS-SSL3.0:+ARCFOUR-128:+DHE-DSS:+SIGN-DSA-SHA512:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" - -@item @funcintref{gnutls_certificate_client_set_retrieve_function}, -@funcintref{gnutls_certificate_server_set_retrieve_function} -@tab @funcref{gnutls_certificate_set_retrieve_function} - -@item @funcintref{gnutls_certificate_set_rsa_export_params}, -@funcintref{gnutls_rsa_export_get_modulus_bits}, -@funcintref{gnutls_rsa_export_get_pubkey}, -@funcintref{gnutls_rsa_params_cpy}, -@funcintref{gnutls_rsa_params_deinit}, -@funcintref{gnutls_rsa_params_export_pkcs1}, -@funcintref{gnutls_rsa_params_export_raw}, -@funcintref{gnutls_rsa_params_generate2}, -@funcintref{gnutls_rsa_params_import_pkcs1}, -@funcintref{gnutls_rsa_params_import_raw}, -@funcintref{gnutls_rsa_params_init} -@tab No replacement; the library does not support the RSA-EXPORT ciphersuites. - -@item @funcintref{gnutls_pubkey_verify_hash}, -@tab @funcref{gnutls_pubkey_verify_hash2}. - -@item @funcintref{gnutls_pubkey_verify_data}, -@tab @funcref{gnutls_pubkey_verify_data2}. - -@item @funcintref{gnutls_x509_crt_get_verify_algorithm}, -@tab No replacement; a similar function is @funcref{gnutls_x509_crt_get_signature_algorithm}. - -@item @funcintref{gnutls_pubkey_get_verify_algorithm}, -@tab No replacement; a similar function is @funcref{gnutls_pubkey_get_preferred_hash_algorithm}. - -@item @funcintref{gnutls_certificate_type_set_priority}, -@funcintref{gnutls_cipher_set_priority}, -@funcintref{gnutls_compression_set_priority}, -@funcintref{gnutls_kx_set_priority}, -@funcintref{gnutls_mac_set_priority}, -@funcintref{gnutls_protocol_set_priority} -@tab @funcref{gnutls_priority_set_direct}. - -@item @funcintref{gnutls_sign_callback_get}, -@funcintref{gnutls_sign_callback_set} -@tab @funcref{gnutls_privkey_import_ext3} - -@item @funcintref{gnutls_x509_crt_verify_hash} -@tab @funcref{gnutls_pubkey_verify_hash2} - -@item @funcintref{gnutls_x509_crt_verify_data} -@tab @funcref{gnutls_pubkey_verify_data2} - -@item @funcintref{gnutls_privkey_sign_raw_data} -@tab @funcref{gnutls_privkey_sign_hash} with the flag GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA - -@end multitable diff --git a/doc/compat-api.texi b/doc/compat-api.texi index 3470713..92041f9 100644 --- a/doc/compat-api.texi +++ b/doc/compat-api.texi @@ -1,4 +1,132 @@ +@subheading gnutls_certificate_client_set_retrieve_function +@anchor{gnutls_certificate_client_set_retrieve_function} +@deftypefun {void} {gnutls_certificate_client_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_client_retrieve_function * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. + +@var{func}: is the callback function + +This function sets a callback to be called in order to retrieve the +certificate to be used in the handshake. +You are advised to use @code{gnutls_certificate_set_retrieve_function2()} because it +is much more efficient in the processing it requires from gnutls. + +The callback's function prototype is: +int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, +const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st); + + @code{req_ca_cert} is only used in X.509 certificates. +Contains a list with the CA names that the server considers trusted. +Normally we should send a certificate that is signed +by one of these CAs. These names are DER encoded. To get a more +meaningful value use the function @code{gnutls_x509_rdn_get()} . + + @code{pk_algos} contains a list with server's acceptable signature algorithms. +The certificate returned should support the server's given algorithms. + + @code{st} should contain the certificates and private keys. + +If the callback function is provided then gnutls will call it, in the +handshake, if a certificate is requested by the server (and after the +certificate request message has been received). + +The callback function should set the certificate list to be sent, +and return 0 on success. If no certificate was selected then the +number of certificates should be set to zero. The value (-1) +indicates error and the handshake will be terminated. +@end deftypefun + +@subheading gnutls_certificate_server_set_retrieve_function +@anchor{gnutls_certificate_server_set_retrieve_function} +@deftypefun {void} {gnutls_certificate_server_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_server_retrieve_function * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. + +@var{func}: is the callback function + +This function sets a callback to be called in order to retrieve the +certificate to be used in the handshake. +You are advised to use @code{gnutls_certificate_set_retrieve_function2()} because it +is much more efficient in the processing it requires from gnutls. + +The callback's function prototype is: +int (*callback)(gnutls_session_t, gnutls_retr_st* st); + + @code{st} should contain the certificates and private keys. + +If the callback function is provided then gnutls will call it, in the +handshake, after the certificate request message has been received. + +The callback function should set the certificate list to be sent, and +return 0 on success. The value (-1) indicates error and the handshake +will be terminated. +@end deftypefun + +@subheading gnutls_certificate_set_rsa_export_params +@anchor{gnutls_certificate_set_rsa_export_params} +@deftypefun {void} {gnutls_certificate_set_rsa_export_params} (gnutls_certificate_credentials_t @var{res}, gnutls_rsa_params_t @var{rsa_params}) +@var{res}: is a gnutls_certificate_credentials_t structure + +@var{rsa_params}: is a structure that holds temporary RSA parameters. + +This function will set the temporary RSA parameters for a +certificate server to use. These parameters will be used in +RSA-EXPORT cipher suites. +@end deftypefun + +@subheading gnutls_certificate_type_set_priority +@anchor{gnutls_certificate_type_set_priority} +@deftypefun {int} {gnutls_certificate_type_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) +@var{session}: is a @code{gnutls_session_t} structure. + +@var{list}: is a 0 terminated list of gnutls_certificate_type_t elements. + +Sets the priority on the certificate types supported by gnutls. +Priority is higher for elements specified before others. +After specifying the types you want, you must append a 0. +Note that the certificate type priority is set on the client. +The server does not use the cert type priority except for disabling +types that were not specified. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun + +@subheading gnutls_cipher_set_priority +@anchor{gnutls_cipher_set_priority} +@deftypefun {int} {gnutls_cipher_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) +@var{session}: is a @code{gnutls_session_t} structure. + +@var{list}: is a 0 terminated list of gnutls_cipher_algorithm_t elements. + +Sets the priority on the ciphers supported by gnutls. Priority is +higher for elements specified before others. After specifying the +ciphers you want, you must append a 0. Note that the priority is +set on the client. The server does not use the algorithm's +priority except for disabling algorithms that were not specified. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. +@end deftypefun + +@subheading gnutls_compression_set_priority +@anchor{gnutls_compression_set_priority} +@deftypefun {int} {gnutls_compression_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) +@var{session}: is a @code{gnutls_session_t} structure. + +@var{list}: is a 0 terminated list of gnutls_compression_method_t elements. + +Sets the priority on the compression algorithms supported by +gnutls. Priority is higher for elements specified before others. +After specifying the algorithms you want, you must append a 0. +Note that the priority is set on the client. The server does not +use the algorithm's priority except for disabling algorithms that +were not specified. + +TLS 1.0 does not define any compression algorithms except +NULL. Other compression algorithms are to be considered as gnutls +extensions. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun + @subheading gnutls_global_set_mem_functions @anchor{gnutls_global_set_mem_functions} @deftypefun {void} {gnutls_global_set_mem_functions} (gnutls_alloc_function @var{alloc_func}, gnutls_alloc_function @var{secure_alloc_func}, gnutls_is_secure_function @var{is_secure_func}, gnutls_realloc_function @var{realloc_func}, gnutls_free_function @var{free_func}) @@ -26,6 +154,40 @@ This function must be called before @code{gnutls_global_init()} is called. This function is not thread safe. @end deftypefun +@subheading gnutls_kx_set_priority +@anchor{gnutls_kx_set_priority} +@deftypefun {int} {gnutls_kx_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) +@var{session}: is a @code{gnutls_session_t} structure. + +@var{list}: is a 0 terminated list of gnutls_kx_algorithm_t elements. + +Sets the priority on the key exchange algorithms supported by +gnutls. Priority is higher for elements specified before others. +After specifying the algorithms you want, you must append a 0. +Note that the priority is set on the client. The server does not +use the algorithm's priority except for disabling algorithms that +were not specified. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun + +@subheading gnutls_mac_set_priority +@anchor{gnutls_mac_set_priority} +@deftypefun {int} {gnutls_mac_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) +@var{session}: is a @code{gnutls_session_t} structure. + +@var{list}: is a 0 terminated list of gnutls_mac_algorithm_t elements. + +Sets the priority on the mac algorithms supported by gnutls. +Priority is higher for elements specified before others. After +specifying the algorithms you want, you must append a 0. Note +that the priority is set on the client. The server does not use +the algorithm's priority except for disabling algorithms that were +not specified. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun + @subheading gnutls_openpgp_privkey_sign_hash @anchor{gnutls_openpgp_privkey_sign_hash} @deftypefun {int} {gnutls_openpgp_privkey_sign_hash} (gnutls_openpgp_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature}) @@ -45,10 +207,278 @@ negative error value. @strong{Deprecated:} Use @code{gnutls_privkey_sign_hash()} instead. @end deftypefun +@subheading gnutls_privkey_sign_raw_data +@anchor{gnutls_privkey_sign_raw_data} +@deftypefun {int} {gnutls_privkey_sign_raw_data} (gnutls_privkey_t @var{key}, unsigned @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature}) +@var{key}: Holds the key + +@var{flags}: should be zero + +@var{data}: holds the data to be signed + +@var{signature}: will contain the signature allocate with @code{gnutls_malloc()} + +This function will sign the given data using a signature algorithm +supported by the private key. Note that this is a low-level function +and does not apply any preprocessing or hash on the signed data. +For example on an RSA key the input @code{data} should be of the DigestInfo +PKCS @code{1} 1.5 format. Use it only if you know what are you doing. + +Note this function is equivalent to using the @code{GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA} +flag with @code{gnutls_privkey_sign_hash()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.10 +@end deftypefun + +@subheading gnutls_protocol_set_priority +@anchor{gnutls_protocol_set_priority} +@deftypefun {int} {gnutls_protocol_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) +@var{session}: is a @code{gnutls_session_t} structure. + +@var{list}: is a 0 terminated list of gnutls_protocol_t elements. + +Sets the priority on the protocol versions supported by gnutls. +This function actually enables or disables protocols. Newer protocol +versions always have highest priority. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun + +@subheading gnutls_rsa_export_get_modulus_bits +@anchor{gnutls_rsa_export_get_modulus_bits} +@deftypefun {int} {gnutls_rsa_export_get_modulus_bits} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +Get the export RSA parameter's modulus size. + +@strong{Returns:} The bits used in the last RSA-EXPORT key exchange with the +peer, or a negative error code in case of error. +@end deftypefun + +@subheading gnutls_rsa_export_get_pubkey +@anchor{gnutls_rsa_export_get_pubkey} +@deftypefun {int} {gnutls_rsa_export_get_pubkey} (gnutls_session_t @var{session}, gnutls_datum_t * @var{exponent}, gnutls_datum_t * @var{modulus}) +@var{session}: is a gnutls session + +@var{exponent}: will hold the exponent. + +@var{modulus}: will hold the modulus. + +This function will return the peer's public key exponent and +modulus used in the last RSA-EXPORT authentication. The output +parameters must be freed with @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_rsa_params_cpy +@anchor{gnutls_rsa_params_cpy} +@deftypefun {int} {gnutls_rsa_params_cpy} (gnutls_rsa_params_t @var{dst}, gnutls_rsa_params_t @var{src}) +@var{dst}: Is the destination structure, which should be initialized. + +@var{src}: Is the source structure + +This function will copy the RSA parameters structure from source +to destination. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. +@end deftypefun + +@subheading gnutls_rsa_params_deinit +@anchor{gnutls_rsa_params_deinit} +@deftypefun {void} {gnutls_rsa_params_deinit} (gnutls_rsa_params_t @var{rsa_params}) +@var{rsa_params}: Is a structure that holds the parameters + +This function will deinitialize the RSA parameters structure. +@end deftypefun + +@subheading gnutls_rsa_params_export_pkcs1 +@anchor{gnutls_rsa_params_export_pkcs1} +@deftypefun {int} {gnutls_rsa_params_export_pkcs1} (gnutls_rsa_params_t @var{params}, gnutls_x509_crt_fmt_t @var{format}, unsigned char * @var{params_data}, size_t * @var{params_data_size}) +@var{params}: Holds the RSA parameters + +@var{format}: the format of output params. One of PEM or DER. + +@var{params_data}: will contain a PKCS1 RSAPrivateKey structure PEM or DER encoded + +@var{params_data_size}: holds the size of params_data (and will be replaced by the actual size of parameters) + +This function will export the given RSA parameters to a PKCS1 +RSAPrivateKey structure. If the buffer provided is not long enough to +hold the output, then GNUTLS_E_SHORT_MEMORY_BUFFER will be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN RSA PRIVATE KEY". + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. +@end deftypefun + +@subheading gnutls_rsa_params_export_raw +@anchor{gnutls_rsa_params_export_raw} +@deftypefun {int} {gnutls_rsa_params_export_raw} (gnutls_rsa_params_t @var{rsa}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, unsigned int * @var{bits}) +@var{rsa}: a structure that holds the rsa parameters + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +@var{d}: will hold the private exponent + +@var{p}: will hold the first prime (p) + +@var{q}: will hold the second prime (q) + +@var{u}: will hold the coefficient + +@var{bits}: if non null will hold the prime's number of bits + +This function will export the RSA parameters found in the given +structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. +@end deftypefun + +@subheading gnutls_rsa_params_generate2 +@anchor{gnutls_rsa_params_generate2} +@deftypefun {int} {gnutls_rsa_params_generate2} (gnutls_rsa_params_t @var{params}, unsigned int @var{bits}) +@var{params}: The structure where the parameters will be stored + +@var{bits}: is the prime's number of bits + +This function will generate new temporary RSA parameters for use in +RSA-EXPORT ciphersuites. This function is normally slow. + +Note that if the parameters are to be used in export cipher suites the +bits value should be 512 or less. +Also note that the generation of new RSA parameters is only useful +to servers. Clients use the parameters sent by the server, thus it's +no use calling this in client side. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. +@end deftypefun + +@subheading gnutls_rsa_params_import_pkcs1 +@anchor{gnutls_rsa_params_import_pkcs1} +@deftypefun {int} {gnutls_rsa_params_import_pkcs1} (gnutls_rsa_params_t @var{params}, const gnutls_datum_t * @var{pkcs1_params}, gnutls_x509_crt_fmt_t @var{format}) +@var{params}: A structure where the parameters will be copied to + +@var{pkcs1_params}: should contain a PKCS1 RSAPrivateKey structure PEM or DER encoded + +@var{format}: the format of params. PEM or DER. + +This function will extract the RSAPrivateKey found in a PKCS1 formatted +structure. + +If the structure is PEM encoded, it should have a header +of "BEGIN RSA PRIVATE KEY". + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. +@end deftypefun + +@subheading gnutls_rsa_params_import_raw +@anchor{gnutls_rsa_params_import_raw} +@deftypefun {int} {gnutls_rsa_params_import_raw} (gnutls_rsa_params_t @var{rsa_params}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}) +@var{rsa_params}: Is a structure will hold the parameters + +@var{m}: holds the modulus + +@var{e}: holds the public exponent + +@var{d}: holds the private exponent + +@var{p}: holds the first prime (p) + +@var{q}: holds the second prime (q) + +@var{u}: holds the coefficient + +This function will replace the parameters in the given structure. +The new parameters should be stored in the appropriate +gnutls_datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. +@end deftypefun + +@subheading gnutls_rsa_params_init +@anchor{gnutls_rsa_params_init} +@deftypefun {int} {gnutls_rsa_params_init} (gnutls_rsa_params_t * @var{rsa_params}) +@var{rsa_params}: Is a structure that will hold the parameters + +This function will initialize the temporary RSA parameters structure. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. +@end deftypefun + +@subheading gnutls_set_default_export_priority +@anchor{gnutls_set_default_export_priority} +@deftypefun {int} {gnutls_set_default_export_priority} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} structure. + +Sets some default priority on the ciphers, key exchange methods, macs +and compression methods. This function also includes weak algorithms. + +This is the same as calling: + +gnutls_priority_set_direct (session, "EXPORT", NULL); + +This function is kept around for backwards compatibility, but +because of its wide use it is still fully supported. If you wish +to allow users to provide a string that specify which ciphers to +use (which is recommended), you should use +@code{gnutls_priority_set_direct()} or @code{gnutls_priority_set()} instead. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun + +@subheading gnutls_sign_callback_get +@anchor{gnutls_sign_callback_get} +@deftypefun {gnutls_sign_func} {gnutls_sign_callback_get} (gnutls_session_t @var{session}, void ** @var{userdata}) +@var{session}: is a gnutls session + +@var{userdata}: if non-@code{NULL} , will be set to abstract callback pointer. + +Retrieve the callback function, and its userdata pointer. + +@strong{Returns:} The function pointer set by @code{gnutls_sign_callback_set()} , or +if not set, @code{NULL} . + +@strong{Deprecated:} Use the PKCS 11 interfaces instead. +@end deftypefun + +@subheading gnutls_sign_callback_set +@anchor{gnutls_sign_callback_set} +@deftypefun {void} {gnutls_sign_callback_set} (gnutls_session_t @var{session}, gnutls_sign_func @var{sign_func}, void * @var{userdata}) +@var{session}: is a gnutls session + +@var{sign_func}: function pointer to application's sign callback. + +@var{userdata}: void pointer that will be passed to sign callback. + +Set the callback function. The function must have this prototype: + +typedef int (*gnutls_sign_func) (gnutls_session_t session, +void *userdata, +gnutls_certificate_type_t cert_type, +const gnutls_datum_t * cert, +const gnutls_datum_t * hash, +gnutls_datum_t * signature); + +The @code{userdata} parameter is passed to the @code{sign_func} verbatim, and +can be used to store application-specific data needed in the +callback function. See also @code{gnutls_sign_callback_get()} . + +@strong{Deprecated:} Use the PKCS 11 or @code{gnutls_privkey_t} interfacess like @code{gnutls_privkey_import_ext()} instead. +@end deftypefun + @subheading gnutls_x509_crl_sign @anchor{gnutls_x509_crl_sign} @deftypefun {int} {gnutls_x509_crl_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{issuer}: is the certificate of the certificate issuer @@ -66,7 +496,7 @@ negative error value. @subheading gnutls_x509_crq_sign @anchor{gnutls_x509_crq_sign} @deftypefun {int} {gnutls_x509_crq_sign} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{key}: holds a private key @@ -88,7 +518,7 @@ negative error value. @var{mand}: If non-zero it means that the algorithm MUST use this hash. May be NULL. -This function will read the certificate and return the appropriate digest +This function will read the certifcate and return the appropriate digest algorithm to use for signing with this certificate. Some certificates (i.e. DSA might not be able to sign without the preferred algorithm). @@ -100,10 +530,106 @@ returned on error. @strong{Since:} 2.12.0 @end deftypefun +@subheading gnutls_x509_crt_get_verify_algorithm +@anchor{gnutls_x509_crt_get_verify_algorithm} +@deftypefun {int} {gnutls_x509_crt_get_verify_algorithm} (gnutls_x509_crt_t @var{crt}, const gnutls_datum_t * @var{signature}, gnutls_digest_algorithm_t * @var{hash}) +@var{crt}: Holds the certificate + +@var{signature}: contains the signature + +@var{hash}: The result of the call with the hash algorithm used for signature + +This function will read the certifcate and the signed data to +determine the hash algorithm used to generate the signature. + +@strong{Deprecated:} Use @code{gnutls_pubkey_get_verify_algorithm()} instead. + +@strong{Returns:} the 0 if the hash algorithm is found. A negative error code is +returned on error. + +@strong{Since:} 2.8.0 +@end deftypefun + +@subheading gnutls_x509_crt_verify_data +@anchor{gnutls_x509_crt_verify_data} +@deftypefun {int} {gnutls_x509_crt_verify_data} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) +@var{crt}: Holds the certificate + +@var{flags}: should be 0 for now + +@var{data}: holds the data to be signed + +@var{signature}: contains the signature + +This function will verify the given signed data, using the +parameters from the certificate. + +Deprecated. This function cannot be easily used securely. +Use @code{gnutls_pubkey_verify_data2()} instead. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. +@end deftypefun + +@subheading gnutls_x509_crt_verify_hash +@anchor{gnutls_x509_crt_verify_hash} +@deftypefun {int} {gnutls_x509_crt_verify_hash} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature}) +@var{crt}: Holds the certificate + +@var{flags}: should be 0 for now + +@var{hash}: holds the hash digest to be verified + +@var{signature}: contains the signature + +This function will verify the given signed digest, using the +parameters from the certificate. + +Deprecated. This function cannot be easily used securely. +Use @code{gnutls_pubkey_verify_hash2()} instead. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. +@end deftypefun + +@subheading gnutls_x509_privkey_sign_data +@anchor{gnutls_x509_privkey_sign_data} +@deftypefun {int} {gnutls_x509_privkey_sign_data} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, void * @var{signature}, size_t * @var{signature_size}) +@var{key}: Holds the key + +@var{digest}: should be MD5 or SHA1 + +@var{flags}: should be 0 for now + +@var{data}: holds the data to be signed + +@var{signature}: will contain the signature + +@var{signature_size}: holds the size of signature (and will be replaced +by the new size) + +This function will sign the given data using a signature algorithm +supported by the private key. Signature algorithms are always used +together with a hash functions. Different hash functions may be +used for the RSA algorithm, but only SHA-1 for the DSA keys. + +If the buffer provided is not long enough to hold the output, then +* @code{signature_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will +be returned. + +Use @code{gnutls_x509_crt_get_preferred_hash_algorithm()} to determine +the hash algorithm. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Deprecated:} Use @code{gnutls_privkey_sign_data()} . +@end deftypefun + @subheading gnutls_x509_privkey_sign_hash @anchor{gnutls_x509_privkey_sign_hash} @deftypefun {int} {gnutls_x509_privkey_sign_hash} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature}) -@var{key}: a key +@var{key}: Holds the key @var{hash}: holds the data to be signed diff --git a/doc/core.c.texi b/doc/core.c.texi index 2238574..9281993 100644 --- a/doc/core.c.texi +++ b/doc/core.c.texi @@ -1,336 +1,386 @@ @c Automatically generated, do not edit. -@c snarfed from ../guile/src/core.c:3239 +@c snarfed from ../guile/src/core.c:3345 @deffn {Scheme Procedure} set-log-level! level Enable GnuTLS logging up to @var{level} (an integer). @end deffn -@c snarfed from ../guile/src/core.c:3221 +@c snarfed from ../guile/src/core.c:3327 @deffn {Scheme Procedure} set-log-procedure! proc Use @var{proc} (a two-argument procedure) as the global GnuTLS log procedure. @end deffn -@c snarfed from ../guile/src/core.c:3182 +@c snarfed from ../guile/src/core.c:3288 @deffn {Scheme Procedure} set-certificate-credentials-openpgp-keys! cred pub sec Use certificate @var{pub} and secret key @var{sec} in certificate credentials @var{cred}. @end deffn -@c snarfed from ../guile/src/core.c:3144 +@c snarfed from ../guile/src/core.c:3250 @deffn {Scheme Procedure} openpgp-keyring-contains-key-id? keyring id Return @code{#f} if key ID @var{id} is in @var{keyring}, @code{#f} otherwise. @end deffn -@c snarfed from ../guile/src/core.c:3098 +@c snarfed from ../guile/src/core.c:3204 @deffn {Scheme Procedure} import-openpgp-keyring data format Import @var{data} (a u8vector) according to @var{format} and return the imported keyring. @end deffn -@c snarfed from ../guile/src/core.c:3072 +@c snarfed from ../guile/src/core.c:3178 @deffn {Scheme Procedure} openpgp-certificate-usage key Return a list of values denoting the key usage of @var{key}. @end deffn -@c snarfed from ../guile/src/core.c:3055 +@c snarfed from ../guile/src/core.c:3161 @deffn {Scheme Procedure} openpgp-certificate-version key Return the version of the OpenPGP message format (RFC2440) honored by @var{key}. @end deffn -@c snarfed from ../guile/src/core.c:3034 +@c snarfed from ../guile/src/core.c:3140 @deffn {Scheme Procedure} openpgp-certificate-algorithm key Return two values: the certificate algorithm used by @var{key} and the number of bits used. @end deffn -@c snarfed from ../guile/src/core.c:2998 +@c snarfed from ../guile/src/core.c:3104 @deffn {Scheme Procedure} openpgp-certificate-names key Return the list of names for @var{key}. @end deffn -@c snarfed from ../guile/src/core.c:2975 +@c snarfed from ../guile/src/core.c:3081 @deffn {Scheme Procedure} openpgp-certificate-name key index Return the @var{index}th name of @var{key}. @end deffn -@c snarfed from ../guile/src/core.c:2917 +@c snarfed from ../guile/src/core.c:3023 @deffn {Scheme Procedure} openpgp-certificate-fingerprint key Return a new u8vector denoting the fingerprint of @var{key}. @end deffn -@c snarfed from ../guile/src/core.c:2887 +@c snarfed from ../guile/src/core.c:2993 @deffn {Scheme Procedure} openpgp-certificate-fingerprint! key fpr Store in @var{fpr} (a u8vector) the fingerprint of @var{key}. Return the number of bytes stored in @var{fpr}. @end deffn -@c snarfed from ../guile/src/core.c:2852 +@c snarfed from ../guile/src/core.c:2958 @deffn {Scheme Procedure} openpgp-certificate-id! key id Store the ID (an 8 byte sequence) of certificate @var{key} in @var{id} (a u8vector). @end deffn -@c snarfed from ../guile/src/core.c:2826 +@c snarfed from ../guile/src/core.c:2932 @deffn {Scheme Procedure} openpgp-certificate-id key Return the ID (an 8-element u8vector) of certificate @var{key}. @end deffn -@c snarfed from ../guile/src/core.c:2771 +@c snarfed from ../guile/src/core.c:2877 @deffn {Scheme Procedure} import-openpgp-private-key data format [pass] Return a new OpenPGP private key object resulting from the import of @var{data} (a uniform array) according to @var{format}. Optionally, a passphrase may be provided. @end deffn -@c snarfed from ../guile/src/core.c:2726 +@c snarfed from ../guile/src/core.c:2832 @deffn {Scheme Procedure} import-openpgp-certificate data format Return a new OpenPGP certificate object resulting from the import of @var{data} (a uniform array) according to @var{format}. @end deffn -@c snarfed from ../guile/src/core.c:2662 +@c snarfed from ../guile/src/core.c:2768 @deffn {Scheme Procedure} x509-certificate-subject-alternative-name cert index Return two values: the alternative name type for @var{cert} (i.e., one of the @code{x509-subject-alternative-name/} values) and the actual subject alternative name (a string) at @var{index}. Both values are @code{#f} if no alternative name is available at @var{index}. @end deffn -@c snarfed from ../guile/src/core.c:2627 +@c snarfed from ../guile/src/core.c:2733 @deffn {Scheme Procedure} x509-certificate-subject-key-id cert Return the subject key ID (a u8vector) for @var{cert}. @end deffn -@c snarfed from ../guile/src/core.c:2596 +@c snarfed from ../guile/src/core.c:2702 @deffn {Scheme Procedure} x509-certificate-authority-key-id cert Return the key ID (a u8vector) of the X.509 certificate authority of @var{cert}. @end deffn -@c snarfed from ../guile/src/core.c:2564 +@c snarfed from ../guile/src/core.c:2670 @deffn {Scheme Procedure} x509-certificate-key-id cert Return a statistically unique ID (a u8vector) for @var{cert} that depends on its public key parameters. This is normally a 20-byte SHA-1 hash. @end deffn -@c snarfed from ../guile/src/core.c:2542 +@c snarfed from ../guile/src/core.c:2648 @deffn {Scheme Procedure} x509-certificate-version cert Return the version of @var{cert}. @end deffn -@c snarfed from ../guile/src/core.c:2515 +@c snarfed from ../guile/src/core.c:2621 @deffn {Scheme Procedure} x509-certificate-key-usage cert Return the key usage of @var{cert} (i.e., a list of @code{key-usage/} values), or the empty list if @var{cert} does not contain such information. @end deffn -@c snarfed from ../guile/src/core.c:2492 +@c snarfed from ../guile/src/core.c:2598 @deffn {Scheme Procedure} x509-certificate-public-key-algorithm cert Return two values: the public key algorithm (i.e., one of the @code{pk-algorithm/} values) of @var{cert} and the number of bits used. @end deffn -@c snarfed from ../guile/src/core.c:2469 +@c snarfed from ../guile/src/core.c:2575 @deffn {Scheme Procedure} x509-certificate-signature-algorithm cert Return the signature algorithm used by @var{cert} (i.e., one of the @code{sign-algorithm/} values). @end deffn -@c snarfed from ../guile/src/core.c:2437 +@c snarfed from ../guile/src/core.c:2543 @deffn {Scheme Procedure} x509-certificate-matches-hostname? cert hostname Return true if @var{cert} matches @var{hostname}, a string denoting a DNS host name. This is the basic implementation of @uref{http://tools.ietf.org/html/rfc2818, RFC 2818} (aka. HTTPS). @end deffn -@c snarfed from ../guile/src/core.c:2419 +@c snarfed from ../guile/src/core.c:2525 @deffn {Scheme Procedure} x509-certificate-issuer-dn-oid cert index Return the OID (a string) at @var{index} from @var{cert}'s issuer DN. Return @code{#f} if no OID is available at @var{index}. @end deffn -@c snarfed from ../guile/src/core.c:2405 +@c snarfed from ../guile/src/core.c:2511 @deffn {Scheme Procedure} x509-certificate-dn-oid cert index Return OID (a string) at @var{index} from @var{cert}. Return @code{#f} if no OID is available at @var{index}. @end deffn -@c snarfed from ../guile/src/core.c:2343 +@c snarfed from ../guile/src/core.c:2449 @deffn {Scheme Procedure} x509-certificate-issuer-dn cert Return the distinguished name (DN) of X.509 certificate @var{cert}. @end deffn -@c snarfed from ../guile/src/core.c:2330 +@c snarfed from ../guile/src/core.c:2436 @deffn {Scheme Procedure} x509-certificate-dn cert Return the distinguished name (DN) of X.509 certificate @var{cert}. The form of the DN is as described in @uref{http://tools.ietf.org/html/rfc2253, RFC 2253}. @end deffn -@c snarfed from ../guile/src/core.c:2240 +@c snarfed from ../guile/src/core.c:2346 @deffn {Scheme Procedure} pkcs8-import-x509-private-key data format [pass [encrypted]] Return a new X.509 private key object resulting from the import of @var{data} (a uniform array) according to @var{format}. Optionally, if @var{pass} is not @code{#f}, it should be a string denoting a passphrase. @var{encrypted} tells whether the private key is encrypted (@code{#t} by default). @end deffn -@c snarfed from ../guile/src/core.c:2191 +@c snarfed from ../guile/src/core.c:2297 @deffn {Scheme Procedure} import-x509-private-key data format Return a new X.509 private key object resulting from the import of @var{data} (a uniform array) according to @var{format}. @end deffn -@c snarfed from ../guile/src/core.c:2146 +@c snarfed from ../guile/src/core.c:2252 @deffn {Scheme Procedure} import-x509-certificate data format Return a new X.509 certificate object resulting from the import of @var{data} (a uniform array) according to @var{format}. @end deffn -@c snarfed from ../guile/src/core.c:2118 +@c snarfed from ../guile/src/core.c:2224 @deffn {Scheme Procedure} server-session-psk-username session Return the username associated with PSK server session @var{session}. @end deffn -@c snarfed from ../guile/src/core.c:2074 +@c snarfed from ../guile/src/core.c:2180 @deffn {Scheme Procedure} set-psk-client-credentials! cred username key key-format Set the client credentials for @var{cred}, a PSK client credentials object. @end deffn -@c snarfed from ../guile/src/core.c:2054 +@c snarfed from ../guile/src/core.c:2160 @deffn {Scheme Procedure} make-psk-client-credentials Return a new PSK client credentials object. @end deffn -@c snarfed from ../guile/src/core.c:2026 +@c snarfed from ../guile/src/core.c:2132 @deffn {Scheme Procedure} set-psk-server-credentials-file! cred file Use @var{file} as the password file for PSK server credentials @var{cred}. @end deffn -@c snarfed from ../guile/src/core.c:2006 +@c snarfed from ../guile/src/core.c:2112 @deffn {Scheme Procedure} make-psk-server-credentials Return new PSK server credentials. @end deffn -@c snarfed from ../guile/src/core.c:1718 +@c snarfed from ../guile/src/core.c:1824 @deffn {Scheme Procedure} peer-certificate-status session Verify the peer certificate for @var{session} and return a list of @code{certificate-status} values (such as @code{certificate-status/revoked}), or the empty list if the certificate is valid. @end deffn -@c snarfed from ../guile/src/core.c:1690 +@c snarfed from ../guile/src/core.c:1796 @deffn {Scheme Procedure} set-certificate-credentials-verify-flags! cred [flags...] Set the certificate verification flags to @var{flags}, a series of @code{certificate-verify} values. @end deffn -@c snarfed from ../guile/src/core.c:1668 +@c snarfed from ../guile/src/core.c:1774 @deffn {Scheme Procedure} set-certificate-credentials-verify-limits! cred max-bits max-depth Set the verification limits of @code{peer-certificate-status} for certificate credentials @var{cred} to @var{max_bits} bits for an acceptable certificate and @var{max_depth} as the maximum depth of a certificate chain. @end deffn -@c snarfed from ../guile/src/core.c:1626 +@c snarfed from ../guile/src/core.c:1732 @deffn {Scheme Procedure} set-certificate-credentials-x509-keys! cred certs privkey Have certificate credentials @var{cred} use the X.509 certificates listed in @var{certs} and X.509 private key @var{privkey}. @end deffn -@c snarfed from ../guile/src/core.c:1580 +@c snarfed from ../guile/src/core.c:1686 @deffn {Scheme Procedure} set-certificate-credentials-x509-key-data! cred cert key format Use X.509 certificate @var{cert} and private key @var{key}, both uniform arrays containing the X.509 certificate and key in format @var{format}, for certificate credentials @var{cred}. @end deffn -@c snarfed from ../guile/src/core.c:1560 +@c snarfed from ../guile/src/core.c:1666 @deffn {Scheme Procedure} set-certificate-credentials-x509-crl-data! cred data format Use @var{data} (a uniform array) as the X.509 CRL (certificate revocation list) database for @var{cred}. On success, return the number of CRLs processed. @end deffn -@c snarfed from ../guile/src/core.c:1541 +@c snarfed from ../guile/src/core.c:1647 @deffn {Scheme Procedure} set-certificate-credentials-x509-trust-data! cred data format Use @var{data} (a uniform array) as the X.509 trust database for @var{cred}. On success, return the number of certificates processed. @end deffn -@c snarfed from ../guile/src/core.c:1522 +@c snarfed from ../guile/src/core.c:1628 @deffn {Scheme Procedure} set-certificate-credentials-x509-crl-file! cred file format Use @var{file} as the X.509 CRL (certificate revocation list) file for certificate credentials @var{cred}. On success, return the number of CRLs processed. @end deffn -@c snarfed from ../guile/src/core.c:1503 +@c snarfed from ../guile/src/core.c:1609 @deffn {Scheme Procedure} set-certificate-credentials-x509-trust-file! cred file format Use @var{file} as the X.509 trust file for certificate credentials @var{cred}. On success, return the number of certificates processed. @end deffn -@c snarfed from ../guile/src/core.c:1461 +@c snarfed from ../guile/src/core.c:1567 @deffn {Scheme Procedure} set-certificate-credentials-x509-key-files! cred cert-file key-file format Use @var{file} as the password file for PSK server credentials @var{cred}. @end deffn -@c snarfed from ../guile/src/core.c:1439 +@c snarfed from ../guile/src/core.c:1545 +@deffn {Scheme Procedure} set-certificate-credentials-rsa-export-parameters! cred rsa-params +Use RSA parameters @var{rsa_params} for certificate credentials @var{cred}. +@end deffn + +@c snarfed from ../guile/src/core.c:1523 @deffn {Scheme Procedure} set-certificate-credentials-dh-parameters! cred dh-params Use Diffie-Hellman parameters @var{dh_params} for certificate credentials @var{cred}. @end deffn -@c snarfed from ../guile/src/core.c:1419 +@c snarfed from ../guile/src/core.c:1503 @deffn {Scheme Procedure} make-certificate-credentials Return new certificate credentials (i.e., for use with either X.509 or OpenPGP certificates. @end deffn -@c snarfed from ../guile/src/core.c:1315 +@c snarfed from ../guile/src/core.c:1397 +@deffn {Scheme Procedure} pkcs1-export-rsa-parameters rsa-params format +Export Diffie-Hellman parameters @var{rsa_params} in PKCS1 format according for @var{format} (an @code{x509-certificate-format} value). Return a @code{u8vector} containing the result. +@end deffn + +@c snarfed from ../guile/src/core.c:1352 +@deffn {Scheme Procedure} pkcs1-import-rsa-parameters array format +Import Diffie-Hellman parameters in PKCS1 format (further specified by @var{format}, an @code{x509-certificate-format} value) from @var{array} (a homogeneous array) and return a new @code{rsa-params} object. +@end deffn + +@c snarfed from ../guile/src/core.c:1320 +@deffn {Scheme Procedure} make-rsa-parameters bits +Return new RSA parameters. +@end deffn + +@c snarfed from ../guile/src/core.c:1299 @deffn {Scheme Procedure} set-anonymous-server-dh-parameters! cred dh-params Set the Diffie-Hellman parameters of anonymous server credentials @var{cred}. @end deffn -@c snarfed from ../guile/src/core.c:1295 +@c snarfed from ../guile/src/core.c:1279 @deffn {Scheme Procedure} make-anonymous-client-credentials Return anonymous client credentials. @end deffn -@c snarfed from ../guile/src/core.c:1277 +@c snarfed from ../guile/src/core.c:1261 @deffn {Scheme Procedure} make-anonymous-server-credentials Return anonymous server credentials. @end deffn -@c snarfed from ../guile/src/core.c:1256 +@c snarfed from ../guile/src/core.c:1240 @deffn {Scheme Procedure} set-session-dh-prime-bits! session bits Use @var{bits} DH prime bits for @var{session}. @end deffn -@c snarfed from ../guile/src/core.c:1234 +@c snarfed from ../guile/src/core.c:1218 @deffn {Scheme Procedure} pkcs3-export-dh-parameters dh-params format Export Diffie-Hellman parameters @var{dh_params} in PKCS3 format according for @var{format} (an @code{x509-certificate-format} value). Return a @code{u8vector} containing the result. @end deffn -@c snarfed from ../guile/src/core.c:1189 +@c snarfed from ../guile/src/core.c:1173 @deffn {Scheme Procedure} pkcs3-import-dh-parameters array format Import Diffie-Hellman parameters in PKCS3 format (further specified by @var{format}, an @code{x509-certificate-format} value) from @var{array} (a homogeneous array) and return a new @code{dh-params} object. @end deffn -@c snarfed from ../guile/src/core.c:1157 +@c snarfed from ../guile/src/core.c:1141 @deffn {Scheme Procedure} make-dh-parameters bits Return new Diffie-Hellman parameters. @end deffn -@c snarfed from ../guile/src/core.c:1076 +@c snarfed from ../guile/src/core.c:1060 @deffn {Scheme Procedure} set-session-transport-port! session port Use @var{port} as the input/output port for @var{session}. @end deffn -@c snarfed from ../guile/src/core.c:1025 +@c snarfed from ../guile/src/core.c:1009 @deffn {Scheme Procedure} set-session-transport-fd! session fd Use file descriptor @var{fd} as the underlying transport for @var{session}. @end deffn -@c snarfed from ../guile/src/core.c:980 +@c snarfed from ../guile/src/core.c:964 @deffn {Scheme Procedure} session-record-port session Return a read-write port that may be used to communicate over @var{session}. All invocations of @code{session-port} on a given session return the same object (in the sense of @code{eq?}). @end deffn -@c snarfed from ../guile/src/core.c:754 +@c snarfed from ../guile/src/core.c:738 @deffn {Scheme Procedure} record-receive! session array Receive data from @var{session} into @var{array}, a uniform homogeneous array. Return the number of bytes actually received. @end deffn -@c snarfed from ../guile/src/core.c:721 +@c snarfed from ../guile/src/core.c:705 @deffn {Scheme Procedure} record-send session array Send the record constituted by @var{array} through @var{session}. @end deffn -@c snarfed from ../guile/src/core.c:690 -@deffn {Scheme Procedure} set-session-server-name! session type name -For a client, this procedure provides a way to inform the server that it is known under @var{name}, @i{via} the @code{SERVER NAME} TLS extension. @var{type} must be a @code{server-name-type} value, @var{server-name-type/dns} for DNS names. -@end deffn - -@c snarfed from ../guile/src/core.c:605 +@c snarfed from ../guile/src/core.c:621 @deffn {Scheme Procedure} set-session-credentials! session cred Use @var{cred} as @var{session}'s credentials. @end deffn -@c snarfed from ../guile/src/core.c:583 +@c snarfed from ../guile/src/core.c:599 @deffn {Scheme Procedure} cipher-suite->string kx cipher mac Return the name of the given cipher suite. @end deffn -@c snarfed from ../guile/src/core.c:544 +@c snarfed from ../guile/src/core.c:560 @deffn {Scheme Procedure} set-session-priorities! session priorities -Have @var{session} use the given @var{priorities} for the ciphers, key exchange methods, MACs and compression methods. @var{priorities} must be a string (@pxref{Priority Strings,,, gnutls, GnuTLS@comma{} Transport Layer Security Library for the GNU system}). When @var{priorities} cannot be parsed, an @code{error/invalid-request} error is raised, with an extra argument indication the position of the error. +Have @var{session} use the given @var{priorities} for the ciphers, key exchange methods, MACs and compression methods. @var{priorities} must be a string (see Priority Strings). When @var{priorities} cannot be parsed, an @code{error/invalid-request} error is raised, with an extra argument indication the position of the error. @end deffn -@c snarfed from ../guile/src/core.c:521 +@c snarfed from ../guile/src/core.c:539 +@deffn {Scheme Procedure} set-session-default-export-priority! session +Have @var{session} use the default export priorities. +@end deffn + +@c snarfed from ../guile/src/core.c:523 @deffn {Scheme Procedure} set-session-default-priority! session Have @var{session} use the default priorities. @end deffn +@c snarfed from ../guile/src/priorities.i.c:110 +@deffn {Scheme Procedure} set-session-certificate-type-priority! session items +Use @var{items} (a list) as the list of preferred certificate-type for @var{session}. +@end deffn + +@c snarfed from ../guile/src/priorities.i.c:89 +@deffn {Scheme Procedure} set-session-protocol-priority! session items +Use @var{items} (a list) as the list of preferred protocol for @var{session}. +@end deffn + +@c snarfed from ../guile/src/priorities.i.c:68 +@deffn {Scheme Procedure} set-session-kx-priority! session items +Use @var{items} (a list) as the list of preferred kx for @var{session}. +@end deffn + +@c snarfed from ../guile/src/priorities.i.c:47 +@deffn {Scheme Procedure} set-session-compression-method-priority! session items +Use @var{items} (a list) as the list of preferred compression-method for @var{session}. +@end deffn + +@c snarfed from ../guile/src/priorities.i.c:26 +@deffn {Scheme Procedure} set-session-mac-priority! session items +Use @var{items} (a list) as the list of preferred mac for @var{session}. +@end deffn + +@c snarfed from ../guile/src/priorities.i.c:5 +@deffn {Scheme Procedure} set-session-cipher-priority! session items +Use @var{items} (a list) as the list of preferred cipher for @var{session}. +@end deffn + @c snarfed from ../guile/src/core.c:500 @deffn {Scheme Procedure} set-server-session-certificate-request! session request Tell how @var{session}, a server-side session, should deal with certificate requests. @var{request} should be either @code{certificate-request/request} or @code{certificate-request/require}. @@ -426,56 +476,61 @@ Return a new session for connection end @var{end}, either @code{connection-end/s Return a string denoting the version number of the underlying GnuTLS library, e.g., @code{"1.7.2"}. @end deffn -@c snarfed from ../guile/src/smob-types.i.c:219 +@c snarfed from ../guile/src/smob-types.i.c:235 @deffn {Scheme Procedure} openpgp-keyring? obj Return true if @var{obj} is of type @code{openpgp-keyring}. @end deffn -@c snarfed from ../guile/src/smob-types.i.c:203 +@c snarfed from ../guile/src/smob-types.i.c:219 @deffn {Scheme Procedure} openpgp-private-key? obj Return true if @var{obj} is of type @code{openpgp-private-key}. @end deffn -@c snarfed from ../guile/src/smob-types.i.c:187 +@c snarfed from ../guile/src/smob-types.i.c:203 @deffn {Scheme Procedure} openpgp-certificate? obj Return true if @var{obj} is of type @code{openpgp-certificate}. @end deffn -@c snarfed from ../guile/src/smob-types.i.c:171 +@c snarfed from ../guile/src/smob-types.i.c:187 @deffn {Scheme Procedure} x509-private-key? obj Return true if @var{obj} is of type @code{x509-private-key}. @end deffn -@c snarfed from ../guile/src/smob-types.i.c:155 +@c snarfed from ../guile/src/smob-types.i.c:171 @deffn {Scheme Procedure} x509-certificate? obj Return true if @var{obj} is of type @code{x509-certificate}. @end deffn -@c snarfed from ../guile/src/smob-types.i.c:139 +@c snarfed from ../guile/src/smob-types.i.c:155 @deffn {Scheme Procedure} psk-client-credentials? obj Return true if @var{obj} is of type @code{psk-client-credentials}. @end deffn -@c snarfed from ../guile/src/smob-types.i.c:123 +@c snarfed from ../guile/src/smob-types.i.c:139 @deffn {Scheme Procedure} psk-server-credentials? obj Return true if @var{obj} is of type @code{psk-server-credentials}. @end deffn -@c snarfed from ../guile/src/smob-types.i.c:107 +@c snarfed from ../guile/src/smob-types.i.c:123 @deffn {Scheme Procedure} srp-client-credentials? obj Return true if @var{obj} is of type @code{srp-client-credentials}. @end deffn -@c snarfed from ../guile/src/smob-types.i.c:91 +@c snarfed from ../guile/src/smob-types.i.c:107 @deffn {Scheme Procedure} srp-server-credentials? obj Return true if @var{obj} is of type @code{srp-server-credentials}. @end deffn -@c snarfed from ../guile/src/smob-types.i.c:75 +@c snarfed from ../guile/src/smob-types.i.c:91 @deffn {Scheme Procedure} certificate-credentials? obj Return true if @var{obj} is of type @code{certificate-credentials}. @end deffn +@c snarfed from ../guile/src/smob-types.i.c:75 +@deffn {Scheme Procedure} rsa-parameters? obj +Return true if @var{obj} is of type @code{rsa-parameters}. +@end deffn + @c snarfed from ../guile/src/smob-types.i.c:59 @deffn {Scheme Procedure} dh-parameters? obj Return true if @var{obj} is of type @code{dh-parameters}. @@ -496,36 +551,31 @@ Return true if @var{obj} is of type @code{anonymous-client-credentials}. Return true if @var{obj} is of type @code{session}. @end deffn -@c snarfed from ../guile/src/enum-map.i.c:955 +@c snarfed from ../guile/src/enum-map.i.c:915 @deffn {Scheme Procedure} openpgp-certificate-format->string enumval Return a string describing @var{enumval}, a @code{openpgp-certificate-format} value. @end deffn -@c snarfed from ../guile/src/enum-map.i.c:914 +@c snarfed from ../guile/src/enum-map.i.c:874 @deffn {Scheme Procedure} error->string enumval Return a string describing @var{enumval}, a @code{error} value. @end deffn -@c snarfed from ../guile/src/enum-map.i.c:893 +@c snarfed from ../guile/src/enum-map.i.c:853 @deffn {Scheme Procedure} certificate-verify->string enumval Return a string describing @var{enumval}, a @code{certificate-verify} value. @end deffn -@c snarfed from ../guile/src/enum-map.i.c:848 +@c snarfed from ../guile/src/enum-map.i.c:808 @deffn {Scheme Procedure} key-usage->string enumval Return a string describing @var{enumval}, a @code{key-usage} value. @end deffn -@c snarfed from ../guile/src/enum-map.i.c:800 +@c snarfed from ../guile/src/enum-map.i.c:760 @deffn {Scheme Procedure} psk-key-format->string enumval Return a string describing @var{enumval}, a @code{psk-key-format} value. @end deffn -@c snarfed from ../guile/src/enum-map.i.c:759 -@deffn {Scheme Procedure} server-name-type->string enumval -Return a string describing @var{enumval}, a @code{server-name-type} value. -@end deffn - @c snarfed from ../guile/src/enum-map.i.c:719 @deffn {Scheme Procedure} sign-algorithm->string enumval Return a string describing @var{enumval}, a @code{sign-algorithm} value. diff --git a/doc/credentials/Makefile.in b/doc/credentials/Makefile.in index 8eea917..9e795ce 100644 --- a/doc/credentials/Makefile.in +++ b/doc/credentials/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -34,17 +34,7 @@ # along with this file; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -108,6 +98,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = doc/credentials +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/bison.m4 \ @@ -141,7 +132,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ $(top_srcdir)/src/gl/m4/xalloc.m4 \ $(top_srcdir)/src/libopts/m4/libopts.m4 \ - $(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \ $(top_srcdir)/gl/m4/00gnulib.m4 \ $(top_srcdir)/gl/m4/absolute-header.m4 \ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/base64.m4 \ @@ -218,7 +208,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -278,7 +267,6 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) -am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -355,7 +343,6 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ -ENABLE_PADLOCK = @ENABLE_PADLOCK@ ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ ENOLINK_VALUE = @ENOLINK_VALUE@ EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ @@ -515,7 +502,6 @@ GNULIB_PUTCHAR = @GNULIB_PUTCHAR@ GNULIB_PUTENV = @GNULIB_PUTENV@ GNULIB_PUTS = @GNULIB_PUTS@ GNULIB_PWRITE = @GNULIB_PWRITE@ -GNULIB_QSORT_R = @GNULIB_QSORT_R@ GNULIB_RAISE = @GNULIB_RAISE@ GNULIB_RANDOM = @GNULIB_RANDOM@ GNULIB_RANDOM_R = @GNULIB_RANDOM_R@ @@ -578,7 +564,6 @@ GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@ GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@ GNULIB_TIMEGM = @GNULIB_TIMEGM@ GNULIB_TIME_R = @GNULIB_TIME_R@ -GNULIB_TIME_RZ = @GNULIB_TIME_RZ@ GNULIB_TMPFILE = @GNULIB_TMPFILE@ GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@ GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@ @@ -728,7 +713,6 @@ HAVE_LCHMOD = @HAVE_LCHMOD@ HAVE_LCHOWN = @HAVE_LCHOWN@ HAVE_LIBDL = @HAVE_LIBDL@ HAVE_LIBICONV = @HAVE_LIBICONV@ -HAVE_LIBNSL = @HAVE_LIBNSL@ HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ HAVE_LIBRT = @HAVE_LIBRT@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -736,7 +720,6 @@ HAVE_LINK = @HAVE_LINK@ HAVE_LINKAT = @HAVE_LINKAT@ HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ HAVE_LSTAT = @HAVE_LSTAT@ -HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ HAVE_MBRLEN = @HAVE_MBRLEN@ HAVE_MBRTOWC = @HAVE_MBRTOWC@ HAVE_MBSINIT = @HAVE_MBSINIT@ @@ -827,7 +810,6 @@ HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ HAVE_TIMEGM = @HAVE_TIMEGM@ -HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ HAVE_UNISTD_H = @HAVE_UNISTD_H@ HAVE_UNLINKAT = @HAVE_UNLINKAT@ @@ -903,8 +885,6 @@ LIBICONV_PREFIX = @LIBICONV_PREFIX@ LIBIDN_CFLAGS = @LIBIDN_CFLAGS@ LIBIDN_LIBS = @LIBIDN_LIBS@ LIBINTL = @LIBINTL@ -LIBNSL = @LIBNSL@ -LIBNSL_PREFIX = @LIBNSL_PREFIX@ LIBOBJS = @LIBOBJS@ LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ LIBOPTS_DIR = @LIBOPTS_DIR@ @@ -929,7 +909,6 @@ LTALLOCA = @LTALLOCA@ LTLIBDL = @LTLIBDL@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ -LTLIBNSL = @LTLIBNSL@ LTLIBOBJS = @LTLIBOBJS@ LTLIBPTHREAD = @LTLIBPTHREAD@ LTLIBRT = @LTLIBRT@ @@ -1109,12 +1088,10 @@ REPLACE_PTSNAME = @REPLACE_PTSNAME@ REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ REPLACE_PUTENV = @REPLACE_PUTENV@ REPLACE_PWRITE = @REPLACE_PWRITE@ -REPLACE_QSORT_R = @REPLACE_QSORT_R@ REPLACE_RAISE = @REPLACE_RAISE@ REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ REPLACE_READ = @REPLACE_READ@ REPLACE_READLINK = @REPLACE_READLINK@ -REPLACE_READLINKAT = @REPLACE_READLINKAT@ REPLACE_REALLOC = @REPLACE_REALLOC@ REPLACE_REALPATH = @REPLACE_REALPATH@ REPLACE_REMOVE = @REPLACE_REMOVE@ @@ -1146,7 +1123,6 @@ REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ REPLACE_SYMLINK = @REPLACE_SYMLINK@ -REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ REPLACE_TIMEGM = @REPLACE_TIMEGM@ REPLACE_TMPFILE = @REPLACE_TMPFILE@ REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ @@ -1179,11 +1155,9 @@ STDALIGN_H = @STDALIGN_H@ STDBOOL_H = @STDBOOL_H@ STDDEF_H = @STDDEF_H@ STDINT_H = @STDINT_H@ -STDNORETURN_H = @STDNORETURN_H@ STRIP = @STRIP@ SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ -TROUSERS_LIB = @TROUSERS_LIB@ TSS_CFLAGS = @TSS_CFLAGS@ TSS_LIBS = @TSS_LIBS@ UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ @@ -1191,7 +1165,6 @@ UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ UNBOUND_LIBS = @UNBOUND_LIBS@ UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ -UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ USE_NLS = @USE_NLS@ @@ -1268,7 +1241,6 @@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -1297,6 +1269,7 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/credentials/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/credentials/Makefile +.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1591,8 +1564,6 @@ uninstall-am: mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am tags tags-am uninstall uninstall-am -.PRECIOUS: Makefile - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/doc/credentials/openpgp/Makefile.in b/doc/credentials/openpgp/Makefile.in index 1d0222b..344ada1 100644 --- a/doc/credentials/openpgp/Makefile.in +++ b/doc/credentials/openpgp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,17 +14,7 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -88,6 +78,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = doc/credentials/openpgp +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/bison.m4 \ @@ -121,7 +112,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ $(top_srcdir)/src/gl/m4/xalloc.m4 \ $(top_srcdir)/src/libopts/m4/libopts.m4 \ - $(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \ $(top_srcdir)/gl/m4/00gnulib.m4 \ $(top_srcdir)/gl/m4/absolute-header.m4 \ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/base64.m4 \ @@ -198,7 +188,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -223,7 +212,6 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ @@ -275,7 +263,6 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ -ENABLE_PADLOCK = @ENABLE_PADLOCK@ ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ ENOLINK_VALUE = @ENOLINK_VALUE@ EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ @@ -435,7 +422,6 @@ GNULIB_PUTCHAR = @GNULIB_PUTCHAR@ GNULIB_PUTENV = @GNULIB_PUTENV@ GNULIB_PUTS = @GNULIB_PUTS@ GNULIB_PWRITE = @GNULIB_PWRITE@ -GNULIB_QSORT_R = @GNULIB_QSORT_R@ GNULIB_RAISE = @GNULIB_RAISE@ GNULIB_RANDOM = @GNULIB_RANDOM@ GNULIB_RANDOM_R = @GNULIB_RANDOM_R@ @@ -498,7 +484,6 @@ GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@ GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@ GNULIB_TIMEGM = @GNULIB_TIMEGM@ GNULIB_TIME_R = @GNULIB_TIME_R@ -GNULIB_TIME_RZ = @GNULIB_TIME_RZ@ GNULIB_TMPFILE = @GNULIB_TMPFILE@ GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@ GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@ @@ -648,7 +633,6 @@ HAVE_LCHMOD = @HAVE_LCHMOD@ HAVE_LCHOWN = @HAVE_LCHOWN@ HAVE_LIBDL = @HAVE_LIBDL@ HAVE_LIBICONV = @HAVE_LIBICONV@ -HAVE_LIBNSL = @HAVE_LIBNSL@ HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ HAVE_LIBRT = @HAVE_LIBRT@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -656,7 +640,6 @@ HAVE_LINK = @HAVE_LINK@ HAVE_LINKAT = @HAVE_LINKAT@ HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ HAVE_LSTAT = @HAVE_LSTAT@ -HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ HAVE_MBRLEN = @HAVE_MBRLEN@ HAVE_MBRTOWC = @HAVE_MBRTOWC@ HAVE_MBSINIT = @HAVE_MBSINIT@ @@ -747,7 +730,6 @@ HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ HAVE_TIMEGM = @HAVE_TIMEGM@ -HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ HAVE_UNISTD_H = @HAVE_UNISTD_H@ HAVE_UNLINKAT = @HAVE_UNLINKAT@ @@ -823,8 +805,6 @@ LIBICONV_PREFIX = @LIBICONV_PREFIX@ LIBIDN_CFLAGS = @LIBIDN_CFLAGS@ LIBIDN_LIBS = @LIBIDN_LIBS@ LIBINTL = @LIBINTL@ -LIBNSL = @LIBNSL@ -LIBNSL_PREFIX = @LIBNSL_PREFIX@ LIBOBJS = @LIBOBJS@ LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ LIBOPTS_DIR = @LIBOPTS_DIR@ @@ -849,7 +829,6 @@ LTALLOCA = @LTALLOCA@ LTLIBDL = @LTLIBDL@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ -LTLIBNSL = @LTLIBNSL@ LTLIBOBJS = @LTLIBOBJS@ LTLIBPTHREAD = @LTLIBPTHREAD@ LTLIBRT = @LTLIBRT@ @@ -1029,12 +1008,10 @@ REPLACE_PTSNAME = @REPLACE_PTSNAME@ REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ REPLACE_PUTENV = @REPLACE_PUTENV@ REPLACE_PWRITE = @REPLACE_PWRITE@ -REPLACE_QSORT_R = @REPLACE_QSORT_R@ REPLACE_RAISE = @REPLACE_RAISE@ REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ REPLACE_READ = @REPLACE_READ@ REPLACE_READLINK = @REPLACE_READLINK@ -REPLACE_READLINKAT = @REPLACE_READLINKAT@ REPLACE_REALLOC = @REPLACE_REALLOC@ REPLACE_REALPATH = @REPLACE_REALPATH@ REPLACE_REMOVE = @REPLACE_REMOVE@ @@ -1066,7 +1043,6 @@ REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ REPLACE_SYMLINK = @REPLACE_SYMLINK@ -REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ REPLACE_TIMEGM = @REPLACE_TIMEGM@ REPLACE_TMPFILE = @REPLACE_TMPFILE@ REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ @@ -1099,11 +1075,9 @@ STDALIGN_H = @STDALIGN_H@ STDBOOL_H = @STDBOOL_H@ STDDEF_H = @STDDEF_H@ STDINT_H = @STDINT_H@ -STDNORETURN_H = @STDNORETURN_H@ STRIP = @STRIP@ SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ -TROUSERS_LIB = @TROUSERS_LIB@ TSS_CFLAGS = @TSS_CFLAGS@ TSS_LIBS = @TSS_LIBS@ UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ @@ -1111,7 +1085,6 @@ UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ UNBOUND_LIBS = @UNBOUND_LIBS@ UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ -UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ USE_NLS = @USE_NLS@ @@ -1188,7 +1161,6 @@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -1213,6 +1185,7 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/credentials/openpgp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/credentials/openpgp/Makefile +.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1387,8 +1360,6 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am -.PRECIOUS: Makefile - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/doc/credentials/srp/Makefile.in b/doc/credentials/srp/Makefile.in index e27846e..116841c 100644 --- a/doc/credentials/srp/Makefile.in +++ b/doc/credentials/srp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,17 +14,7 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -88,6 +78,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = doc/credentials/srp +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/bison.m4 \ @@ -121,7 +112,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ $(top_srcdir)/src/gl/m4/xalloc.m4 \ $(top_srcdir)/src/libopts/m4/libopts.m4 \ - $(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \ $(top_srcdir)/gl/m4/00gnulib.m4 \ $(top_srcdir)/gl/m4/absolute-header.m4 \ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/base64.m4 \ @@ -198,7 +188,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -223,7 +212,6 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ @@ -275,7 +263,6 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ -ENABLE_PADLOCK = @ENABLE_PADLOCK@ ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ ENOLINK_VALUE = @ENOLINK_VALUE@ EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ @@ -435,7 +422,6 @@ GNULIB_PUTCHAR = @GNULIB_PUTCHAR@ GNULIB_PUTENV = @GNULIB_PUTENV@ GNULIB_PUTS = @GNULIB_PUTS@ GNULIB_PWRITE = @GNULIB_PWRITE@ -GNULIB_QSORT_R = @GNULIB_QSORT_R@ GNULIB_RAISE = @GNULIB_RAISE@ GNULIB_RANDOM = @GNULIB_RANDOM@ GNULIB_RANDOM_R = @GNULIB_RANDOM_R@ @@ -498,7 +484,6 @@ GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@ GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@ GNULIB_TIMEGM = @GNULIB_TIMEGM@ GNULIB_TIME_R = @GNULIB_TIME_R@ -GNULIB_TIME_RZ = @GNULIB_TIME_RZ@ GNULIB_TMPFILE = @GNULIB_TMPFILE@ GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@ GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@ @@ -648,7 +633,6 @@ HAVE_LCHMOD = @HAVE_LCHMOD@ HAVE_LCHOWN = @HAVE_LCHOWN@ HAVE_LIBDL = @HAVE_LIBDL@ HAVE_LIBICONV = @HAVE_LIBICONV@ -HAVE_LIBNSL = @HAVE_LIBNSL@ HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ HAVE_LIBRT = @HAVE_LIBRT@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -656,7 +640,6 @@ HAVE_LINK = @HAVE_LINK@ HAVE_LINKAT = @HAVE_LINKAT@ HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ HAVE_LSTAT = @HAVE_LSTAT@ -HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ HAVE_MBRLEN = @HAVE_MBRLEN@ HAVE_MBRTOWC = @HAVE_MBRTOWC@ HAVE_MBSINIT = @HAVE_MBSINIT@ @@ -747,7 +730,6 @@ HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ HAVE_TIMEGM = @HAVE_TIMEGM@ -HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ HAVE_UNISTD_H = @HAVE_UNISTD_H@ HAVE_UNLINKAT = @HAVE_UNLINKAT@ @@ -823,8 +805,6 @@ LIBICONV_PREFIX = @LIBICONV_PREFIX@ LIBIDN_CFLAGS = @LIBIDN_CFLAGS@ LIBIDN_LIBS = @LIBIDN_LIBS@ LIBINTL = @LIBINTL@ -LIBNSL = @LIBNSL@ -LIBNSL_PREFIX = @LIBNSL_PREFIX@ LIBOBJS = @LIBOBJS@ LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ LIBOPTS_DIR = @LIBOPTS_DIR@ @@ -849,7 +829,6 @@ LTALLOCA = @LTALLOCA@ LTLIBDL = @LTLIBDL@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ -LTLIBNSL = @LTLIBNSL@ LTLIBOBJS = @LTLIBOBJS@ LTLIBPTHREAD = @LTLIBPTHREAD@ LTLIBRT = @LTLIBRT@ @@ -1029,12 +1008,10 @@ REPLACE_PTSNAME = @REPLACE_PTSNAME@ REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ REPLACE_PUTENV = @REPLACE_PUTENV@ REPLACE_PWRITE = @REPLACE_PWRITE@ -REPLACE_QSORT_R = @REPLACE_QSORT_R@ REPLACE_RAISE = @REPLACE_RAISE@ REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ REPLACE_READ = @REPLACE_READ@ REPLACE_READLINK = @REPLACE_READLINK@ -REPLACE_READLINKAT = @REPLACE_READLINKAT@ REPLACE_REALLOC = @REPLACE_REALLOC@ REPLACE_REALPATH = @REPLACE_REALPATH@ REPLACE_REMOVE = @REPLACE_REMOVE@ @@ -1066,7 +1043,6 @@ REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ REPLACE_SYMLINK = @REPLACE_SYMLINK@ -REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ REPLACE_TIMEGM = @REPLACE_TIMEGM@ REPLACE_TMPFILE = @REPLACE_TMPFILE@ REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ @@ -1099,11 +1075,9 @@ STDALIGN_H = @STDALIGN_H@ STDBOOL_H = @STDBOOL_H@ STDDEF_H = @STDDEF_H@ STDINT_H = @STDINT_H@ -STDNORETURN_H = @STDNORETURN_H@ STRIP = @STRIP@ SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ -TROUSERS_LIB = @TROUSERS_LIB@ TSS_CFLAGS = @TSS_CFLAGS@ TSS_LIBS = @TSS_LIBS@ UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ @@ -1111,7 +1085,6 @@ UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ UNBOUND_LIBS = @UNBOUND_LIBS@ UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ -UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ USE_NLS = @USE_NLS@ @@ -1188,7 +1161,6 @@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -1213,6 +1185,7 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/credentials/srp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/credentials/srp/Makefile +.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1387,8 +1360,6 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am -.PRECIOUS: Makefile - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/doc/credentials/x509/Makefile.in b/doc/credentials/x509/Makefile.in index a018599..ee14f76 100644 --- a/doc/credentials/x509/Makefile.in +++ b/doc/credentials/x509/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,17 +14,7 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -88,6 +78,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = doc/credentials/x509 +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/bison.m4 \ @@ -121,7 +112,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ $(top_srcdir)/src/gl/m4/xalloc.m4 \ $(top_srcdir)/src/libopts/m4/libopts.m4 \ - $(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \ $(top_srcdir)/gl/m4/00gnulib.m4 \ $(top_srcdir)/gl/m4/absolute-header.m4 \ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/base64.m4 \ @@ -198,7 +188,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -223,7 +212,6 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ @@ -275,7 +263,6 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ -ENABLE_PADLOCK = @ENABLE_PADLOCK@ ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ ENOLINK_VALUE = @ENOLINK_VALUE@ EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ @@ -435,7 +422,6 @@ GNULIB_PUTCHAR = @GNULIB_PUTCHAR@ GNULIB_PUTENV = @GNULIB_PUTENV@ GNULIB_PUTS = @GNULIB_PUTS@ GNULIB_PWRITE = @GNULIB_PWRITE@ -GNULIB_QSORT_R = @GNULIB_QSORT_R@ GNULIB_RAISE = @GNULIB_RAISE@ GNULIB_RANDOM = @GNULIB_RANDOM@ GNULIB_RANDOM_R = @GNULIB_RANDOM_R@ @@ -498,7 +484,6 @@ GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@ GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@ GNULIB_TIMEGM = @GNULIB_TIMEGM@ GNULIB_TIME_R = @GNULIB_TIME_R@ -GNULIB_TIME_RZ = @GNULIB_TIME_RZ@ GNULIB_TMPFILE = @GNULIB_TMPFILE@ GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@ GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@ @@ -648,7 +633,6 @@ HAVE_LCHMOD = @HAVE_LCHMOD@ HAVE_LCHOWN = @HAVE_LCHOWN@ HAVE_LIBDL = @HAVE_LIBDL@ HAVE_LIBICONV = @HAVE_LIBICONV@ -HAVE_LIBNSL = @HAVE_LIBNSL@ HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ HAVE_LIBRT = @HAVE_LIBRT@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -656,7 +640,6 @@ HAVE_LINK = @HAVE_LINK@ HAVE_LINKAT = @HAVE_LINKAT@ HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ HAVE_LSTAT = @HAVE_LSTAT@ -HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ HAVE_MBRLEN = @HAVE_MBRLEN@ HAVE_MBRTOWC = @HAVE_MBRTOWC@ HAVE_MBSINIT = @HAVE_MBSINIT@ @@ -747,7 +730,6 @@ HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ HAVE_TIMEGM = @HAVE_TIMEGM@ -HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ HAVE_UNISTD_H = @HAVE_UNISTD_H@ HAVE_UNLINKAT = @HAVE_UNLINKAT@ @@ -823,8 +805,6 @@ LIBICONV_PREFIX = @LIBICONV_PREFIX@ LIBIDN_CFLAGS = @LIBIDN_CFLAGS@ LIBIDN_LIBS = @LIBIDN_LIBS@ LIBINTL = @LIBINTL@ -LIBNSL = @LIBNSL@ -LIBNSL_PREFIX = @LIBNSL_PREFIX@ LIBOBJS = @LIBOBJS@ LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ LIBOPTS_DIR = @LIBOPTS_DIR@ @@ -849,7 +829,6 @@ LTALLOCA = @LTALLOCA@ LTLIBDL = @LTLIBDL@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ -LTLIBNSL = @LTLIBNSL@ LTLIBOBJS = @LTLIBOBJS@ LTLIBPTHREAD = @LTLIBPTHREAD@ LTLIBRT = @LTLIBRT@ @@ -1029,12 +1008,10 @@ REPLACE_PTSNAME = @REPLACE_PTSNAME@ REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ REPLACE_PUTENV = @REPLACE_PUTENV@ REPLACE_PWRITE = @REPLACE_PWRITE@ -REPLACE_QSORT_R = @REPLACE_QSORT_R@ REPLACE_RAISE = @REPLACE_RAISE@ REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ REPLACE_READ = @REPLACE_READ@ REPLACE_READLINK = @REPLACE_READLINK@ -REPLACE_READLINKAT = @REPLACE_READLINKAT@ REPLACE_REALLOC = @REPLACE_REALLOC@ REPLACE_REALPATH = @REPLACE_REALPATH@ REPLACE_REMOVE = @REPLACE_REMOVE@ @@ -1066,7 +1043,6 @@ REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ REPLACE_SYMLINK = @REPLACE_SYMLINK@ -REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ REPLACE_TIMEGM = @REPLACE_TIMEGM@ REPLACE_TMPFILE = @REPLACE_TMPFILE@ REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ @@ -1099,11 +1075,9 @@ STDALIGN_H = @STDALIGN_H@ STDBOOL_H = @STDBOOL_H@ STDDEF_H = @STDDEF_H@ STDINT_H = @STDINT_H@ -STDNORETURN_H = @STDNORETURN_H@ STRIP = @STRIP@ SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ -TROUSERS_LIB = @TROUSERS_LIB@ TSS_CFLAGS = @TSS_CFLAGS@ TSS_LIBS = @TSS_LIBS@ UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ @@ -1111,7 +1085,6 @@ UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ UNBOUND_LIBS = @UNBOUND_LIBS@ UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ -UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ USE_NLS = @USE_NLS@ @@ -1188,7 +1161,6 @@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -1215,6 +1187,7 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/credentials/x509/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/credentials/x509/Makefile +.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1389,8 +1362,6 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am -.PRECIOUS: Makefile - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/doc/crypto-api.texi b/doc/crypto-api.texi index 6fc1e9d..0844b58 100644 --- a/doc/crypto-api.texi +++ b/doc/crypto-api.texi @@ -1,108 +1,12 @@ -@subheading gnutls_aead_cipher_decrypt -@anchor{gnutls_aead_cipher_decrypt} -@deftypefun {int} {gnutls_aead_cipher_decrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t * @var{ptext_len}) -@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. - -@var{nonce}: the nonce to set - -@var{nonce_len}: The length of the nonce - -@var{auth}: the data to be authenticated - -@var{auth_len}: The length of the data - -@var{tag_size}: The size of the tag to use (use zero for the default) - -@var{ctext}: the data to decrypt - -@var{ctext_len}: the length of data to decrypt (includes tag size) - -@var{ptext}: the decrypted data - -@var{ptext_len}: the length of decrypted data (initially must hold the maximum available size) - -This function will decrypt the given data using the algorithm -specified by the context. This function must be provided the whole -data to be decrypted, including the tag, and will fail if the tag -verification fails. - -@strong{Returns:} Zero or a negative error code on error. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_aead_cipher_deinit -@anchor{gnutls_aead_cipher_deinit} -@deftypefun {void} {gnutls_aead_cipher_deinit} (gnutls_aead_cipher_hd_t @var{handle}) -@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. - -This function will deinitialize all resources occupied by the given -authenticated-encryption context. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_aead_cipher_encrypt -@anchor{gnutls_aead_cipher_encrypt} -@deftypefun {int} {gnutls_aead_cipher_encrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t * @var{ctext_len}) -@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. - -@var{nonce}: the nonce to set - -@var{nonce_len}: The length of the nonce - -@var{auth}: the data to be authenticated - -@var{auth_len}: The length of the data - -@var{tag_size}: The size of the tag to use (use zero for the default) - -@var{ptext}: the data to encrypt - -@var{ptext_len}: The length of data to encrypt - -@var{ctext}: the encrypted data - -@var{ctext_len}: the length of encrypted data (initially must hold the maximum available size, including space for tag) - -This function will encrypt the given data using the algorithm -specified by the context. The output data will contain the -authentication tag. This function requires that -@code{gnutls_aead_cipher_set_nonce()} is called before it. - -@strong{Returns:} Zero or a negative error code on error. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_aead_cipher_init -@anchor{gnutls_aead_cipher_init} -@deftypefun {int} {gnutls_aead_cipher_init} (gnutls_aead_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}) -@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. - -@var{cipher}: the authenticated-encryption algorithm to use - -@var{key}: The key to be used for encryption - -This function will initialize an context that can be used for -encryption/decryption of data. This will effectively use the -current crypto backend in use by gnutls or the cryptographic -accelerator in use. - -@strong{Returns:} Zero or a negative error code on error. - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_cipher_add_auth @anchor{gnutls_cipher_add_auth} -@deftypefun {int} {gnutls_cipher_add_auth} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_size}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@deftypefun {int} {gnutls_cipher_add_auth} (gnutls_cipher_hd_t @var{handle}, const void * @var{text}, size_t @var{text_size}) +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. -@var{ptext}: the data to be authenticated +@var{text}: the data to be authenticated -@var{ptext_size}: the length of the data +@var{text_size}: The length of the data This function operates on authenticated encryption with associated data (AEAD) ciphers and authenticate the @@ -116,12 +20,12 @@ and before any encryption operations. @subheading gnutls_cipher_decrypt @anchor{gnutls_cipher_decrypt} -@deftypefun {int} {gnutls_cipher_decrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ctext}, size_t @var{ctext_len}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@deftypefun {int} {gnutls_cipher_decrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ciphertext}, size_t @var{ciphertextlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. -@var{ctext}: the data to decrypt +@var{ciphertext}: the data to encrypt -@var{ctext_len}: the length of data to decrypt +@var{ciphertextlen}: The length of data to encrypt This function will decrypt the given data using the algorithm specified by the context. @@ -136,21 +40,19 @@ need to compare the tag sent with the value returned from @code{gnutls_cipher_ta @subheading gnutls_cipher_decrypt2 @anchor{gnutls_cipher_decrypt2} -@deftypefun {int} {gnutls_cipher_decrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t @var{ptext_len}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@deftypefun {int} {gnutls_cipher_decrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ciphertext}, size_t @var{ciphertextlen}, void * @var{text}, size_t @var{textlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. -@var{ctext}: the data to decrypt +@var{ciphertext}: the data to encrypt -@var{ctext_len}: the length of data to decrypt +@var{ciphertextlen}: The length of data to encrypt -@var{ptext}: the decrypted data +@var{text}: the decrypted data -@var{ptext_len}: the available length for decrypted data +@var{textlen}: The available length for decrypted data This function will decrypt the given data using the algorithm -specified by the context. For block ciphers the @code{ctext_len} must be -a multiple of the block size. For the supported ciphers the plaintext -data length will equal the ciphertext size. +specified by the context. Note that in AEAD ciphers, this will not check the tag. You will need to compare the tag sent with the value returned from @code{gnutls_cipher_tag()} . @@ -163,7 +65,7 @@ need to compare the tag sent with the value returned from @code{gnutls_cipher_ta @subheading gnutls_cipher_deinit @anchor{gnutls_cipher_deinit} @deftypefun {void} {gnutls_cipher_deinit} (gnutls_cipher_hd_t @var{handle}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. This function will deinitialize all resources occupied by the given encryption context. @@ -173,12 +75,12 @@ encryption context. @subheading gnutls_cipher_encrypt @anchor{gnutls_cipher_encrypt} -@deftypefun {int} {gnutls_cipher_encrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ptext}, size_t @var{ptext_len}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@deftypefun {int} {gnutls_cipher_encrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{text}, size_t @var{textlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. -@var{ptext}: the data to encrypt +@var{text}: the data to encrypt -@var{ptext_len}: the length of data to encrypt +@var{textlen}: The length of data to encrypt This function will encrypt the given data using the algorithm specified by the context. @@ -190,21 +92,19 @@ specified by the context. @subheading gnutls_cipher_encrypt2 @anchor{gnutls_cipher_encrypt2} -@deftypefun {int} {gnutls_cipher_encrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t @var{ctext_len}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@deftypefun {int} {gnutls_cipher_encrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{text}, size_t @var{textlen}, void * @var{ciphertext}, size_t @var{ciphertextlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. -@var{ptext}: the data to encrypt +@var{text}: the data to encrypt -@var{ptext_len}: the length of data to encrypt +@var{textlen}: The length of data to encrypt -@var{ctext}: the encrypted data +@var{ciphertext}: the encrypted data -@var{ctext_len}: the available length for encrypted data +@var{ciphertextlen}: The available length for encrypted data This function will encrypt the given data using the algorithm -specified by the context. For block ciphers the @code{ptext_len} must be -a multiple of the block size. For the supported ciphers the encrypted -data length will equal the plaintext size. +specified by the context. @strong{Returns:} Zero or a negative error code on error. @@ -248,16 +148,16 @@ Get block size for encryption algorithm. @subheading gnutls_cipher_init @anchor{gnutls_cipher_init} @deftypefun {int} {gnutls_cipher_init} (gnutls_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}, const gnutls_datum_t * @var{iv}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. @var{cipher}: the encryption algorithm to use -@var{key}: the key to be used for encryption/decryption +@var{key}: The key to be used for encryption -@var{iv}: the IV to use (if not applicable set NULL) +@var{iv}: The IV to use (if not applicable set NULL) -This function will initialize the @code{handle} context to be usable -for encryption/decryption of data. This will effectively use the +This function will initialize an context that can be used for +encryption/decryption of data. This will effectively use the current crypto backend in use by gnutls or the cryptographic accelerator in use. @@ -269,11 +169,11 @@ accelerator in use. @subheading gnutls_cipher_set_iv @anchor{gnutls_cipher_set_iv} @deftypefun {void} {gnutls_cipher_set_iv} (gnutls_cipher_hd_t @var{handle}, void * @var{iv}, size_t @var{ivlen}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. @var{iv}: the IV to set -@var{ivlen}: the length of the IV +@var{ivlen}: The length of the IV This function will set the IV to be used for the next encryption block. @@ -284,11 +184,11 @@ encryption block. @subheading gnutls_cipher_tag @anchor{gnutls_cipher_tag} @deftypefun {int} {gnutls_cipher_tag} (gnutls_cipher_hd_t @var{handle}, void * @var{tag}, size_t @var{tag_size}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. @var{tag}: will hold the tag -@var{tag_size}: the length of the tag to return +@var{tag_size}: The length of the tag to return This function operates on authenticated encryption with associated data (AEAD) ciphers and will return the @@ -299,145 +199,14 @@ output tag. @strong{Since:} 3.0 @end deftypefun -@subheading gnutls_crypto_register_aead_cipher -@anchor{gnutls_crypto_register_aead_cipher} -@deftypefun {int} {gnutls_crypto_register_aead_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_aead_encrypt_func @var{aead_encrypt}, gnutls_cipher_aead_decrypt_func @var{aead_decrypt}, gnutls_cipher_deinit_func @var{deinit}) -@var{algorithm}: is the gnutls AEAD cipher identifier - -@var{priority}: is the priority of the algorithm - -@var{init}: A function which initializes the cipher - -@var{setkey}: A function which sets the key of the cipher - -@var{aead_encrypt}: Perform the AEAD encryption - -@var{aead_decrypt}: Perform the AEAD decryption - -@var{deinit}: A function which deinitializes the cipher - -This function will register a cipher algorithm to be used by -gnutls. Any algorithm registered will override the included -algorithms and by convention kernel implemented algorithms have -priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be -used by gnutls. - -In the case the registered init or setkey functions return @code{GNUTLS_E_NEED_FALLBACK} , -GnuTLS will attempt to use the next in priority registered cipher. - -The functions registered will be used with the new AEAD API introduced in -GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_crypto_register_cipher -@anchor{gnutls_crypto_register_cipher} -@deftypefun {int} {gnutls_crypto_register_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_setiv_func @var{setiv}, gnutls_cipher_encrypt_func @var{encrypt}, gnutls_cipher_decrypt_func @var{decrypt}, gnutls_cipher_deinit_func @var{deinit}) -@var{algorithm}: is the gnutls algorithm identifier - -@var{priority}: is the priority of the algorithm - -@var{init}: A function which initializes the cipher - -@var{setkey}: A function which sets the key of the cipher - -@var{setiv}: A function which sets the nonce/IV of the cipher (non-AEAD) - -@var{encrypt}: A function which performs encryption (non-AEAD) - -@var{decrypt}: A function which performs decryption (non-AEAD) - -@var{deinit}: A function which deinitializes the cipher - -This function will register a cipher algorithm to be used by -gnutls. Any algorithm registered will override the included -algorithms and by convention kernel implemented algorithms have -priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be -used by gnutls. - -In the case the registered init or setkey functions return @code{GNUTLS_E_NEED_FALLBACK} , -GnuTLS will attempt to use the next in priority registered cipher. - -The functions which are marked as non-AEAD they are not required when -registering a cipher to be used with the new AEAD API introduced in -GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_crypto_register_digest -@anchor{gnutls_crypto_register_digest} -@deftypefun {int} {gnutls_crypto_register_digest} (gnutls_digest_algorithm_t @var{algorithm}, int @var{priority}, gnutls_digest_init_func @var{init}, gnutls_digest_hash_func @var{hash}, gnutls_digest_output_func @var{output}, gnutls_digest_deinit_func @var{deinit}, gnutls_digest_fast_func @var{hash_fast}) -@var{algorithm}: is the gnutls digest identifier - -@var{priority}: is the priority of the algorithm - -@var{init}: A function which initializes the digest - -@var{hash}: Perform the hash operation - -@var{output}: Provide the output of the digest - -@var{deinit}: A function which deinitializes the digest - -@var{hash_fast}: Perform the digest operation in one go - -This function will register a digest algorithm to be used by gnutls. -Any algorithm registered will override the included algorithms and -by convention kernel implemented algorithms have priority of 90 -and CPU-assisted of 80. -The algorithm with the lowest priority will be used by gnutls. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_crypto_register_mac -@anchor{gnutls_crypto_register_mac} -@deftypefun {int} {gnutls_crypto_register_mac} (gnutls_mac_algorithm_t @var{algorithm}, int @var{priority}, gnutls_mac_init_func @var{init}, gnutls_mac_setkey_func @var{setkey}, gnutls_mac_setnonce_func @var{setnonce}, gnutls_mac_hash_func @var{hash}, gnutls_mac_output_func @var{output}, gnutls_mac_deinit_func @var{deinit}, gnutls_mac_fast_func @var{hash_fast}) -@var{algorithm}: is the gnutls MAC identifier - -@var{priority}: is the priority of the algorithm - -@var{init}: A function which initializes the MAC - -@var{setkey}: A function which sets the key of the MAC - -@var{setnonce}: A function which sets the nonce for the mac (may be @code{NULL} for common MAC algorithms) - -@var{hash}: Perform the hash operation - -@var{output}: Provide the output of the MAC - -@var{deinit}: A function which deinitializes the MAC - -@var{hash_fast}: Perform the MAC operation in one go - -This function will register a MAC algorithm to be used by gnutls. -Any algorithm registered will override the included algorithms and -by convention kernel implemented algorithms have priority of 90 -and CPU-assisted of 80. -The algorithm with the lowest priority will be used by gnutls. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_hash @anchor{gnutls_hash} -@deftypefun {int} {gnutls_hash} (gnutls_hash_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) -@var{handle}: is a @code{gnutls_hash_hd_t} type +@deftypefun {int} {gnutls_hash} (gnutls_hash_hd_t @var{handle}, const void * @var{text}, size_t @var{textlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. -@var{ptext}: the data to hash +@var{text}: the data to hash -@var{ptext_len}: the length of data to hash +@var{textlen}: The length of data to hash This function will hash the given data using the algorithm specified by the context. @@ -450,7 +219,7 @@ specified by the context. @subheading gnutls_hash_deinit @anchor{gnutls_hash_deinit} @deftypefun {void} {gnutls_hash_deinit} (gnutls_hash_hd_t @var{handle}, void * @var{digest}) -@var{handle}: is a @code{gnutls_hash_hd_t} type +@var{handle}: is a @code{gnutls_hash_hd_t} structure. @var{digest}: is the output value of the hash @@ -462,12 +231,12 @@ the given hash context. @subheading gnutls_hash_fast @anchor{gnutls_hash_fast} -@deftypefun {int} {gnutls_hash_fast} (gnutls_digest_algorithm_t @var{algorithm}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) +@deftypefun {int} {gnutls_hash_fast} (gnutls_digest_algorithm_t @var{algorithm}, const void * @var{text}, size_t @var{textlen}, void * @var{digest}) @var{algorithm}: the hash algorithm to use -@var{ptext}: the data to hash +@var{text}: the data to hash -@var{ptext_len}: the length of data to hash +@var{textlen}: The length of data to hash @var{digest}: is the output value of the hash @@ -495,7 +264,7 @@ of the given hash algorithm. @subheading gnutls_hash_init @anchor{gnutls_hash_init} @deftypefun {int} {gnutls_hash_init} (gnutls_hash_hd_t * @var{dig}, gnutls_digest_algorithm_t @var{algorithm}) -@var{dig}: is a @code{gnutls_hash_hd_t} type +@var{dig}: is a @code{gnutls_hash_hd_t} structure. @var{algorithm}: the hash algorithm to use @@ -512,7 +281,7 @@ accelerator in use. @subheading gnutls_hash_output @anchor{gnutls_hash_output} @deftypefun {void} {gnutls_hash_output} (gnutls_hash_hd_t @var{handle}, void * @var{digest}) -@var{handle}: is a @code{gnutls_hash_hd_t} type +@var{handle}: is a @code{gnutls_hash_hd_t} structure. @var{digest}: is the output value of the hash @@ -524,12 +293,12 @@ and reset the state of the hash. @subheading gnutls_hmac @anchor{gnutls_hmac} -@deftypefun {int} {gnutls_hmac} (gnutls_hmac_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) -@var{handle}: is a @code{gnutls_hmac_hd_t} type +@deftypefun {int} {gnutls_hmac} (gnutls_hmac_hd_t @var{handle}, const void * @var{text}, size_t @var{textlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. -@var{ptext}: the data to hash +@var{text}: the data to hash -@var{ptext_len}: the length of data to hash +@var{textlen}: The length of data to hash This function will hash the given data using the algorithm specified by the context. @@ -542,7 +311,7 @@ specified by the context. @subheading gnutls_hmac_deinit @anchor{gnutls_hmac_deinit} @deftypefun {void} {gnutls_hmac_deinit} (gnutls_hmac_hd_t @var{handle}, void * @var{digest}) -@var{handle}: is a @code{gnutls_hmac_hd_t} type +@var{handle}: is a @code{gnutls_hmac_hd_t} structure. @var{digest}: is the output value of the MAC @@ -554,16 +323,16 @@ the given hmac context. @subheading gnutls_hmac_fast @anchor{gnutls_hmac_fast} -@deftypefun {int} {gnutls_hmac_fast} (gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) +@deftypefun {int} {gnutls_hmac_fast} (gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}, const void * @var{text}, size_t @var{textlen}, void * @var{digest}) @var{algorithm}: the hash algorithm to use @var{key}: the key to use -@var{keylen}: the length of the key +@var{keylen}: The length of the key -@var{ptext}: the data to hash +@var{text}: the data to hash -@var{ptext_len}: the length of data to hash +@var{textlen}: The length of data to hash @var{digest}: is the output value of the hash @@ -591,13 +360,13 @@ of the given hmac algorithm. @subheading gnutls_hmac_init @anchor{gnutls_hmac_init} @deftypefun {int} {gnutls_hmac_init} (gnutls_hmac_hd_t * @var{dig}, gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}) -@var{dig}: is a @code{gnutls_hmac_hd_t} type +@var{dig}: is a @code{gnutls_hmac_hd_t} structure. @var{algorithm}: the HMAC algorithm to use -@var{key}: the key to be used for encryption +@var{key}: The key to be used for encryption -@var{keylen}: the length of the key +@var{keylen}: The length of the key This function will initialize an context that can be used to produce a Message Authentication Code (MAC) of data. This will @@ -615,7 +384,7 @@ for other MAC algorithms than HMAC. @subheading gnutls_hmac_output @anchor{gnutls_hmac_output} @deftypefun {void} {gnutls_hmac_output} (gnutls_hmac_hd_t @var{handle}, void * @var{digest}) -@var{handle}: is a @code{gnutls_hmac_hd_t} type +@var{handle}: is a @code{gnutls_hmac_hd_t} structure. @var{digest}: is the output value of the MAC @@ -628,11 +397,11 @@ and reset the state of the MAC. @subheading gnutls_hmac_set_nonce @anchor{gnutls_hmac_set_nonce} @deftypefun {void} {gnutls_hmac_set_nonce} (gnutls_hmac_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}) -@var{handle}: is a @code{gnutls_hmac_hd_t} type +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. @var{nonce}: the data to set as nonce -@var{nonce_len}: the length of data +@var{nonce_len}: The length of data This function will set the nonce in the MAC algorithm. @@ -663,16 +432,14 @@ Returns the size of the nonce used by the MAC in TLS. This function will generate random data and store it to output buffer. -This function is thread-safe and also fork-safe. - -@strong{Returns:} Zero on success, or a negative error code on error. +@strong{Returns:} Zero or a negative error code on error. @strong{Since:} 2.12.0 @end deftypefun @subheading gnutls_rnd_refresh @anchor{gnutls_rnd_refresh} -@deftypefun {void} {gnutls_rnd_refresh} ( @var{void}) +@deftypefun {void} {gnutls_rnd_refresh} () This function refreshes the random generator state. That is the current precise time, CPU usage, and diff --git a/doc/cyclo/Makefile.in b/doc/cyclo/Makefile.in index 0a5f138..1043849 100644 --- a/doc/cyclo/Makefile.in +++ b/doc/cyclo/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -34,17 +34,7 @@ # along with this file; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -108,6 +98,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = doc/cyclo +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/bison.m4 \ @@ -141,7 +132,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ $(top_srcdir)/src/gl/m4/xalloc.m4 \ $(top_srcdir)/src/libopts/m4/libopts.m4 \ - $(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \ $(top_srcdir)/gl/m4/00gnulib.m4 \ $(top_srcdir)/gl/m4/absolute-header.m4 \ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/base64.m4 \ @@ -218,7 +208,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -243,7 +232,6 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ @@ -295,7 +283,6 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ -ENABLE_PADLOCK = @ENABLE_PADLOCK@ ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ ENOLINK_VALUE = @ENOLINK_VALUE@ EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ @@ -455,7 +442,6 @@ GNULIB_PUTCHAR = @GNULIB_PUTCHAR@ GNULIB_PUTENV = @GNULIB_PUTENV@ GNULIB_PUTS = @GNULIB_PUTS@ GNULIB_PWRITE = @GNULIB_PWRITE@ -GNULIB_QSORT_R = @GNULIB_QSORT_R@ GNULIB_RAISE = @GNULIB_RAISE@ GNULIB_RANDOM = @GNULIB_RANDOM@ GNULIB_RANDOM_R = @GNULIB_RANDOM_R@ @@ -518,7 +504,6 @@ GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@ GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@ GNULIB_TIMEGM = @GNULIB_TIMEGM@ GNULIB_TIME_R = @GNULIB_TIME_R@ -GNULIB_TIME_RZ = @GNULIB_TIME_RZ@ GNULIB_TMPFILE = @GNULIB_TMPFILE@ GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@ GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@ @@ -668,7 +653,6 @@ HAVE_LCHMOD = @HAVE_LCHMOD@ HAVE_LCHOWN = @HAVE_LCHOWN@ HAVE_LIBDL = @HAVE_LIBDL@ HAVE_LIBICONV = @HAVE_LIBICONV@ -HAVE_LIBNSL = @HAVE_LIBNSL@ HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ HAVE_LIBRT = @HAVE_LIBRT@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -676,7 +660,6 @@ HAVE_LINK = @HAVE_LINK@ HAVE_LINKAT = @HAVE_LINKAT@ HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ HAVE_LSTAT = @HAVE_LSTAT@ -HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ HAVE_MBRLEN = @HAVE_MBRLEN@ HAVE_MBRTOWC = @HAVE_MBRTOWC@ HAVE_MBSINIT = @HAVE_MBSINIT@ @@ -767,7 +750,6 @@ HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ HAVE_TIMEGM = @HAVE_TIMEGM@ -HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ HAVE_UNISTD_H = @HAVE_UNISTD_H@ HAVE_UNLINKAT = @HAVE_UNLINKAT@ @@ -843,8 +825,6 @@ LIBICONV_PREFIX = @LIBICONV_PREFIX@ LIBIDN_CFLAGS = @LIBIDN_CFLAGS@ LIBIDN_LIBS = @LIBIDN_LIBS@ LIBINTL = @LIBINTL@ -LIBNSL = @LIBNSL@ -LIBNSL_PREFIX = @LIBNSL_PREFIX@ LIBOBJS = @LIBOBJS@ LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ LIBOPTS_DIR = @LIBOPTS_DIR@ @@ -869,7 +849,6 @@ LTALLOCA = @LTALLOCA@ LTLIBDL = @LTLIBDL@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ -LTLIBNSL = @LTLIBNSL@ LTLIBOBJS = @LTLIBOBJS@ LTLIBPTHREAD = @LTLIBPTHREAD@ LTLIBRT = @LTLIBRT@ @@ -1049,12 +1028,10 @@ REPLACE_PTSNAME = @REPLACE_PTSNAME@ REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ REPLACE_PUTENV = @REPLACE_PUTENV@ REPLACE_PWRITE = @REPLACE_PWRITE@ -REPLACE_QSORT_R = @REPLACE_QSORT_R@ REPLACE_RAISE = @REPLACE_RAISE@ REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ REPLACE_READ = @REPLACE_READ@ REPLACE_READLINK = @REPLACE_READLINK@ -REPLACE_READLINKAT = @REPLACE_READLINKAT@ REPLACE_REALLOC = @REPLACE_REALLOC@ REPLACE_REALPATH = @REPLACE_REALPATH@ REPLACE_REMOVE = @REPLACE_REMOVE@ @@ -1086,7 +1063,6 @@ REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ REPLACE_SYMLINK = @REPLACE_SYMLINK@ -REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ REPLACE_TIMEGM = @REPLACE_TIMEGM@ REPLACE_TMPFILE = @REPLACE_TMPFILE@ REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ @@ -1119,11 +1095,9 @@ STDALIGN_H = @STDALIGN_H@ STDBOOL_H = @STDBOOL_H@ STDDEF_H = @STDDEF_H@ STDINT_H = @STDINT_H@ -STDNORETURN_H = @STDNORETURN_H@ STRIP = @STRIP@ SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ -TROUSERS_LIB = @TROUSERS_LIB@ TSS_CFLAGS = @TSS_CFLAGS@ TSS_LIBS = @TSS_LIBS@ UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ @@ -1131,7 +1105,6 @@ UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ UNBOUND_LIBS = @UNBOUND_LIBS@ UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ -UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ USE_NLS = @USE_NLS@ @@ -1208,7 +1181,6 @@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -1234,6 +1206,7 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/cyclo/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/cyclo/Makefile +.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1408,8 +1381,6 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am -.PRECIOUS: Makefile - cyclo-gnutls.html: (cd ${top_srcdir}/lib && \ diff --git a/doc/dane-api.texi b/doc/dane-api.texi index f0e2a97..4fd36aa 100644 --- a/doc/dane-api.texi +++ b/doc/dane-api.texi @@ -103,36 +103,6 @@ data for the given host. negative error value. @end deftypefun -@subheading dane_query_to_raw_tlsa -@anchor{dane_query_to_raw_tlsa} -@deftypefun {int} {dane_query_to_raw_tlsa} (dane_query_t @var{q}, unsigned int * @var{data_entries}, char *** @var{dane_data}, int ** @var{dane_data_len}, int * @var{secure}, int * @var{bogus}) -@var{q}: The query result structure - -@var{data_entries}: Pointer set to the number of entries in the query - -@var{dane_data}: Pointer to contain an array of DNS rdata items, terminated with a NULL pointer; -caller must guarantee that the referenced data remains -valid until @code{dane_query_deinit()} is called. - -@var{dane_data_len}: Pointer to contain the length n bytes of the dane_data items - -@var{secure}: Pointer set true if the result is validated securely, false if -validation failed or the domain queried has no security info - -@var{bogus}: Pointer set true if the result was not secure due to a security failure - -This function will provide the DANE data from the query -response. - -The pointers dane_data and dane_data_len are allocated with @code{gnutls_malloc()} -to contain the data from the query result structure (individual - @code{dane_data} items simply point to the original data and are not allocated separately). -The returned @code{dane_data} are only valid during the lifetime of @code{q} . - -@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a -negative error value. -@end deftypefun - @subheading dane_raw_tlsa @anchor{dane_raw_tlsa} @deftypefun {int} {dane_raw_tlsa} (dane_state_t @var{s}, dane_query_t * @var{r}, char *const * @var{dane_data}, const int * @var{dane_data_len}, int @var{secure}, int @var{bogus}) @@ -153,8 +123,7 @@ validation failed or the domain queried has no security info and the result is due to a security failure, bogus is true. This function will fill in the TLSA (DANE) structure from -the given raw DNS record data. The @code{dane_data} must be valid -during the lifetime of the query. +the given raw DNS record data. @strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -253,17 +222,15 @@ If no information via DANE can be obtained the flag @code{DANE_VERIFY_NO_DANE_IN is set. If a DNSSEC signature is not available for the DANE record then the verify flag @code{DANE_VERIFY_NO_DNSSEC_DATA} is set. +Note that the CA constraint only applies for the directly certifying CA +and does not account for long CA chains. Moreover this function does not +validate the provided chain. + Due to the many possible options of DANE, there is no single threat model countered. When notifying the user about DANE verification results it may be better to mention: DANE verification did not reject the certificate, rather than mentioning a successful DANE verication. -Note that this function is designed to be run in addition to -PKIX - certificate chain - verification. To be run independently -the @code{DANE_VFLAG_ONLY_CHECK_EE_USAGE} flag should be specified; -then the function will check whether the key of the peer matches the -key advertized in the DANE entry. - If the @code{q} parameter is provided it will be used for caching entries. @strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a @@ -295,17 +262,14 @@ If no information via DANE can be obtained the flag @code{DANE_VERIFY_NO_DANE_IN is set. If a DNSSEC signature is not available for the DANE record then the verify flag @code{DANE_VERIFY_NO_DNSSEC_DATA} is set. +Note that the CA constraint only applies for the directly certifying CA +and does not account for long CA chains. + Due to the many possible options of DANE, there is no single threat model countered. When notifying the user about DANE verification results it may be better to mention: DANE verification did not reject the certificate, rather than mentioning a successful DANE verication. -Note that this function is designed to be run in addition to -PKIX - certificate chain - verification. To be run independently -the @code{DANE_VFLAG_ONLY_CHECK_EE_USAGE} flag should be specified; -then the function will check whether the key of the peer matches the -key advertized in the DANE entry. - If the @code{q} parameter is provided it will be used for caching entries. @strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a @@ -336,7 +300,7 @@ CA constrains and/or the certificate available via DANE. See @code{dane_verify_crt()} for more information. This will not verify the chain for validity; unless the DANE -verification is restricted to end certificates, this must be +verification is restricted to end certificates, this has to be performed separately using @code{gnutls_certificate_verify_peers3()} . @strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a diff --git a/doc/doc.mk b/doc/doc.mk index 1165e84..a4b249e 100644 --- a/doc/doc.mk +++ b/doc/doc.mk @@ -24,9 +24,6 @@ HEADER_FILES = $(top_srcdir)/lib/includes/gnutls/gnutls.h.in \ $(top_srcdir)/lib/includes/gnutls/abstract.h $(top_srcdir)/lib/includes/gnutls/compat.h \ $(top_srcdir)/lib/includes/gnutls/dtls.h $(top_srcdir)/lib/includes/gnutls/crypto.h \ $(top_srcdir)/lib/includes/gnutls/ocsp.h $(top_srcdir)/lib/includes/gnutls/tpm.h \ - $(top_srcdir)/libdane/includes/gnutls/dane.h $(top_srcdir)/lib/includes/gnutls/x509-ext.h \ - $(top_srcdir)/lib/includes/gnutls/urls.h $(top_srcdir)/lib/includes/gnutls/system-keys.h \ - $(top_srcdir)/lib/includes/gnutls/pkcs7.h + $(top_srcdir)/libdane/includes/gnutls/dane.h $(top_srcdir)/lib/includes/gnutls/x509-ext.h -C_SOURCE_FILES = $(top_srcdir)/lib/*/*.c $(top_srcdir)/lib/*.c $(top_srcdir)/libdane/*.c -C_X509_SOURCE_FILES = $(top_srcdir)/lib/x509/*.c $(top_srcdir)/lib/*.c +C_SOURCE_FILES = $(top_srcdir)/lib/*/*.c $(top_srcdir)/lib/*.c $(top_srcdir)/libdane/*.c diff --git a/doc/dtls-api.texi b/doc/dtls-api.texi index a915def..ae54212 100644 --- a/doc/dtls-api.texi +++ b/doc/dtls-api.texi @@ -60,7 +60,7 @@ This function must be called after @code{gnutls_dtls_cookie_send()} . @subheading gnutls_dtls_get_data_mtu @anchor{gnutls_dtls_get_data_mtu} @deftypefun {unsigned int} {gnutls_dtls_get_data_mtu} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function will return the actual maximum transfer unit for application data. I.e. DTLS headers are subtracted from the @@ -74,7 +74,7 @@ actual MTU which is set using @code{gnutls_dtls_set_mtu()} . @subheading gnutls_dtls_get_mtu @anchor{gnutls_dtls_get_mtu} @deftypefun {unsigned int} {gnutls_dtls_get_mtu} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function will return the MTU size as set with @code{gnutls_dtls_set_mtu()} . This is not the actual MTU @@ -89,7 +89,7 @@ for that reason. @subheading gnutls_dtls_get_timeout @anchor{gnutls_dtls_get_timeout} @deftypefun {unsigned int} {gnutls_dtls_get_timeout} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function will return the milliseconds remaining for a retransmission of the previously sent handshake @@ -122,7 +122,7 @@ and should be succeeded by the actual DTLS handshake using @code{gnutls_handshak @subheading gnutls_dtls_set_data_mtu @anchor{gnutls_dtls_set_data_mtu} @deftypefun {int} {gnutls_dtls_set_data_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{mtu}: The maximum unencrypted transfer unit of the session @@ -145,14 +145,14 @@ the maximum MTU of your transport layer. @subheading gnutls_dtls_set_mtu @anchor{gnutls_dtls_set_mtu} @deftypefun {void} {gnutls_dtls_set_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{mtu}: The maximum transfer unit of the transport This function will set the maximum transfer unit of the transport that DTLS packets are sent over. Note that this should exclude the IP (or IPv6) and UDP headers. So for DTLS over IPv6 on an -Ethernet device with MTU 1500, the DTLS MTU set with this function +Ethenet device with MTU 1500, the DTLS MTU set with this function would be 1500 - 40 (IPV6 header) - 8 (UDP header) = 1452. @strong{Since:} 3.0 @@ -161,7 +161,7 @@ would be 1500 - 40 (IPV6 header) - 8 (UDP header) = 1452. @subheading gnutls_dtls_set_timeouts @anchor{gnutls_dtls_set_timeouts} @deftypefun {void} {gnutls_dtls_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{retrans_timeout}: The time at which a retransmission will occur in milliseconds @@ -174,7 +174,10 @@ be retransmitted. The total timeout is the time after which the handshake will be aborted with @code{GNUTLS_E_TIMEDOUT} . The DTLS protocol recommends the values of 1 sec and 60 seconds -respectively, and these are the default values. +respectively. + +If the retransmission timeout is zero then the handshake will operate +in a non-blocking way, i.e., return @code{GNUTLS_E_AGAIN} . To disable retransmissions set a @code{retrans_timeout} larger than the @code{total_timeout} . @@ -184,7 +187,7 @@ To disable retransmissions set a @code{retrans_timeout} larger than the @code{ @subheading gnutls_record_get_discarded @anchor{gnutls_record_get_discarded} @deftypefun {unsigned int} {gnutls_record_get_discarded} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Returns the number of discarded packets in a DTLS connection. diff --git a/doc/enums.texi b/doc/enums.texi index a86f005..c32e8c6 100644 --- a/doc/enums.texi +++ b/doc/enums.texi @@ -3,9 +3,9 @@ @c gnutls_cipher_algorithm_t @table @code @item GNUTLS_@-CIPHER_@-UNKNOWN -Value to identify an unknown/unsupported algorithm. +Unknown algorithm. @item GNUTLS_@-CIPHER_@-NULL -The NULL (identity) encryption algorithm. +NULL algorithm. @item GNUTLS_@-CIPHER_@-ARCFOUR_@-128 ARCFOUR stream cipher with 128-bit keys. @item GNUTLS_@-CIPHER_@-3DES_@-CBC @@ -20,6 +20,10 @@ ARCFOUR stream cipher with 40-bit keys. Camellia in CBC mode with 128-bit keys. @item GNUTLS_@-CIPHER_@-CAMELLIA_@-256_@-CBC Camellia in CBC mode with 256-bit keys. +@item GNUTLS_@-CIPHER_@-RC2_@-40_@-CBC +RC2 in CBC mode with 40-bit keys. +@item GNUTLS_@-CIPHER_@-DES_@-CBC +DES in CBC mode (56-bit keys). @item GNUTLS_@-CIPHER_@-AES_@-192_@-CBC AES in CBC mode with 192-bit keys. @item GNUTLS_@-CIPHER_@-AES_@-128_@-GCM @@ -29,45 +33,31 @@ AES in GCM mode with 256-bit keys. @item GNUTLS_@-CIPHER_@-CAMELLIA_@-192_@-CBC Camellia in CBC mode with 192-bit keys. @item GNUTLS_@-CIPHER_@-SALSA20_@-256 -Salsa20 with 256-bit keys. +-- undescribed -- @item GNUTLS_@-CIPHER_@-ESTREAM_@-SALSA20_@-256 -Estream's Salsa20 variant with 256-bit keys. +-- undescribed -- @item GNUTLS_@-CIPHER_@-CAMELLIA_@-128_@-GCM CAMELLIA in GCM mode with 128-bit keys. @item GNUTLS_@-CIPHER_@-CAMELLIA_@-256_@-GCM CAMELLIA in GCM mode with 256-bit keys. -@item GNUTLS_@-CIPHER_@-RC2_@-40_@-CBC -RC2 in CBC mode with 40-bit keys. -@item GNUTLS_@-CIPHER_@-DES_@-CBC -DES in CBC mode (56-bit keys). -@item GNUTLS_@-CIPHER_@-AES_@-128_@-CCM -AES in CCM mode with 128-bit keys. -@item GNUTLS_@-CIPHER_@-AES_@-256_@-CCM -AES in CCM mode with 256-bit keys. -@item GNUTLS_@-CIPHER_@-AES_@-128_@-CCM_@-8 -AES in CCM mode with 64-bit tag and 128-bit keys. -@item GNUTLS_@-CIPHER_@-AES_@-256_@-CCM_@-8 -AES in CCM mode with 64-bit tag and 256-bit keys. -@item GNUTLS_@-CIPHER_@-CHACHA20_@-POLY1305 -The Chacha20 cipher with the Poly1305 authenticator (AEAD). @item GNUTLS_@-CIPHER_@-IDEA_@-PGP_@-CFB -IDEA in CFB mode (placeholder - unsupported). +IDEA in CFB mode. @item GNUTLS_@-CIPHER_@-3DES_@-PGP_@-CFB -3DES in CFB mode (placeholder - unsupported). +3DES in CFB mode. @item GNUTLS_@-CIPHER_@-CAST5_@-PGP_@-CFB -CAST5 in CFB mode (placeholder - unsupported). +CAST5 in CFB mode. @item GNUTLS_@-CIPHER_@-BLOWFISH_@-PGP_@-CFB -Blowfish in CFB mode (placeholder - unsupported). +Blowfish in CFB mode. @item GNUTLS_@-CIPHER_@-SAFER_@-SK128_@-PGP_@-CFB -Safer-SK in CFB mode with 128-bit keys (placeholder - unsupported). +Safer-SK in CFB mode with 128-bit keys. @item GNUTLS_@-CIPHER_@-AES128_@-PGP_@-CFB -AES in CFB mode with 128-bit keys (placeholder - unsupported). +AES in CFB mode with 128-bit keys. @item GNUTLS_@-CIPHER_@-AES192_@-PGP_@-CFB -AES in CFB mode with 192-bit keys (placeholder - unsupported). +AES in CFB mode with 192-bit keys. @item GNUTLS_@-CIPHER_@-AES256_@-PGP_@-CFB -AES in CFB mode with 256-bit keys (placeholder - unsupported). +AES in CFB mode with 256-bit keys. @item GNUTLS_@-CIPHER_@-TWOFISH_@-PGP_@-CFB -Twofish in CFB mode (placeholder - unsupported). +Twofish in CFB mode. @end table @c gnutls_kx_algorithm_t @@ -250,8 +240,6 @@ Error in protocol version. Insufficient security. @item GNUTLS_@-A_@-INTERNAL_@-ERROR Internal error. -@item GNUTLS_@-A_@-INAPPROPRIATE_@-FALLBACK -Inappropriate fallback, @item GNUTLS_@-A_@-USER_@-CANCELED User canceled. @item GNUTLS_@-A_@-NO_@-RENEGOTIATION @@ -269,8 +257,7 @@ recognized. The SRP/PSK username is missing or not known. @item GNUTLS_@-A_@-NO_@-APPLICATION_@-PROTOCOL -The ALPN protocol requested is -not supported by the peer. +-- undescribed -- @end table @c gnutls_handshake_description_t @@ -346,8 +333,6 @@ The certificate's signer constraints were violated. @item GNUTLS_@-CERT_@-MISMATCH The certificate presented isn't the expected one (TOFU) -@item GNUTLS_@-CERT_@-PURPOSE_@-MISMATCH -The certificate or an intermediate does not match the intended purpose (extended key usage). @end table @c gnutls_certificate_request_t @@ -493,9 +478,9 @@ Digital signature algorithm ECDSA with SHA-384. @item GNUTLS_@-SIGN_@-ECDSA_@-SHA512 Digital signature algorithm ECDSA with SHA-512. @item GNUTLS_@-SIGN_@-DSA_@-SHA384 -Digital signature algorithm DSA with SHA-384 +-- undescribed -- @item GNUTLS_@-SIGN_@-DSA_@-SHA512 -Digital signature algorithm DSA with SHA-512 +-- undescribed -- @end table @c gnutls_ecc_curve_t @@ -516,8 +501,6 @@ the SECP192R1 curve @c gnutls_sec_param_t @table @code -@item GNUTLS_@-SEC_@-PARAM_@-UNKNOWN -Cannot be known @item GNUTLS_@-SEC_@-PARAM_@-INSECURE Less than 42 bits of security @item GNUTLS_@-SEC_@-PARAM_@-EXPORT @@ -526,6 +509,8 @@ Less than 42 bits of security 64 bits of security @item GNUTLS_@-SEC_@-PARAM_@-WEAK 72 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-UNKNOWN +Cannot be known @item GNUTLS_@-SEC_@-PARAM_@-LOW 80 bits of security @item GNUTLS_@-SEC_@-PARAM_@-LEGACY @@ -536,8 +521,6 @@ Less than 42 bits of security 128 bits of security @item GNUTLS_@-SEC_@-PARAM_@-ULTRA 192 bits of security -@item GNUTLS_@-SEC_@-PARAM_@-FUTURE -256 bits of security @end table @c gnutls_channel_binding_t @@ -554,8 +537,8 @@ Domain Name System name type. @c gnutls_supplemental_data_format_type_t @table @code -@item GNUTLS_@-SUPPLEMENTAL_@-UNKNOWN -Unknown data format +@item GNUTLS_@-SUPPLEMENTAL_@-USER_@-MAPPING_@-DATA +Supplemental user mapping data. @end table @c gnutls_srtp_profile_t @@ -570,29 +553,6 @@ NULL cipher with a 80 bit HMAC-SHA1 NULL cipher with a 32 bit HMAC-SHA1 @end table -@c gnutls_vdata_types_t -@table @code -@item GNUTLS_@-DT_@-UNKNOWN -Unknown data type. -@item GNUTLS_@-DT_@-DNS_@-HOSTNAME -The data contain a null-terminated DNS hostname; the hostname will be -matched using the RFC6125 rules. -@item GNUTLS_@-DT_@-KEY_@-PURPOSE_@-OID -The data contain a null-terminated key purpose OID. It will be matched -against the certificate's Extended Key Usage extension. -@item GNUTLS_@-DT_@-RFC822NAME -The data contain a null-terminated email address; the email will be -matched against the RFC822Name field of the certificate, or the EMAIL DN component if the -former isn't available. Prior to matching the email address will be converted to ACE -(ASCII-compatible-encoding). -@end table - -@c gnutls_certificate_flags -@table @code -@item GNUTLS_@-CERTIFICATE_@-SKIP_@-KEY_@-CERT_@-MATCH -Skip the key and certificate matching check. -@end table - @c gnutls_psk_key_flags @table @code @item GNUTLS_@-PSK_@-KEY_@-RAW @@ -632,6 +592,16 @@ PKCS11 private key, @code{gnutls_pkcs11_privkey_t} . External private key, operating using callbacks. @end table +@c gnutls_vdata_types_t +@table @code +@item GNUTLS_@-DT_@-UNKNOWN +Unknown data type. +@item GNUTLS_@-DT_@-DNS_@-HOSTNAME +The data contain a null-terminated DNS hostname. +@item GNUTLS_@-DT_@-KEY_@-PURPOSE_@-OID +The data contain a null-terminated key purpose OID. +@end table + @c gnutls_pin_flag_t @table @code @item GNUTLS_@-PIN_@-USER @@ -677,20 +647,6 @@ it will increase by one for each subsequent attempt. @end deftypefun -@c gnutls_ext_parse_type_t -@table @code -@item GNUTLS_@-EXT_@-ANY -Any extension type. -@item GNUTLS_@-EXT_@-APPLICATION -Application extension. -@item GNUTLS_@-EXT_@-TLS -TLS-internal extension. -@item GNUTLS_@-EXT_@-MANDATORY -Extension parsed even if resuming (or extensions are disabled). -@item GNUTLS_@-EXT_@-NONE -Never parsed -@end table - @c gnutls_certificate_import_flags @table @code @item GNUTLS_@-X509_@-CRT_@-LIST_@-IMPORT_@-FAIL_@-IF_@-EXCEED @@ -701,18 +657,6 @@ certificates. The error code will be @code{GNUTLS_E_SHORT_MEMORY_BUFFER} . Fail if the certificates in the buffer are not ordered starting from subject to issuer. The error code will be @code{GNUTLS_E_CERTIFICATE_LIST_UNSORTED} . -@item GNUTLS_@-X509_@-CRT_@-LIST_@-SORT -Sort the certificate chain if unsorted. -@end table - -@c gnutls_keyid_flags_t -@table @code -@item GNUTLS_@-KEYID_@-USE_@-SHA1 -Use SHA1 as the key ID algorithm (default). -@item GNUTLS_@-KEYID_@-USE_@-SHA256 -Use SHA256 as the key ID algorithm. -@item GNUTLS_@-KEYID_@-USE_@-BEST_@-KNOWN -Use the best known algorithm to calculate key ID. Using that option will make your program behavior depend on the version of gnutls linked with. That option has a cap of 64-bytes key IDs. @end table @c gnutls_certificate_verify_flags @@ -760,9 +704,6 @@ certificate chain. @item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-WILDCARDS When including a hostname check in the verification, do not consider any wildcards. -@item GNUTLS_@-VERIFY_@-USE_@-TLS1_@-RSA -This indicates that a (raw) RSA signature is provided -as in the TLS 1.0 protocol. Not all functions accept this flag. @end table @c gnutls_certificate_verification_profiles_t @@ -797,24 +738,22 @@ applies the SUITEB192 rules @table @code @item GNUTLS_@-PKCS_@-PLAIN Unencrypted private key. -@item GNUTLS_@-PKCS_@-PKCS12_@-3DES +@item GNUTLS_@-PKCS_@-USE_@-PKCS12_@-3DES PKCS-12 3DES. -@item GNUTLS_@-PKCS_@-PKCS12_@-ARCFOUR +@item GNUTLS_@-PKCS_@-USE_@-PKCS12_@-ARCFOUR PKCS-12 ARCFOUR. -@item GNUTLS_@-PKCS_@-PKCS12_@-RC2_@-40 +@item GNUTLS_@-PKCS_@-USE_@-PKCS12_@-RC2_@-40 PKCS-12 RC2-40. -@item GNUTLS_@-PKCS_@-PBES2_@-3DES +@item GNUTLS_@-PKCS_@-USE_@-PBES2_@-3DES PBES2 3DES. -@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-128 +@item GNUTLS_@-PKCS_@-USE_@-PBES2_@-AES_@-128 PBES2 AES-128. -@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-192 +@item GNUTLS_@-PKCS_@-USE_@-PBES2_@-AES_@-192 PBES2 AES-192. -@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-256 +@item GNUTLS_@-PKCS_@-USE_@-PBES2_@-AES_@-256 PBES2 AES-256. @item GNUTLS_@-PKCS_@-NULL_@-PASSWORD Some schemas distinguish between an empty and a NULL password. -@item GNUTLS_@-PKCS_@-PBES2_@-DES -PBES2 single DES. @end table @c gnutls_openpgp_crt_fmt_t @@ -879,57 +818,6 @@ on error. @end deftypefun -@c gnutls_pkcs11_obj_flags -@table @code -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-LOGIN -Force login in the token for the operation (seek+store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-TRUSTED -object marked as trusted (seek+store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-SENSITIVE -object marked as sensitive -unexportable (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-LOGIN_@-SO -force login as a security officer in the token for the operation (seek+store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-PRIVATE -marked as private -requires PIN to access (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-NOT_@-PRIVATE -marked as not private (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-ANY -When retrieving an object, do not set any requirements (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-TRUSTED -When retrieving an object, only retrieve the marked as trusted (alias to @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} ). -In @code{gnutls_pkcs11_crt_is_known()} it implies @code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_COMPARE} if @code{GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY} is not given. -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-DISTRUSTED -When retrieving an object, only retrieve the marked as distrusted (seek). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-COMPARE -When checking an object's presence, fully compare it before returning any result (seek). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PRESENT_@-IN_@-TRUSTED_@-MODULE -The object must be present in a marked as trusted module (seek). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-CA -Mark the object as a CA (seek+store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-KEY_@-WRAP -Mark the generated key pair as wrapping and unwrapping keys (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-COMPARE_@-KEY -When checking an object's presence, compare the key before returning any result (seek). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-OVERWRITE_@-TRUSTMOD_@-EXT -When an issuer is requested, override its extensions with the ones present in the trust module (seek). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-ALWAYS_@-AUTH -Mark the key pair as requiring authentication (pin entry) before every operation (seek+store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-EXTRACTABLE -Mark the key pair as being extractable (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-NEVER_@-EXTRACTABLE -If set, the object was never marked as extractable (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-CRT -When searching, restrict to certificates only (seek). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-WITH_@-PRIVKEY --- undescribed -- -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PUBKEY -When searching, restrict to public key objects only (seek). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-NO_@-STORE_@-PUBKEY -When generating a keypair don't store the public key (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PRIVKEY -When searching, restrict to private key objects only (seek). -@end table - @c gnutls_pkcs11_url_type_t @table @code @item GNUTLS_@-PKCS11_@-URL_@-GENERIC @@ -957,11 +845,29 @@ The token's model. @item GNUTLS_@-PKCS11_@-OBJ_@-ID The object ID. @item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-VERSION -The library's version. +The library's used to access the object version. @item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-DESCRIPTION -The library's description. +The library's used to access the object description (name). @item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-MANUFACTURER -The library's manufacturer name. +The library's used to access the object manufacturer name. +@end table + +@c gnutls_pkcs11_obj_attr_t +@table @code +@item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-CRT_@-ALL +Specify all certificates. +@item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-CRT_@-TRUSTED +Specify all certificates marked as trusted. +@item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-CRT_@-WITH_@-PRIVKEY +Specify all certificates with a corresponding private key. +@item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-PUBKEY +Specify all public keys. +@item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-PRIVKEY +Specify all private keys. +@item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-ALL +Specify all objects. +@item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-CRT_@-TRUSTED_@-CA +Specify all certificates marked as trusted and are CAs. @end table @c gnutls_pkcs11_token_info_t @@ -974,8 +880,6 @@ The token's serial number (string) The token's manufacturer (string) @item GNUTLS_@-PKCS11_@-TOKEN_@-MODEL The token's model (string) -@item GNUTLS_@-PKCS11_@-TOKEN_@-MODNAME -The token's module name (string - since 3.4.3) @end table @c gnutls_pkcs11_obj_type_t @@ -992,12 +896,13 @@ Private key. Secret key. @item GNUTLS_@-PKCS11_@-OBJ_@-DATA Data object. -@item GNUTLS_@-PKCS11_@-OBJ_@-X509_@-CRT_@-EXTENSION -X.509 certificate extension (supported by p11-kit trust module only). @end table @c gnutls_pubkey_flags_t @table @code +@item GNUTLS_@-PUBKEY_@-VERIFY_@-FLAG_@-TLS1_@-RSA +This indicates that a (raw) RSA signature is provided +as in the TLS 1.0 protocol. @item GNUTLS_@-PUBKEY_@-DISABLE_@-CALLBACKS The following flag disables call to PIN callbacks. Only relevant to TPM keys. @@ -1193,15 +1098,3 @@ The certificate obtained via DNS differs. @item DANE_@-VERIFY_@-UNKNOWN_@-DANE_@-INFO No known DANE data was found in the DNS record. @end table - -@c gnutls_pkcs7_sign_flags -@table @code -@item GNUTLS_@-PKCS7_@-EMBED_@-DATA -The signed data will be embedded in the structure. -@item GNUTLS_@-PKCS7_@-INCLUDE_@-TIME -The signing time will be included in the structure. -@item GNUTLS_@-PKCS7_@-INCLUDE_@-CERT -The signer's certificate will be included in the cert list. -@item GNUTLS_@-PKCS7_@-WRITE_@-SPKI -Use the signer's key identifier instead of name. -@end table diff --git a/doc/enums/gnutls_alert_description_t b/doc/enums/gnutls_alert_description_t index ca20865..8cbed46 100644 --- a/doc/enums/gnutls_alert_description_t +++ b/doc/enums/gnutls_alert_description_t @@ -46,8 +46,6 @@ Error in protocol version. Insufficient security. @item GNUTLS_@-A_@-INTERNAL_@-ERROR Internal error. -@item GNUTLS_@-A_@-INAPPROPRIATE_@-FALLBACK -Inappropriate fallback, @item GNUTLS_@-A_@-USER_@-CANCELED User canceled. @item GNUTLS_@-A_@-NO_@-RENEGOTIATION @@ -65,6 +63,5 @@ recognized. The SRP/PSK username is missing or not known. @item GNUTLS_@-A_@-NO_@-APPLICATION_@-PROTOCOL -The ALPN protocol requested is -not supported by the peer. +-- undescribed -- @end table diff --git a/doc/enums/gnutls_certificate_flags b/doc/enums/gnutls_certificate_flags deleted file mode 100644 index bbd3949..0000000 --- a/doc/enums/gnutls_certificate_flags +++ /dev/null @@ -1,7 +0,0 @@ - - -@c gnutls_certificate_flags -@table @code -@item GNUTLS_@-CERTIFICATE_@-SKIP_@-KEY_@-CERT_@-MATCH -Skip the key and certificate matching check. -@end table diff --git a/doc/enums/gnutls_certificate_import_flags b/doc/enums/gnutls_certificate_import_flags index 0f2154a..0f430d0 100644 --- a/doc/enums/gnutls_certificate_import_flags +++ b/doc/enums/gnutls_certificate_import_flags @@ -1,4 +1,33 @@ +@subheading int +@anchor{int} +@deftypefun {typedef} {int} (* @var{gnutls_pin_callback_t}) +@var{gnutls_pin_callback_t}: -- undescribed -- + +Callback function type for PKCS@code{11} or TPM PIN entry. It is set by +functions like @code{gnutls_pkcs11_set_pin_function()} . + +The callback should provides the PIN code to unlock the token with +label @code{token_label} , specified by the URL @code{token_url} . + +The PIN code, as a NUL-terminated ASCII string, should be copied +into the @code{pin} buffer (of maximum size @code{pin_max} ), and return 0 to +indicate success. Alternatively, the callback may return a +negative gnutls error code to indicate failure and cancel PIN entry +(in which case, the contents of the @code{pin} parameter are ignored). + +When a PIN is required, the callback will be invoked repeatedly +(and indefinitely) until either the returned PIN code is correct, +the callback returns failure, or the token refuses login (e.g. when +the token is locked due to too many incorrect PINs!). For the +first such invocation, the @code{attempt} counter will have value zero; +it will increase by one for each subsequent attempt. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun + @c gnutls_certificate_import_flags @table @code @@ -10,6 +39,4 @@ certificates. The error code will be @code{GNUTLS_E_SHORT_MEMORY_BUFFER} . Fail if the certificates in the buffer are not ordered starting from subject to issuer. The error code will be @code{GNUTLS_E_CERTIFICATE_LIST_UNSORTED} . -@item GNUTLS_@-X509_@-CRT_@-LIST_@-SORT -Sort the certificate chain if unsorted. @end table diff --git a/doc/enums/gnutls_certificate_status_t b/doc/enums/gnutls_certificate_status_t index f208dfd..43e7ff7 100644 --- a/doc/enums/gnutls_certificate_status_t +++ b/doc/enums/gnutls_certificate_status_t @@ -37,6 +37,4 @@ The certificate's signer constraints were violated. @item GNUTLS_@-CERT_@-MISMATCH The certificate presented isn't the expected one (TOFU) -@item GNUTLS_@-CERT_@-PURPOSE_@-MISMATCH -The certificate or an intermediate does not match the intended purpose (extended key usage). @end table diff --git a/doc/enums/gnutls_certificate_verify_flags b/doc/enums/gnutls_certificate_verify_flags index 709db15..2f3b7b3 100644 --- a/doc/enums/gnutls_certificate_verify_flags +++ b/doc/enums/gnutls_certificate_verify_flags @@ -45,7 +45,4 @@ certificate chain. @item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-WILDCARDS When including a hostname check in the verification, do not consider any wildcards. -@item GNUTLS_@-VERIFY_@-USE_@-TLS1_@-RSA -This indicates that a (raw) RSA signature is provided -as in the TLS 1.0 protocol. Not all functions accept this flag. @end table diff --git a/doc/enums/gnutls_cipher_algorithm_t b/doc/enums/gnutls_cipher_algorithm_t index bffd64b..355217a 100644 --- a/doc/enums/gnutls_cipher_algorithm_t +++ b/doc/enums/gnutls_cipher_algorithm_t @@ -3,9 +3,9 @@ @c gnutls_cipher_algorithm_t @table @code @item GNUTLS_@-CIPHER_@-UNKNOWN -Value to identify an unknown/unsupported algorithm. +Unknown algorithm. @item GNUTLS_@-CIPHER_@-NULL -The NULL (identity) encryption algorithm. +NULL algorithm. @item GNUTLS_@-CIPHER_@-ARCFOUR_@-128 ARCFOUR stream cipher with 128-bit keys. @item GNUTLS_@-CIPHER_@-3DES_@-CBC @@ -20,6 +20,10 @@ ARCFOUR stream cipher with 40-bit keys. Camellia in CBC mode with 128-bit keys. @item GNUTLS_@-CIPHER_@-CAMELLIA_@-256_@-CBC Camellia in CBC mode with 256-bit keys. +@item GNUTLS_@-CIPHER_@-RC2_@-40_@-CBC +RC2 in CBC mode with 40-bit keys. +@item GNUTLS_@-CIPHER_@-DES_@-CBC +DES in CBC mode (56-bit keys). @item GNUTLS_@-CIPHER_@-AES_@-192_@-CBC AES in CBC mode with 192-bit keys. @item GNUTLS_@-CIPHER_@-AES_@-128_@-GCM @@ -29,43 +33,29 @@ AES in GCM mode with 256-bit keys. @item GNUTLS_@-CIPHER_@-CAMELLIA_@-192_@-CBC Camellia in CBC mode with 192-bit keys. @item GNUTLS_@-CIPHER_@-SALSA20_@-256 -Salsa20 with 256-bit keys. +-- undescribed -- @item GNUTLS_@-CIPHER_@-ESTREAM_@-SALSA20_@-256 -Estream's Salsa20 variant with 256-bit keys. +-- undescribed -- @item GNUTLS_@-CIPHER_@-CAMELLIA_@-128_@-GCM CAMELLIA in GCM mode with 128-bit keys. @item GNUTLS_@-CIPHER_@-CAMELLIA_@-256_@-GCM CAMELLIA in GCM mode with 256-bit keys. -@item GNUTLS_@-CIPHER_@-RC2_@-40_@-CBC -RC2 in CBC mode with 40-bit keys. -@item GNUTLS_@-CIPHER_@-DES_@-CBC -DES in CBC mode (56-bit keys). -@item GNUTLS_@-CIPHER_@-AES_@-128_@-CCM -AES in CCM mode with 128-bit keys. -@item GNUTLS_@-CIPHER_@-AES_@-256_@-CCM -AES in CCM mode with 256-bit keys. -@item GNUTLS_@-CIPHER_@-AES_@-128_@-CCM_@-8 -AES in CCM mode with 64-bit tag and 128-bit keys. -@item GNUTLS_@-CIPHER_@-AES_@-256_@-CCM_@-8 -AES in CCM mode with 64-bit tag and 256-bit keys. -@item GNUTLS_@-CIPHER_@-CHACHA20_@-POLY1305 -The Chacha20 cipher with the Poly1305 authenticator (AEAD). @item GNUTLS_@-CIPHER_@-IDEA_@-PGP_@-CFB -IDEA in CFB mode (placeholder - unsupported). +IDEA in CFB mode. @item GNUTLS_@-CIPHER_@-3DES_@-PGP_@-CFB -3DES in CFB mode (placeholder - unsupported). +3DES in CFB mode. @item GNUTLS_@-CIPHER_@-CAST5_@-PGP_@-CFB -CAST5 in CFB mode (placeholder - unsupported). +CAST5 in CFB mode. @item GNUTLS_@-CIPHER_@-BLOWFISH_@-PGP_@-CFB -Blowfish in CFB mode (placeholder - unsupported). +Blowfish in CFB mode. @item GNUTLS_@-CIPHER_@-SAFER_@-SK128_@-PGP_@-CFB -Safer-SK in CFB mode with 128-bit keys (placeholder - unsupported). +Safer-SK in CFB mode with 128-bit keys. @item GNUTLS_@-CIPHER_@-AES128_@-PGP_@-CFB -AES in CFB mode with 128-bit keys (placeholder - unsupported). +AES in CFB mode with 128-bit keys. @item GNUTLS_@-CIPHER_@-AES192_@-PGP_@-CFB -AES in CFB mode with 192-bit keys (placeholder - unsupported). +AES in CFB mode with 192-bit keys. @item GNUTLS_@-CIPHER_@-AES256_@-PGP_@-CFB -AES in CFB mode with 256-bit keys (placeholder - unsupported). +AES in CFB mode with 256-bit keys. @item GNUTLS_@-CIPHER_@-TWOFISH_@-PGP_@-CFB -Twofish in CFB mode (placeholder - unsupported). +Twofish in CFB mode. @end table diff --git a/doc/enums/gnutls_ext_parse_type_t b/doc/enums/gnutls_ext_parse_type_t deleted file mode 100644 index 77c04ab..0000000 --- a/doc/enums/gnutls_ext_parse_type_t +++ /dev/null @@ -1,44 +0,0 @@ - -@subheading int -@anchor{int} -@deftypefun {typedef} {int} (* @var{gnutls_pin_callback_t}) -@var{gnutls_pin_callback_t}: -- undescribed -- - -Callback function type for PKCS@code{11} or TPM PIN entry. It is set by -functions like @code{gnutls_pkcs11_set_pin_function()} . - -The callback should provides the PIN code to unlock the token with -label @code{token_label} , specified by the URL @code{token_url} . - -The PIN code, as a NUL-terminated ASCII string, should be copied -into the @code{pin} buffer (of maximum size @code{pin_max} ), and return 0 to -indicate success. Alternatively, the callback may return a -negative gnutls error code to indicate failure and cancel PIN entry -(in which case, the contents of the @code{pin} parameter are ignored). - -When a PIN is required, the callback will be invoked repeatedly -(and indefinitely) until either the returned PIN code is correct, -the callback returns failure, or the token refuses login (e.g. when -the token is locked due to too many incorrect PINs!). For the -first such invocation, the @code{attempt} counter will have value zero; -it will increase by one for each subsequent attempt. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. - -@strong{Since:} 2.12.0 -@end deftypefun - - -@c gnutls_ext_parse_type_t -@table @code -@item GNUTLS_@-EXT_@-ANY -Any extension type. -@item GNUTLS_@-EXT_@-APPLICATION -Application extension. -@item GNUTLS_@-EXT_@-TLS -TLS-internal extension. -@item GNUTLS_@-EXT_@-MANDATORY -Extension parsed even if resuming (or extensions are disabled). -@item GNUTLS_@-EXT_@-NONE -Never parsed -@end table diff --git a/doc/enums/gnutls_keyid_flags_t b/doc/enums/gnutls_keyid_flags_t deleted file mode 100644 index ebd1a3b..0000000 --- a/doc/enums/gnutls_keyid_flags_t +++ /dev/null @@ -1,11 +0,0 @@ - - -@c gnutls_keyid_flags_t -@table @code -@item GNUTLS_@-KEYID_@-USE_@-SHA1 -Use SHA1 as the key ID algorithm (default). -@item GNUTLS_@-KEYID_@-USE_@-SHA256 -Use SHA256 as the key ID algorithm. -@item GNUTLS_@-KEYID_@-USE_@-BEST_@-KNOWN -Use the best known algorithm to calculate key ID. Using that option will make your program behavior depend on the version of gnutls linked with. That option has a cap of 64-bytes key IDs. -@end table diff --git a/doc/enums/gnutls_pkcs11_obj_attr_t b/doc/enums/gnutls_pkcs11_obj_attr_t new file mode 100644 index 0000000..2ab77a6 --- /dev/null +++ b/doc/enums/gnutls_pkcs11_obj_attr_t @@ -0,0 +1,19 @@ + + +@c gnutls_pkcs11_obj_attr_t +@table @code +@item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-CRT_@-ALL +Specify all certificates. +@item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-CRT_@-TRUSTED +Specify all certificates marked as trusted. +@item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-CRT_@-WITH_@-PRIVKEY +Specify all certificates with a corresponding private key. +@item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-PUBKEY +Specify all public keys. +@item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-PRIVKEY +Specify all private keys. +@item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-ALL +Specify all objects. +@item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-CRT_@-TRUSTED_@-CA +Specify all certificates marked as trusted and are CAs. +@end table diff --git a/doc/enums/gnutls_pkcs11_obj_flags b/doc/enums/gnutls_pkcs11_obj_flags deleted file mode 100644 index 8e2ff93..0000000 --- a/doc/enums/gnutls_pkcs11_obj_flags +++ /dev/null @@ -1,70 +0,0 @@ - -@subheading int -@anchor{int} -@deftypefun {typedef} {int} (* @var{gnutls_pkcs11_token_callback_t}) -@var{gnutls_pkcs11_token_callback_t}: -- undescribed -- - -Token callback function. The callback will be used to ask the user -to re-insert the token with given (null terminated) label. The -callback should return zero if token has been inserted by user and -a negative error code otherwise. It might be called multiple times -if the token is not detected and the retry counter will be -increased. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code -on error. - -@strong{Since:} 2.12.0 -@end deftypefun - - -@c gnutls_pkcs11_obj_flags -@table @code -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-LOGIN -Force login in the token for the operation (seek+store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-TRUSTED -object marked as trusted (seek+store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-SENSITIVE -object marked as sensitive -unexportable (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-LOGIN_@-SO -force login as a security officer in the token for the operation (seek+store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-PRIVATE -marked as private -requires PIN to access (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-NOT_@-PRIVATE -marked as not private (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-ANY -When retrieving an object, do not set any requirements (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-TRUSTED -When retrieving an object, only retrieve the marked as trusted (alias to @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} ). -In @code{gnutls_pkcs11_crt_is_known()} it implies @code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_COMPARE} if @code{GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY} is not given. -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-DISTRUSTED -When retrieving an object, only retrieve the marked as distrusted (seek). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-COMPARE -When checking an object's presence, fully compare it before returning any result (seek). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PRESENT_@-IN_@-TRUSTED_@-MODULE -The object must be present in a marked as trusted module (seek). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-CA -Mark the object as a CA (seek+store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-KEY_@-WRAP -Mark the generated key pair as wrapping and unwrapping keys (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-COMPARE_@-KEY -When checking an object's presence, compare the key before returning any result (seek). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-OVERWRITE_@-TRUSTMOD_@-EXT -When an issuer is requested, override its extensions with the ones present in the trust module (seek). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-ALWAYS_@-AUTH -Mark the key pair as requiring authentication (pin entry) before every operation (seek+store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-EXTRACTABLE -Mark the key pair as being extractable (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-NEVER_@-EXTRACTABLE -If set, the object was never marked as extractable (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-CRT -When searching, restrict to certificates only (seek). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-WITH_@-PRIVKEY --- undescribed -- -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PUBKEY -When searching, restrict to public key objects only (seek). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-NO_@-STORE_@-PUBKEY -When generating a keypair don't store the public key (store). -@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PRIVKEY -When searching, restrict to private key objects only (seek). -@end table diff --git a/doc/enums/gnutls_pkcs11_obj_info_t b/doc/enums/gnutls_pkcs11_obj_info_t index a4df554..f5894cf 100644 --- a/doc/enums/gnutls_pkcs11_obj_info_t +++ b/doc/enums/gnutls_pkcs11_obj_info_t @@ -17,9 +17,9 @@ The token's model. @item GNUTLS_@-PKCS11_@-OBJ_@-ID The object ID. @item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-VERSION -The library's version. +The library's used to access the object version. @item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-DESCRIPTION -The library's description. +The library's used to access the object description (name). @item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-MANUFACTURER -The library's manufacturer name. +The library's used to access the object manufacturer name. @end table diff --git a/doc/enums/gnutls_pkcs11_obj_type_t b/doc/enums/gnutls_pkcs11_obj_type_t index ecd6267..5c24fd3 100644 --- a/doc/enums/gnutls_pkcs11_obj_type_t +++ b/doc/enums/gnutls_pkcs11_obj_type_t @@ -14,6 +14,4 @@ Private key. Secret key. @item GNUTLS_@-PKCS11_@-OBJ_@-DATA Data object. -@item GNUTLS_@-PKCS11_@-OBJ_@-X509_@-CRT_@-EXTENSION -X.509 certificate extension (supported by p11-kit trust module only). @end table diff --git a/doc/enums/gnutls_pkcs11_token_info_t b/doc/enums/gnutls_pkcs11_token_info_t index 3db680d..5be8fe0 100644 --- a/doc/enums/gnutls_pkcs11_token_info_t +++ b/doc/enums/gnutls_pkcs11_token_info_t @@ -10,6 +10,4 @@ The token's serial number (string) The token's manufacturer (string) @item GNUTLS_@-PKCS11_@-TOKEN_@-MODEL The token's model (string) -@item GNUTLS_@-PKCS11_@-TOKEN_@-MODNAME -The token's module name (string - since 3.4.3) @end table diff --git a/doc/enums/gnutls_pkcs11_url_type_t b/doc/enums/gnutls_pkcs11_url_type_t index 896e3cc..6609822 100644 --- a/doc/enums/gnutls_pkcs11_url_type_t +++ b/doc/enums/gnutls_pkcs11_url_type_t @@ -1,4 +1,22 @@ +@subheading int +@anchor{int} +@deftypefun {typedef} {int} (* @var{gnutls_pkcs11_token_callback_t}) +@var{gnutls_pkcs11_token_callback_t}: -- undescribed -- + +Token callback function. The callback will be used to ask the user +to re-insert the token with given (null terminated) label. The +callback should return zero if token has been inserted by user and +a negative error code otherwise. It might be called multiple times +if the token is not detected and the retry counter will be +increased. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code +on error. + +@strong{Since:} 2.12.0 +@end deftypefun + @c gnutls_pkcs11_url_type_t @table @code diff --git a/doc/enums/gnutls_pkcs7_sign_flags b/doc/enums/gnutls_pkcs7_sign_flags deleted file mode 100644 index c5a7250..0000000 --- a/doc/enums/gnutls_pkcs7_sign_flags +++ /dev/null @@ -1,13 +0,0 @@ - - -@c gnutls_pkcs7_sign_flags -@table @code -@item GNUTLS_@-PKCS7_@-EMBED_@-DATA -The signed data will be embedded in the structure. -@item GNUTLS_@-PKCS7_@-INCLUDE_@-TIME -The signing time will be included in the structure. -@item GNUTLS_@-PKCS7_@-INCLUDE_@-CERT -The signer's certificate will be included in the cert list. -@item GNUTLS_@-PKCS7_@-WRITE_@-SPKI -Use the signer's key identifier instead of name. -@end table diff --git a/doc/enums/gnutls_pkcs_encrypt_flags_t b/doc/enums/gnutls_pkcs_encrypt_flags_t index 9bc1780..3ca9be2 100644 --- a/doc/enums/gnutls_pkcs_encrypt_flags_t +++ b/doc/enums/gnutls_pkcs_encrypt_flags_t @@ -4,22 +4,20 @@ @table @code @item GNUTLS_@-PKCS_@-PLAIN Unencrypted private key. -@item GNUTLS_@-PKCS_@-PKCS12_@-3DES +@item GNUTLS_@-PKCS_@-USE_@-PKCS12_@-3DES PKCS-12 3DES. -@item GNUTLS_@-PKCS_@-PKCS12_@-ARCFOUR +@item GNUTLS_@-PKCS_@-USE_@-PKCS12_@-ARCFOUR PKCS-12 ARCFOUR. -@item GNUTLS_@-PKCS_@-PKCS12_@-RC2_@-40 +@item GNUTLS_@-PKCS_@-USE_@-PKCS12_@-RC2_@-40 PKCS-12 RC2-40. -@item GNUTLS_@-PKCS_@-PBES2_@-3DES +@item GNUTLS_@-PKCS_@-USE_@-PBES2_@-3DES PBES2 3DES. -@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-128 +@item GNUTLS_@-PKCS_@-USE_@-PBES2_@-AES_@-128 PBES2 AES-128. -@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-192 +@item GNUTLS_@-PKCS_@-USE_@-PBES2_@-AES_@-192 PBES2 AES-192. -@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-256 +@item GNUTLS_@-PKCS_@-USE_@-PBES2_@-AES_@-256 PBES2 AES-256. @item GNUTLS_@-PKCS_@-NULL_@-PASSWORD Some schemas distinguish between an empty and a NULL password. -@item GNUTLS_@-PKCS_@-PBES2_@-DES -PBES2 single DES. @end table diff --git a/doc/enums/gnutls_pubkey_flags_t b/doc/enums/gnutls_pubkey_flags_t index e28aeea..36264d9 100644 --- a/doc/enums/gnutls_pubkey_flags_t +++ b/doc/enums/gnutls_pubkey_flags_t @@ -2,6 +2,9 @@ @c gnutls_pubkey_flags_t @table @code +@item GNUTLS_@-PUBKEY_@-VERIFY_@-FLAG_@-TLS1_@-RSA +This indicates that a (raw) RSA signature is provided +as in the TLS 1.0 protocol. @item GNUTLS_@-PUBKEY_@-DISABLE_@-CALLBACKS The following flag disables call to PIN callbacks. Only relevant to TPM keys. diff --git a/doc/enums/gnutls_sec_param_t b/doc/enums/gnutls_sec_param_t index ba311d8..6b4657b 100644 --- a/doc/enums/gnutls_sec_param_t +++ b/doc/enums/gnutls_sec_param_t @@ -2,8 +2,6 @@ @c gnutls_sec_param_t @table @code -@item GNUTLS_@-SEC_@-PARAM_@-UNKNOWN -Cannot be known @item GNUTLS_@-SEC_@-PARAM_@-INSECURE Less than 42 bits of security @item GNUTLS_@-SEC_@-PARAM_@-EXPORT @@ -12,6 +10,8 @@ Less than 42 bits of security 64 bits of security @item GNUTLS_@-SEC_@-PARAM_@-WEAK 72 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-UNKNOWN +Cannot be known @item GNUTLS_@-SEC_@-PARAM_@-LOW 80 bits of security @item GNUTLS_@-SEC_@-PARAM_@-LEGACY @@ -22,6 +22,4 @@ Less than 42 bits of security 128 bits of security @item GNUTLS_@-SEC_@-PARAM_@-ULTRA 192 bits of security -@item GNUTLS_@-SEC_@-PARAM_@-FUTURE -256 bits of security @end table diff --git a/doc/enums/gnutls_sign_algorithm_t b/doc/enums/gnutls_sign_algorithm_t index e782f7f..647ff80 100644 --- a/doc/enums/gnutls_sign_algorithm_t +++ b/doc/enums/gnutls_sign_algorithm_t @@ -41,7 +41,7 @@ Digital signature algorithm ECDSA with SHA-384. @item GNUTLS_@-SIGN_@-ECDSA_@-SHA512 Digital signature algorithm ECDSA with SHA-512. @item GNUTLS_@-SIGN_@-DSA_@-SHA384 -Digital signature algorithm DSA with SHA-384 +-- undescribed -- @item GNUTLS_@-SIGN_@-DSA_@-SHA512 -Digital signature algorithm DSA with SHA-512 +-- undescribed -- @end table diff --git a/doc/enums/gnutls_supplemental_data_format_type_t b/doc/enums/gnutls_supplemental_data_format_type_t index bbf3976..3594cd9 100644 --- a/doc/enums/gnutls_supplemental_data_format_type_t +++ b/doc/enums/gnutls_supplemental_data_format_type_t @@ -2,6 +2,6 @@ @c gnutls_supplemental_data_format_type_t @table @code -@item GNUTLS_@-SUPPLEMENTAL_@-UNKNOWN -Unknown data format +@item GNUTLS_@-SUPPLEMENTAL_@-USER_@-MAPPING_@-DATA +Supplemental user mapping data. @end table diff --git a/doc/enums/gnutls_vdata_types_t b/doc/enums/gnutls_vdata_types_t index 33e45f8..54ee0fd 100644 --- a/doc/enums/gnutls_vdata_types_t +++ b/doc/enums/gnutls_vdata_types_t @@ -5,14 +5,7 @@ @item GNUTLS_@-DT_@-UNKNOWN Unknown data type. @item GNUTLS_@-DT_@-DNS_@-HOSTNAME -The data contain a null-terminated DNS hostname; the hostname will be -matched using the RFC6125 rules. +The data contain a null-terminated DNS hostname. @item GNUTLS_@-DT_@-KEY_@-PURPOSE_@-OID -The data contain a null-terminated key purpose OID. It will be matched -against the certificate's Extended Key Usage extension. -@item GNUTLS_@-DT_@-RFC822NAME -The data contain a null-terminated email address; the email will be -matched against the RFC822Name field of the certificate, or the EMAIL DN component if the -former isn't available. Prior to matching the email address will be converted to ACE -(ASCII-compatible-encoding). +The data contain a null-terminated key purpose OID. @end table diff --git a/doc/error_codes.texi b/doc/error_codes.texi index 590e07f..c0c8f06 100644 --- a/doc/error_codes.texi +++ b/doc/error_codes.texi @@ -3,7 +3,7 @@ @item -3 @tab GNUTLS_@-E_@-UNKNOWN_@-COMPRESSION_@-ALGORITHM @tab Could not negotiate a supported compression method. @item -6 @tab GNUTLS_@-E_@-UNKNOWN_@-CIPHER_@-TYPE @tab The cipher type is unsupported. @item -7 @tab GNUTLS_@-E_@-LARGE_@-PACKET @tab The transmitted packet is too large (EMSGSIZE). -@item -8 @tab GNUTLS_@-E_@-UNSUPPORTED_@-VERSION_@-PACKET @tab A packet with illegal or unsupported version was received. +@item -8 @tab GNUTLS_@-E_@-UNSUPPORTED_@-VERSION_@-PACKET @tab A record packet with illegal version was received. @item -9 @tab GNUTLS_@-E_@-UNEXPECTED_@-PACKET_@-LENGTH @tab A TLS packet with unexpected length was received. @item -10 @tab GNUTLS_@-E_@-INVALID_@-SESSION @tab The specified session has been invalidated for some reason. @item -12 @tab GNUTLS_@-E_@-FATAL_@-ALERT_@-RECEIVED @tab A TLS fatal alert has been received. @@ -83,6 +83,8 @@ @item -99 @tab GNUTLS_@-E_@-INVALID_@-PASSWORD @tab The given password contains invalid characters. @item -100 @tab GNUTLS_@-E_@-MAC_@-VERIFY_@-FAILED @tab The Message Authentication Code verification failed. @item -101 @tab GNUTLS_@-E_@-CONSTRAINT_@-ERROR @tab Some constraint limits were reached. +@item -102 @tab GNUTLS_@-E_@-WARNING_@-IA_@-IPHF_@-RECEIVED @tab Received a TLS/IA Intermediate Phase Finished message +@item -103 @tab GNUTLS_@-E_@-WARNING_@-IA_@-FPHF_@-RECEIVED @tab Received a TLS/IA Final Phase Finished message @item -104 @tab GNUTLS_@-E_@-IA_@-VERIFY_@-FAILED @tab Verifying TLS/IA phase checksum failed @item -105 @tab GNUTLS_@-E_@-UNKNOWN_@-ALGORITHM @tab The specified algorithm or protocol is unknown. @item -106 @tab GNUTLS_@-E_@-UNSUPPORTED_@-SIGNATURE_@-ALGORITHM @tab The signature algorithm is not supported. @@ -106,7 +108,6 @@ @item -214 @tab GNUTLS_@-E_@-BAD_@-COOKIE @tab The cookie was bad. @item -215 @tab GNUTLS_@-E_@-OPENPGP_@-PREFERRED_@-KEY_@-ERROR @tab The OpenPGP key has not a preferred key set. @item -216 @tab GNUTLS_@-E_@-INCOMPAT_@-DSA_@-KEY_@-WITH_@-TLS_@-PROTOCOL @tab The given DSA key is incompatible with the selected TLS protocol. -@item -217 @tab GNUTLS_@-E_@-INSUFFICIENT_@-SECURITY @tab One of the involved algorithms has insufficient security level. @item -292 @tab GNUTLS_@-E_@-HEARTBEAT_@-PONG_@-RECEIVED @tab A heartbeat pong message was received. @item -293 @tab GNUTLS_@-E_@-HEARTBEAT_@-PING_@-RECEIVED @tab A heartbeat ping message was received. @item -300 @tab GNUTLS_@-E_@-PKCS11_@-ERROR @tab PKCS #11 error. @@ -143,16 +144,12 @@ @item -332 @tab GNUTLS_@-E_@-TPM_@-SESSION_@-ERROR @tab Cannot initialize a session with the TPM. @item -333 @tab GNUTLS_@-E_@-TPM_@-KEY_@-NOT_@-FOUND @tab TPM key was not found in persistent storage. @item -334 @tab GNUTLS_@-E_@-TPM_@-UNINITIALIZED @tab TPM is not initialized. -@item -335 @tab GNUTLS_@-E_@-TPM_@-NO_@-LIB @tab The TPM library (trousers) cannot be found. @item -340 @tab GNUTLS_@-E_@-NO_@-CERTIFICATE_@-STATUS @tab There is no certificate status (OCSP). @item -341 @tab GNUTLS_@-E_@-OCSP_@-RESPONSE_@-ERROR @tab The OCSP response is invalid @item -342 @tab GNUTLS_@-E_@-RANDOM_@-DEVICE_@-ERROR @tab Error in the system's randomness device. @item -343 @tab GNUTLS_@-E_@-AUTH_@-ERROR @tab Could not authenticate peer. @item -344 @tab GNUTLS_@-E_@-NO_@-APPLICATION_@-PROTOCOL @tab No common application protocol could be negotiated. @item -345 @tab GNUTLS_@-E_@-SOCKETS_@-INIT_@-ERROR @tab Error in sockets initialization. -@item -346 @tab GNUTLS_@-E_@-KEY_@-IMPORT_@-FAILED @tab Failed to import the key into store. -@item -347 @tab GNUTLS_@-E_@-INAPPROPRIATE_@-FALLBACK @tab A connection with inappropriate fallback was attempted. -@item -348 @tab GNUTLS_@-E_@-CERTIFICATE_@-VERIFICATION_@-ERROR @tab Error in the certificate verification. @item -400 @tab GNUTLS_@-E_@-SELF_@-TEST_@-ERROR @tab Error while performing self checks. @item -401 @tab GNUTLS_@-E_@-NO_@-SELF_@-TEST @tab There is no self test for this algorithm. @item -402 @tab GNUTLS_@-E_@-LIB_@-IN_@-ERROR_@-STATE @tab An error has been detected in the library and cannot continue operations. diff --git a/doc/examples/Makefile.am b/doc/examples/Makefile.am index 69f1db9..0915f9b 100644 --- a/doc/examples/Makefile.am +++ b/doc/examples/Makefile.am @@ -24,7 +24,9 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/lib/includes -I$(top_builddir)/lib/includes \ -I$(top_srcdir)/extra/includes \ -I$(top_srcdir)/src/gl \ - -I$(top_builddir)/src/gl + -I$(top_builddir)/src/gl \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl # Gnulib warns and suggests use of fseeko instead of fseek, which is # used in ex-cert-select.c, but certificate files will not be > 4 GB, diff --git a/doc/examples/Makefile.in b/doc/examples/Makefile.in index fcf8a2c..7385449 100644 --- a/doc/examples/Makefile.in +++ b/doc/examples/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -36,17 +36,7 @@ VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -124,6 +114,8 @@ noinst_PROGRAMS = ex-client-resume$(EXEEXT) ex-client-dtls$(EXEEXT) \ @ENABLE_SRP_TRUE@am__append_7 = ex-client-srp ex-serv-srp @ENABLE_OCSP_TRUE@am__append_8 = ex-ocsp-client subdir = doc/examples +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/bison.m4 \ @@ -157,7 +149,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ $(top_srcdir)/src/gl/m4/xalloc.m4 \ $(top_srcdir)/src/libopts/m4/libopts.m4 \ - $(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \ $(top_srcdir)/gl/m4/00gnulib.m4 \ $(top_srcdir)/gl/m4/absolute-header.m4 \ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/base64.m4 \ @@ -234,7 +225,6 @@ am__aclocal_m4_deps = $(top_srcdir)/src/gl/m4/arpa_inet_h.m4 \ $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -471,8 +461,6 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags -am__DIST_COMMON = $(srcdir)/Makefile.in \ - $(top_srcdir)/build-aux/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ @@ -524,7 +512,6 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ -ENABLE_PADLOCK = @ENABLE_PADLOCK@ ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ ENOLINK_VALUE = @ENOLINK_VALUE@ EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ @@ -684,7 +671,6 @@ GNULIB_PUTCHAR = @GNULIB_PUTCHAR@ GNULIB_PUTENV = @GNULIB_PUTENV@ GNULIB_PUTS = @GNULIB_PUTS@ GNULIB_PWRITE = @GNULIB_PWRITE@ -GNULIB_QSORT_R = @GNULIB_QSORT_R@ GNULIB_RAISE = @GNULIB_RAISE@ GNULIB_RANDOM = @GNULIB_RANDOM@ GNULIB_RANDOM_R = @GNULIB_RANDOM_R@ @@ -747,7 +733,6 @@ GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@ GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@ GNULIB_TIMEGM = @GNULIB_TIMEGM@ GNULIB_TIME_R = @GNULIB_TIME_R@ -GNULIB_TIME_RZ = @GNULIB_TIME_RZ@ GNULIB_TMPFILE = @GNULIB_TMPFILE@ GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@ GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@ @@ -897,7 +882,6 @@ HAVE_LCHMOD = @HAVE_LCHMOD@ HAVE_LCHOWN = @HAVE_LCHOWN@ HAVE_LIBDL = @HAVE_LIBDL@ HAVE_LIBICONV = @HAVE_LIBICONV@ -HAVE_LIBNSL = @HAVE_LIBNSL@ HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ HAVE_LIBRT = @HAVE_LIBRT@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -905,7 +889,6 @@ HAVE_LINK = @HAVE_LINK@ HAVE_LINKAT = @HAVE_LINKAT@ HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ HAVE_LSTAT = @HAVE_LSTAT@ -HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ HAVE_MBRLEN = @HAVE_MBRLEN@ HAVE_MBRTOWC = @HAVE_MBRTOWC@ HAVE_MBSINIT = @HAVE_MBSINIT@ @@ -996,7 +979,6 @@ HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ HAVE_TIMEGM = @HAVE_TIMEGM@ -HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ HAVE_UNISTD_H = @HAVE_UNISTD_H@ HAVE_UNLINKAT = @HAVE_UNLINKAT@ @@ -1072,8 +1054,6 @@ LIBICONV_PREFIX = @LIBICONV_PREFIX@ LIBIDN_CFLAGS = @LIBIDN_CFLAGS@ LIBIDN_LIBS = @LIBIDN_LIBS@ LIBINTL = @LIBINTL@ -LIBNSL = @LIBNSL@ -LIBNSL_PREFIX = @LIBNSL_PREFIX@ LIBOBJS = @LIBOBJS@ LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ LIBOPTS_DIR = @LIBOPTS_DIR@ @@ -1098,7 +1078,6 @@ LTALLOCA = @LTALLOCA@ LTLIBDL = @LTLIBDL@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ -LTLIBNSL = @LTLIBNSL@ LTLIBOBJS = @LTLIBOBJS@ LTLIBPTHREAD = @LTLIBPTHREAD@ LTLIBRT = @LTLIBRT@ @@ -1278,12 +1257,10 @@ REPLACE_PTSNAME = @REPLACE_PTSNAME@ REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ REPLACE_PUTENV = @REPLACE_PUTENV@ REPLACE_PWRITE = @REPLACE_PWRITE@ -REPLACE_QSORT_R = @REPLACE_QSORT_R@ REPLACE_RAISE = @REPLACE_RAISE@ REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ REPLACE_READ = @REPLACE_READ@ REPLACE_READLINK = @REPLACE_READLINK@ -REPLACE_READLINKAT = @REPLACE_READLINKAT@ REPLACE_REALLOC = @REPLACE_REALLOC@ REPLACE_REALPATH = @REPLACE_REALPATH@ REPLACE_REMOVE = @REPLACE_REMOVE@ @@ -1315,7 +1292,6 @@ REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ REPLACE_SYMLINK = @REPLACE_SYMLINK@ -REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ REPLACE_TIMEGM = @REPLACE_TIMEGM@ REPLACE_TMPFILE = @REPLACE_TMPFILE@ REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ @@ -1348,11 +1324,9 @@ STDALIGN_H = @STDALIGN_H@ STDBOOL_H = @STDBOOL_H@ STDDEF_H = @STDDEF_H@ STDINT_H = @STDINT_H@ -STDNORETURN_H = @STDNORETURN_H@ STRIP = @STRIP@ SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ -TROUSERS_LIB = @TROUSERS_LIB@ TSS_CFLAGS = @TSS_CFLAGS@ TSS_LIBS = @TSS_LIBS@ UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ @@ -1360,7 +1334,6 @@ UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ UNBOUND_LIBS = @UNBOUND_LIBS@ UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ -UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ USE_NLS = @USE_NLS@ @@ -1437,7 +1410,6 @@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -1454,7 +1426,8 @@ AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) AM_CPPFLAGS = -I$(top_srcdir)/lib/includes \ -I$(top_builddir)/lib/includes -I$(top_srcdir)/extra/includes \ -I$(top_srcdir)/src/gl -I$(top_builddir)/src/gl \ - -D_GL_NO_LARGE_FILES -DNO_LIBCURL + -I$(top_srcdir)/gl -I$(top_builddir)/gl -D_GL_NO_LARGE_FILES \ + -DNO_LIBCURL AM_LDFLAGS = -no-install LDADD = libexamples.la \ ../../lib/libgnutls.la \ @@ -1488,6 +1461,7 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/examples/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/examples/Makefile +.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1888,8 +1862,6 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am -.PRECIOUS: Makefile - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/doc/examples/ex-cert-select-pkcs11.c b/doc/examples/ex-cert-select-pkcs11.c index dd16676..a7f4e7c 100644 --- a/doc/examples/ex-cert-select-pkcs11.c +++ b/doc/examples/ex-cert-select-pkcs11.c @@ -80,15 +80,14 @@ int main(void) */ if (gnutls_check_version("3.1.4") == NULL) { - fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + fprintf(stderr, "GnuTLS 3.1.4 is required for this example\n"); exit(1); } - /* for backwards compatibility with gnutls < 3.3.0 */ gnutls_global_init(); - - /* The PKCS11 private key operations may require PIN. - * Register a callback. */ + /* PKCS11 private key operations might require PIN. + * Register a callback. + */ gnutls_pkcs11_set_pin_function(pin_callback, NULL); /* X509 stuff */ diff --git a/doc/examples/ex-cert-select.c b/doc/examples/ex-cert-select.c index 4c15f0b..7437e26 100644 --- a/doc/examples/ex-cert-select.c +++ b/doc/examples/ex-cert-select.c @@ -94,11 +94,10 @@ int main(void) gnutls_certificate_credentials_t xcred; if (gnutls_check_version("3.1.4") == NULL) { - fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + fprintf(stderr, "GnuTLS 3.1.4 is required for this example\n"); exit(1); } - /* for backwards compatibility with gnutls < 3.3.0 */ gnutls_global_init(); load_keys(); diff --git a/doc/examples/ex-client-dtls.c b/doc/examples/ex-client-dtls.c index dea3b68..dcb0e10 100644 --- a/doc/examples/ex-client-dtls.c +++ b/doc/examples/ex-client-dtls.c @@ -34,11 +34,10 @@ int main(void) gnutls_certificate_credentials_t xcred; if (gnutls_check_version("3.1.4") == NULL) { - fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + fprintf(stderr, "GnuTLS 3.1.4 is required for this example\n"); exit(1); } - /* for backwards compatibility with gnutls < 3.3.0 */ gnutls_global_init(); /* X509 stuff */ @@ -75,7 +74,8 @@ int main(void) /* set the connection MTU */ gnutls_dtls_set_mtu(session, 1000); - /* gnutls_dtls_set_timeouts(session, 1000, 60000); */ + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); /* Perform the TLS handshake */ do { diff --git a/doc/examples/ex-client-srp.c b/doc/examples/ex-client-srp.c index e023289..4542724 100644 --- a/doc/examples/ex-client-srp.c +++ b/doc/examples/ex-client-srp.c @@ -31,11 +31,10 @@ int main(void) gnutls_certificate_credentials_t cert_cred; if (gnutls_check_version("3.1.4") == NULL) { - fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + fprintf(stderr, "GnuTLS 3.1.4 is required for this example\n"); exit(1); } - /* for backwards compatibility with gnutls < 3.3.0 */ gnutls_global_init(); gnutls_srp_allocate_client_credentials(&srp_cred); diff --git a/doc/examples/ex-client-x509.c b/doc/examples/ex-client-x509.c index 2fe4774..01762e8 100644 --- a/doc/examples/ex-client-x509.c +++ b/doc/examples/ex-client-x509.c @@ -22,26 +22,21 @@ extern int tcp_connect(void); extern void tcp_close(int sd); +static int _verify_certificate_callback(gnutls_session_t session); int main(void) { int ret, sd, ii; gnutls_session_t session; char buffer[MAX_BUF + 1]; - gnutls_datum_t out; - int type; - unsigned status; -#if 0 const char *err; -#endif gnutls_certificate_credentials_t xcred; - if (gnutls_check_version("3.4.6") == NULL) { - fprintf(stderr, "GnuTLS 3.4.6 or later is required for this example\n"); + if (gnutls_check_version("3.1.4") == NULL) { + fprintf(stderr, "GnuTLS 3.1.4 is required for this example\n"); exit(1); } - /* for backwards compatibility with gnutls < 3.3.0 */ gnutls_global_init(); /* X509 stuff */ @@ -51,6 +46,8 @@ int main(void) */ gnutls_certificate_set_x509_trust_file(xcred, CAFILE, GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_verify_function(xcred, + _verify_certificate_callback); /* If client holds a certificate it can be set using the following: * @@ -68,7 +65,7 @@ int main(void) gnutls_server_name_set(session, GNUTLS_NAME_DNS, "my_host_name", strlen("my_host_name")); - /* It is recommended to use the default priorities */ + /* use default priorities */ gnutls_set_default_priority(session); #if 0 /* if more fine-graned control is required */ @@ -85,7 +82,6 @@ int main(void) /* put the x509 credentials to the current session */ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); - gnutls_session_set_verify_cert(session, "my_host_name", 0); /* connect to the peer */ @@ -101,6 +97,7 @@ int main(void) ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { fprintf(stderr, "*** Handshake failed\n"); gnutls_perror(ret); @@ -113,21 +110,6 @@ int main(void) gnutls_free(desc); } - /* check certificate verification status */ - type = gnutls_certificate_type_get(session); - status = gnutls_session_get_verify_cert_status(session); - ret = - gnutls_certificate_verification_status_print(status, type, - &out, 0); - if (ret < 0) { - printf("Error\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - printf("%s", out.data); - gnutls_free(out.data); - - /* send data */ gnutls_record_send(session, MSG, strlen(MSG)); ret = gnutls_record_recv(session, buffer, MAX_BUF); @@ -163,3 +145,68 @@ int main(void) return 0; } + +/* This function will verify the peer's certificate, and check + * if the hostname matches, as well as the activation, expiration dates. + */ +static int _verify_certificate_callback(gnutls_session_t session) +{ + unsigned int status; + int ret, type; + const char *hostname; + gnutls_datum_t out; + + /* read hostname */ + hostname = gnutls_session_get_ptr(session); + + /* This verification function uses the trusted CAs in the credentials + * structure. So you must have installed one or more CA certificates. + */ + + /* The following demonstrate two different verification functions, + * the more flexible gnutls_certificate_verify_peers(), as well + * as the old gnutls_certificate_verify_peers3(). */ +#if 1 + { + gnutls_typed_vdata_st data[2]; + + memset(data, 0, sizeof(data)); + + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)hostname; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + ret = gnutls_certificate_verify_peers(session, data, 2, + &status); + } +#else + ret = gnutls_certificate_verify_peers3(session, hostname, + &status); +#endif + if (ret < 0) { + printf("Error\n"); + return GNUTLS_E_CERTIFICATE_ERROR; + } + + type = gnutls_certificate_type_get(session); + + ret = + gnutls_certificate_verification_status_print(status, type, + &out, 0); + if (ret < 0) { + printf("Error\n"); + return GNUTLS_E_CERTIFICATE_ERROR; + } + + printf("%s", out.data); + + gnutls_free(out.data); + + if (status != 0) /* Certificate is not trusted */ + return GNUTLS_E_CERTIFICATE_ERROR; + + /* notify gnutls to continue handshake normally */ + return 0; +} diff --git a/doc/examples/ex-pkcs11-list.c b/doc/examples/ex-pkcs11-list.c index b263631..5091161 100644 --- a/doc/examples/ex-pkcs11-list.c +++ b/doc/examples/ex-pkcs11-list.c @@ -17,13 +17,21 @@ int main(int argc, char **argv) int ret; unsigned int i; - ret = gnutls_pkcs11_obj_list_import_url4(&obj_list, &obj_list_size, URL, - GNUTLS_PKCS11_OBJ_FLAG_CRT| - GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY); - if (ret < 0) + obj_list_size = 0; + ret = gnutls_pkcs11_obj_list_import_url(NULL, &obj_list_size, URL, + GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, + 0); + if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) return -1; - /* now all certificates are in obj_list */ +/* no error checking from now on */ + obj_list = malloc(sizeof(*obj_list) * obj_list_size); + + gnutls_pkcs11_obj_list_import_url(obj_list, &obj_list_size, URL, + GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, + 0); + +/* now all certificates are in obj_list */ for (i = 0; i < obj_list_size; i++) { gnutls_x509_crt_init(&xcrt); @@ -38,9 +46,5 @@ int main(int argc, char **argv) gnutls_x509_crt_deinit(xcrt); } - for (i = 0; i < obj_list_size; i++) - gnutls_pkcs11_obj_deinit(obj_list[i]); - gnutls_free(obj_list); - return 0; } diff --git a/doc/examples/ex-serv-anon.c b/doc/examples/ex-serv-anon.c index abb4af5..dc0a55b 100644 --- a/doc/examples/ex-serv-anon.c +++ b/doc/examples/ex-serv-anon.c @@ -55,11 +55,10 @@ int main(void) int optval = 1; if (gnutls_check_version("3.1.4") == NULL) { - fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + fprintf(stderr, "GnuTLS 3.1.4 is required for this example\n"); exit(1); } - /* for backwards compatibility with gnutls < 3.3.0 */ gnutls_global_init(); gnutls_anon_allocate_server_credentials(&anoncred); @@ -93,7 +92,7 @@ int main(void) for (;;) { gnutls_init(&session, GNUTLS_SERVER); gnutls_priority_set_direct(session, - "NORMAL:+ANON-ECDH:+ANON-DH", + "NORMAL::+ANON-ECDH:+ANON-DH", NULL); gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); diff --git a/doc/examples/ex-serv-dtls.c b/doc/examples/ex-serv-dtls.c index ad51fd9..7e35bbc 100644 --- a/doc/examples/ex-serv-dtls.c +++ b/doc/examples/ex-serv-dtls.c @@ -28,7 +28,7 @@ */ #define MAX_BUFFER 1024 -#define PORT 5557 +#define PORT 5556 typedef struct { gnutls_session_t session; diff --git a/doc/examples/ex-serv-pgp.c b/doc/examples/ex-serv-pgp.c index 9cd4395..d68a11c 100644 --- a/doc/examples/ex-serv-pgp.c +++ b/doc/examples/ex-serv-pgp.c @@ -64,11 +64,10 @@ int main(void) strcpy(name, "Echo Server"); if (gnutls_check_version("3.1.4") == NULL) { - fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + fprintf(stderr, "GnuTLS 3.1.4 is required for this example\n"); exit(1); } - /* for backwards compatibility with gnutls < 3.3.0 */ gnutls_global_init(); gnutls_certificate_allocate_credentials(&cred); diff --git a/doc/examples/ex-serv-psk.c b/doc/examples/ex-serv-psk.c index ed61f00..c83658b 100644 --- a/doc/examples/ex-serv-psk.c +++ b/doc/examples/ex-serv-psk.c @@ -79,11 +79,10 @@ int main(void) int kx; if (gnutls_check_version("3.1.4") == NULL) { - fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + fprintf(stderr, "GnuTLS 3.1.4 is required for this example\n"); exit(1); } - /* for backwards compatibility with gnutls < 3.3.0 */ gnutls_global_init(); gnutls_certificate_allocate_credentials(&x509_cred); diff --git a/doc/examples/ex-serv-srp.c b/doc/examples/ex-serv-srp.c index c79ceb2..9f1f58a 100644 --- a/doc/examples/ex-serv-srp.c +++ b/doc/examples/ex-serv-srp.c @@ -47,11 +47,10 @@ int main(void) strcpy(name, "Echo Server"); if (gnutls_check_version("3.1.4") == NULL) { - fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + fprintf(stderr, "GnuTLS 3.1.4 is required for this example\n"); exit(1); } - /* for backwards compatibility with gnutls < 3.3.0 */ gnutls_global_init(); /* SRP_PASSWD a password file (created with the included srptool utility) diff --git a/doc/examples/ex-serv-x509.c b/doc/examples/ex-serv-x509.c index 69061e6..5380d60 100644 --- a/doc/examples/ex-serv-x509.c +++ b/doc/examples/ex-serv-x509.c @@ -67,7 +67,8 @@ int main(void) char buffer[MAX_BUF + 1]; int optval = 1; - /* for backwards compatibility with gnutls < 3.3.0 */ + /* this must be called once in the program + */ gnutls_global_init(); gnutls_certificate_allocate_credentials(&x509_cred); diff --git a/doc/functions/dane_query_to_raw_tlsa b/doc/functions/dane_query_to_raw_tlsa deleted file mode 100644 index 24605a6..0000000 --- a/doc/functions/dane_query_to_raw_tlsa +++ /dev/null @@ -1,31 +0,0 @@ - - - - -@deftypefun {int} {dane_query_to_raw_tlsa} (dane_query_t @var{q}, unsigned int * @var{data_entries}, char *** @var{dane_data}, int ** @var{dane_data_len}, int * @var{secure}, int * @var{bogus}) -@var{q}: The query result structure - -@var{data_entries}: Pointer set to the number of entries in the query - -@var{dane_data}: Pointer to contain an array of DNS rdata items, terminated with a NULL pointer; -caller must guarantee that the referenced data remains -valid until @code{dane_query_deinit()} is called. - -@var{dane_data_len}: Pointer to contain the length n bytes of the dane_data items - -@var{secure}: Pointer set true if the result is validated securely, false if -validation failed or the domain queried has no security info - -@var{bogus}: Pointer set true if the result was not secure due to a security failure - -This function will provide the DANE data from the query -response. - -The pointers dane_data and dane_data_len are allocated with @code{gnutls_malloc()} -to contain the data from the query result structure (individual - @code{dane_data} items simply point to the original data and are not allocated separately). -The returned @code{dane_data} are only valid during the lifetime of @code{q} . - -@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a -negative error value. -@end deftypefun diff --git a/doc/functions/dane_query_to_raw_tlsa.short b/doc/functions/dane_query_to_raw_tlsa.short deleted file mode 100644 index 88f7c08..0000000 --- a/doc/functions/dane_query_to_raw_tlsa.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{dane_query_to_raw_tlsa} (dane_query_t @var{q}, unsigned int * @var{data_entries}, char *** @var{dane_data}, int ** @var{dane_data_len}, int * @var{secure}, int * @var{bogus}) diff --git a/doc/functions/dane_raw_tlsa b/doc/functions/dane_raw_tlsa index 20dfb32..cefc0db 100644 --- a/doc/functions/dane_raw_tlsa +++ b/doc/functions/dane_raw_tlsa @@ -20,8 +20,7 @@ validation failed or the domain queried has no security info and the result is due to a security failure, bogus is true. This function will fill in the TLSA (DANE) structure from -the given raw DNS record data. The @code{dane_data} must be valid -during the lifetime of the query. +the given raw DNS record data. @strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/dane_verify_crt b/doc/functions/dane_verify_crt index dfaf25f..eb99190 100644 --- a/doc/functions/dane_verify_crt +++ b/doc/functions/dane_verify_crt @@ -29,17 +29,15 @@ If no information via DANE can be obtained the flag @code{DANE_VERIFY_NO_DANE_IN is set. If a DNSSEC signature is not available for the DANE record then the verify flag @code{DANE_VERIFY_NO_DNSSEC_DATA} is set. +Note that the CA constraint only applies for the directly certifying CA +and does not account for long CA chains. Moreover this function does not +validate the provided chain. + Due to the many possible options of DANE, there is no single threat model countered. When notifying the user about DANE verification results it may be better to mention: DANE verification did not reject the certificate, rather than mentioning a successful DANE verication. -Note that this function is designed to be run in addition to -PKIX - certificate chain - verification. To be run independently -the @code{DANE_VFLAG_ONLY_CHECK_EE_USAGE} flag should be specified; -then the function will check whether the key of the peer matches the -key advertized in the DANE entry. - If the @code{q} parameter is provided it will be used for caching entries. @strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a diff --git a/doc/functions/dane_verify_crt_raw b/doc/functions/dane_verify_crt_raw index 1f50dd1..bb6ec59 100644 --- a/doc/functions/dane_verify_crt_raw +++ b/doc/functions/dane_verify_crt_raw @@ -25,17 +25,14 @@ If no information via DANE can be obtained the flag @code{DANE_VERIFY_NO_DANE_IN is set. If a DNSSEC signature is not available for the DANE record then the verify flag @code{DANE_VERIFY_NO_DNSSEC_DATA} is set. +Note that the CA constraint only applies for the directly certifying CA +and does not account for long CA chains. + Due to the many possible options of DANE, there is no single threat model countered. When notifying the user about DANE verification results it may be better to mention: DANE verification did not reject the certificate, rather than mentioning a successful DANE verication. -Note that this function is designed to be run in addition to -PKIX - certificate chain - verification. To be run independently -the @code{DANE_VFLAG_ONLY_CHECK_EE_USAGE} flag should be specified; -then the function will check whether the key of the peer matches the -key advertized in the DANE entry. - If the @code{q} parameter is provided it will be used for caching entries. @strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a diff --git a/doc/functions/dane_verify_session_crt b/doc/functions/dane_verify_session_crt index 65270ae..73c2dcf 100644 --- a/doc/functions/dane_verify_session_crt +++ b/doc/functions/dane_verify_session_crt @@ -24,7 +24,7 @@ CA constrains and/or the certificate available via DANE. See @code{dane_verify_crt()} for more information. This will not verify the chain for validity; unless the DANE -verification is restricted to end certificates, this must be +verification is restricted to end certificates, this has to be performed separately using @code{gnutls_certificate_verify_peers3()} . @strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a diff --git a/doc/functions/gnutls_aead_cipher_decrypt b/doc/functions/gnutls_aead_cipher_decrypt deleted file mode 100644 index 56e3bbf..0000000 --- a/doc/functions/gnutls_aead_cipher_decrypt +++ /dev/null @@ -1,33 +0,0 @@ - - - -@deftypefun {int} {gnutls_aead_cipher_decrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t * @var{ptext_len}) -@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. - -@var{nonce}: the nonce to set - -@var{nonce_len}: The length of the nonce - -@var{auth}: the data to be authenticated - -@var{auth_len}: The length of the data - -@var{tag_size}: The size of the tag to use (use zero for the default) - -@var{ctext}: the data to decrypt - -@var{ctext_len}: the length of data to decrypt (includes tag size) - -@var{ptext}: the decrypted data - -@var{ptext_len}: the length of decrypted data (initially must hold the maximum available size) - -This function will decrypt the given data using the algorithm -specified by the context. This function must be provided the whole -data to be decrypted, including the tag, and will fail if the tag -verification fails. - -@strong{Returns:} Zero or a negative error code on error. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_decrypt.short b/doc/functions/gnutls_aead_cipher_decrypt.short deleted file mode 100644 index 88dda69..0000000 --- a/doc/functions/gnutls_aead_cipher_decrypt.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_aead_cipher_decrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t * @var{ptext_len}) diff --git a/doc/functions/gnutls_aead_cipher_deinit b/doc/functions/gnutls_aead_cipher_deinit deleted file mode 100644 index 97a4df8..0000000 --- a/doc/functions/gnutls_aead_cipher_deinit +++ /dev/null @@ -1,12 +0,0 @@ - - - - -@deftypefun {void} {gnutls_aead_cipher_deinit} (gnutls_aead_cipher_hd_t @var{handle}) -@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. - -This function will deinitialize all resources occupied by the given -authenticated-encryption context. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_deinit.short b/doc/functions/gnutls_aead_cipher_deinit.short deleted file mode 100644 index 7fd051f..0000000 --- a/doc/functions/gnutls_aead_cipher_deinit.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_aead_cipher_deinit} (gnutls_aead_cipher_hd_t @var{handle}) diff --git a/doc/functions/gnutls_aead_cipher_encrypt b/doc/functions/gnutls_aead_cipher_encrypt deleted file mode 100644 index ab8ed76..0000000 --- a/doc/functions/gnutls_aead_cipher_encrypt +++ /dev/null @@ -1,34 +0,0 @@ - - - - -@deftypefun {int} {gnutls_aead_cipher_encrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t * @var{ctext_len}) -@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. - -@var{nonce}: the nonce to set - -@var{nonce_len}: The length of the nonce - -@var{auth}: the data to be authenticated - -@var{auth_len}: The length of the data - -@var{tag_size}: The size of the tag to use (use zero for the default) - -@var{ptext}: the data to encrypt - -@var{ptext_len}: The length of data to encrypt - -@var{ctext}: the encrypted data - -@var{ctext_len}: the length of encrypted data (initially must hold the maximum available size, including space for tag) - -This function will encrypt the given data using the algorithm -specified by the context. The output data will contain the -authentication tag. This function requires that -@code{gnutls_aead_cipher_set_nonce()} is called before it. - -@strong{Returns:} Zero or a negative error code on error. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_encrypt.short b/doc/functions/gnutls_aead_cipher_encrypt.short deleted file mode 100644 index 8960ef4..0000000 --- a/doc/functions/gnutls_aead_cipher_encrypt.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_aead_cipher_encrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t * @var{ctext_len}) diff --git a/doc/functions/gnutls_aead_cipher_init b/doc/functions/gnutls_aead_cipher_init deleted file mode 100644 index 74f815f..0000000 --- a/doc/functions/gnutls_aead_cipher_init +++ /dev/null @@ -1,20 +0,0 @@ - - - - -@deftypefun {int} {gnutls_aead_cipher_init} (gnutls_aead_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}) -@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. - -@var{cipher}: the authenticated-encryption algorithm to use - -@var{key}: The key to be used for encryption - -This function will initialize an context that can be used for -encryption/decryption of data. This will effectively use the -current crypto backend in use by gnutls or the cryptographic -accelerator in use. - -@strong{Returns:} Zero or a negative error code on error. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_init.short b/doc/functions/gnutls_aead_cipher_init.short deleted file mode 100644 index 4b74a2f..0000000 --- a/doc/functions/gnutls_aead_cipher_init.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_aead_cipher_init} (gnutls_aead_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}) diff --git a/doc/functions/gnutls_alert_get b/doc/functions/gnutls_alert_get index 04cb621..2837fec 100644 --- a/doc/functions/gnutls_alert_get +++ b/doc/functions/gnutls_alert_get @@ -2,7 +2,7 @@ @deftypefun {gnutls_alert_description_t} {gnutls_alert_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function will return the last alert number received. This function should be called when @code{GNUTLS_E_WARNING_ALERT_RECEIVED} or diff --git a/doc/functions/gnutls_alert_send b/doc/functions/gnutls_alert_send index 1a751f0..42ad008 100644 --- a/doc/functions/gnutls_alert_send +++ b/doc/functions/gnutls_alert_send @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_alert_send} (gnutls_session_t @var{session}, gnutls_alert_level_t @var{level}, gnutls_alert_description_t @var{desc}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{level}: is the level of the alert diff --git a/doc/functions/gnutls_alert_send_appropriate b/doc/functions/gnutls_alert_send_appropriate index 358af68..da9db44 100644 --- a/doc/functions/gnutls_alert_send_appropriate +++ b/doc/functions/gnutls_alert_send_appropriate @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_alert_send_appropriate} (gnutls_session_t @var{session}, int @var{err}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{err}: is an integer diff --git a/doc/functions/gnutls_alpn_get_selected_protocol b/doc/functions/gnutls_alpn_get_selected_protocol index 5fc52f2..6cb8651 100644 --- a/doc/functions/gnutls_alpn_get_selected_protocol +++ b/doc/functions/gnutls_alpn_get_selected_protocol @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_alpn_get_selected_protocol} (gnutls_session_t @var{session}, gnutls_datum_t * @var{protocol}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{protocol}: will hold the protocol name @@ -11,11 +11,8 @@ This function allows you to get the negotiated protocol name. The returned protocol should be treated as opaque, constant value and only valid during the session life. -The selected protocol is the first supported by the list sent -by the client. - @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error code is returned. -Since 3.2.0 +Since 3.1.11 @end deftypefun diff --git a/doc/functions/gnutls_alpn_set_protocols b/doc/functions/gnutls_alpn_set_protocols index 66a21b8..b81a41a 100644 --- a/doc/functions/gnutls_alpn_set_protocols +++ b/doc/functions/gnutls_alpn_set_protocols @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_alpn_set_protocols} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{protocols}, unsigned @var{protocols_size}, unsigned int @var{flags}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{protocols}: is the protocol names to add. @@ -12,7 +12,7 @@ @var{flags}: zero or @code{GNUTLS_ALPN_} * This function is to be used by both clients and servers, to declare -the supported ALPN protocols, which are used during negotiation with peer. +the supported ALPN protocols, which are used during peer negotiation. If @code{GNUTLS_ALPN_MAND} is specified the connection will be aborted if no matching ALPN protocol is found. @@ -20,5 +20,5 @@ if no matching ALPN protocol is found. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error code is returned. -Since 3.2.0 +Since 3.1.11 @end deftypefun diff --git a/doc/functions/gnutls_anon_allocate_client_credentials b/doc/functions/gnutls_anon_allocate_client_credentials index 5caffa3..37c9fcd 100644 --- a/doc/functions/gnutls_anon_allocate_client_credentials +++ b/doc/functions/gnutls_anon_allocate_client_credentials @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_anon_allocate_client_credentials} (gnutls_anon_client_credentials_t * @var{sc}) -@var{sc}: is a pointer to a @code{gnutls_anon_client_credentials_t} type. +@var{sc}: is a pointer to a @code{gnutls_anon_client_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to allocate it. diff --git a/doc/functions/gnutls_anon_allocate_server_credentials b/doc/functions/gnutls_anon_allocate_server_credentials index b8aa917..c7f2981 100644 --- a/doc/functions/gnutls_anon_allocate_server_credentials +++ b/doc/functions/gnutls_anon_allocate_server_credentials @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_anon_allocate_server_credentials} (gnutls_anon_server_credentials_t * @var{sc}) -@var{sc}: is a pointer to a @code{gnutls_anon_server_credentials_t} type. +@var{sc}: is a pointer to a @code{gnutls_anon_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to allocate it. diff --git a/doc/functions/gnutls_anon_free_client_credentials b/doc/functions/gnutls_anon_free_client_credentials index 3ff3d14..bb77806 100644 --- a/doc/functions/gnutls_anon_free_client_credentials +++ b/doc/functions/gnutls_anon_free_client_credentials @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_anon_free_client_credentials} (gnutls_anon_client_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_anon_client_credentials_t} type. +@var{sc}: is a @code{gnutls_anon_client_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to free (deallocate) it. diff --git a/doc/functions/gnutls_anon_free_server_credentials b/doc/functions/gnutls_anon_free_server_credentials index 038ddd4..8704962 100644 --- a/doc/functions/gnutls_anon_free_server_credentials +++ b/doc/functions/gnutls_anon_free_server_credentials @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_anon_free_server_credentials} (gnutls_anon_server_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_anon_server_credentials_t} type. +@var{sc}: is a @code{gnutls_anon_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to free (deallocate) it. diff --git a/doc/functions/gnutls_anon_set_params_function b/doc/functions/gnutls_anon_set_params_function index 94868b6..a12028e 100644 --- a/doc/functions/gnutls_anon_set_params_function +++ b/doc/functions/gnutls_anon_set_params_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_anon_set_params_function} (gnutls_anon_server_credentials_t @var{res}, gnutls_params_function * @var{func}) -@var{res}: is a gnutls_anon_server_credentials_t type +@var{res}: is a gnutls_anon_server_credentials_t structure @var{func}: is the function to be called diff --git a/doc/functions/gnutls_anon_set_server_dh_params b/doc/functions/gnutls_anon_set_server_dh_params index 15188cc..9e66ee0 100644 --- a/doc/functions/gnutls_anon_set_server_dh_params +++ b/doc/functions/gnutls_anon_set_server_dh_params @@ -3,9 +3,9 @@ @deftypefun {void} {gnutls_anon_set_server_dh_params} (gnutls_anon_server_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) -@var{res}: is a gnutls_anon_server_credentials_t type +@var{res}: is a gnutls_anon_server_credentials_t structure -@var{dh_params}: The Diffie-Hellman parameters. +@var{dh_params}: is a structure that holds Diffie-Hellman parameters. This function will set the Diffie-Hellman parameters for an anonymous server to use. These parameters will be used in diff --git a/doc/functions/gnutls_anon_set_server_params_function b/doc/functions/gnutls_anon_set_server_params_function index e4a1d09..04017d6 100644 --- a/doc/functions/gnutls_anon_set_server_params_function +++ b/doc/functions/gnutls_anon_set_server_params_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_anon_set_server_params_function} (gnutls_anon_server_credentials_t @var{res}, gnutls_params_function * @var{func}) -@var{res}: is a gnutls_certificate_credentials_t type +@var{res}: is a gnutls_certificate_credentials_t structure @var{func}: is the function to be called diff --git a/doc/functions/gnutls_auth_client_get_type b/doc/functions/gnutls_auth_client_get_type index 9e7ba5a..cf17f57 100644 --- a/doc/functions/gnutls_auth_client_get_type +++ b/doc/functions/gnutls_auth_client_get_type @@ -3,7 +3,7 @@ @deftypefun {gnutls_credentials_type_t} {gnutls_auth_client_get_type} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Returns the type of credentials that were used for client authentication. The returned information is to be used to distinguish the function used diff --git a/doc/functions/gnutls_auth_get_type b/doc/functions/gnutls_auth_get_type index 734deb8..237c397 100644 --- a/doc/functions/gnutls_auth_get_type +++ b/doc/functions/gnutls_auth_get_type @@ -3,7 +3,7 @@ @deftypefun {gnutls_credentials_type_t} {gnutls_auth_get_type} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Returns type of credentials for the current authentication schema. The returned information is to be used to distinguish the function used diff --git a/doc/functions/gnutls_auth_server_get_type b/doc/functions/gnutls_auth_server_get_type index da9eb23..18b9223 100644 --- a/doc/functions/gnutls_auth_server_get_type +++ b/doc/functions/gnutls_auth_server_get_type @@ -3,7 +3,7 @@ @deftypefun {gnutls_credentials_type_t} {gnutls_auth_server_get_type} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Returns the type of credentials that were used for server authentication. The returned information is to be used to distinguish the function used diff --git a/doc/functions/gnutls_buffer_append_data b/doc/functions/gnutls_buffer_append_data deleted file mode 100644 index e728f9b..0000000 --- a/doc/functions/gnutls_buffer_append_data +++ /dev/null @@ -1,17 +0,0 @@ - - - - -@deftypefun {int} {gnutls_buffer_append_data} (gnutls_buffer_t @var{dest}, const void * @var{data}, size_t @var{data_size}) -@var{dest}: the buffer to append to - -@var{data}: the data - -@var{data_size}: the size of @code{data} - -Appends the provided @code{data} to the destination buffer. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_buffer_append_data.short b/doc/functions/gnutls_buffer_append_data.short deleted file mode 100644 index 26d8385..0000000 --- a/doc/functions/gnutls_buffer_append_data.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_buffer_append_data} (gnutls_buffer_t @var{dest}, const void * @var{data}, size_t @var{data_size}) diff --git a/doc/functions/gnutls_bye b/doc/functions/gnutls_bye index 5e909d6..0e9fa3c 100644 --- a/doc/functions/gnutls_bye +++ b/doc/functions/gnutls_bye @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_bye} (gnutls_session_t @var{session}, gnutls_close_request_t @var{how}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{how}: is an integer diff --git a/doc/functions/gnutls_certificate_allocate_credentials b/doc/functions/gnutls_certificate_allocate_credentials index 6f1f7bf..a183b7e 100644 --- a/doc/functions/gnutls_certificate_allocate_credentials +++ b/doc/functions/gnutls_certificate_allocate_credentials @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_allocate_credentials} (gnutls_certificate_credentials_t * @var{res}) -@var{res}: is a pointer to a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a pointer to a @code{gnutls_certificate_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to allocate it. diff --git a/doc/functions/gnutls_certificate_client_set_retrieve_function b/doc/functions/gnutls_certificate_client_set_retrieve_function new file mode 100644 index 0000000..fabebce --- /dev/null +++ b/doc/functions/gnutls_certificate_client_set_retrieve_function @@ -0,0 +1,37 @@ + + + +@deftypefun {void} {gnutls_certificate_client_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_client_retrieve_function * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. + +@var{func}: is the callback function + +This function sets a callback to be called in order to retrieve the +certificate to be used in the handshake. +You are advised to use @code{gnutls_certificate_set_retrieve_function2()} because it +is much more efficient in the processing it requires from gnutls. + +The callback's function prototype is: +int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, +const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st); + + @code{req_ca_cert} is only used in X.509 certificates. +Contains a list with the CA names that the server considers trusted. +Normally we should send a certificate that is signed +by one of these CAs. These names are DER encoded. To get a more +meaningful value use the function @code{gnutls_x509_rdn_get()} . + + @code{pk_algos} contains a list with server's acceptable signature algorithms. +The certificate returned should support the server's given algorithms. + + @code{st} should contain the certificates and private keys. + +If the callback function is provided then gnutls will call it, in the +handshake, if a certificate is requested by the server (and after the +certificate request message has been received). + +The callback function should set the certificate list to be sent, +and return 0 on success. If no certificate was selected then the +number of certificates should be set to zero. The value (-1) +indicates error and the handshake will be terminated. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_client_set_retrieve_function.short b/doc/functions/gnutls_certificate_client_set_retrieve_function.short new file mode 100644 index 0000000..c64cb65 --- /dev/null +++ b/doc/functions/gnutls_certificate_client_set_retrieve_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_client_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_client_retrieve_function * @var{func}) diff --git a/doc/functions/gnutls_certificate_free_ca_names b/doc/functions/gnutls_certificate_free_ca_names index 7663062..ce8b5dc 100644 --- a/doc/functions/gnutls_certificate_free_ca_names +++ b/doc/functions/gnutls_certificate_free_ca_names @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_certificate_free_ca_names} (gnutls_certificate_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. This function will delete all the CA name in the given credentials. Clients may call this to save some memory since in diff --git a/doc/functions/gnutls_certificate_free_cas b/doc/functions/gnutls_certificate_free_cas index e04cf58..0935f92 100644 --- a/doc/functions/gnutls_certificate_free_cas +++ b/doc/functions/gnutls_certificate_free_cas @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_certificate_free_cas} (gnutls_certificate_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. This function will delete all the CAs associated with the given credentials. Servers that do not use diff --git a/doc/functions/gnutls_certificate_free_credentials b/doc/functions/gnutls_certificate_free_credentials index 9f65ecf..b071129 100644 --- a/doc/functions/gnutls_certificate_free_credentials +++ b/doc/functions/gnutls_certificate_free_credentials @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_certificate_free_credentials} (gnutls_certificate_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to free (deallocate) it. diff --git a/doc/functions/gnutls_certificate_free_crls b/doc/functions/gnutls_certificate_free_crls index 7c13239..4c5afee 100644 --- a/doc/functions/gnutls_certificate_free_crls +++ b/doc/functions/gnutls_certificate_free_crls @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_certificate_free_crls} (gnutls_certificate_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. This function will delete all the CRLs associated with the given credentials. diff --git a/doc/functions/gnutls_certificate_free_keys b/doc/functions/gnutls_certificate_free_keys index d7e04ee..9dbf8db 100644 --- a/doc/functions/gnutls_certificate_free_keys +++ b/doc/functions/gnutls_certificate_free_keys @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_certificate_free_keys} (gnutls_certificate_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. This function will delete all the keys and the certificates associated with the given credentials. This function must not be called when a diff --git a/doc/functions/gnutls_certificate_get_crt_raw b/doc/functions/gnutls_certificate_get_crt_raw index 312af3f..99de431 100644 --- a/doc/functions/gnutls_certificate_get_crt_raw +++ b/doc/functions/gnutls_certificate_get_crt_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_get_crt_raw} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx1}, unsigned @var{idx2}, gnutls_datum_t * @var{cert}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. @var{idx1}: the index of the certificate if multiple are present diff --git a/doc/functions/gnutls_certificate_get_issuer b/doc/functions/gnutls_certificate_get_issuer index fe18148..b808ebc 100644 --- a/doc/functions/gnutls_certificate_get_issuer +++ b/doc/functions/gnutls_certificate_get_issuer @@ -3,18 +3,15 @@ @deftypefun {int} {gnutls_certificate_get_issuer} (gnutls_certificate_credentials_t @var{sc}, gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. @var{cert}: is the certificate to find issuer for @var{issuer}: Will hold the issuer if any. Should be treated as constant. -@var{flags}: Use zero or @code{GNUTLS_TL_GET_COPY} +@var{flags}: Use zero. This function will return the issuer of a given certificate. -As with @code{gnutls_x509_trust_list_get_issuer()} this function requires -the @code{GNUTLS_TL_GET_COPY} flag in order to operate with PKCS @code{11} trust -lists. In that case the issuer must be freed using @code{gnutls_x509_crt_deinit()} . @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_certificate_get_openpgp_crt b/doc/functions/gnutls_certificate_get_openpgp_crt deleted file mode 100644 index df65275..0000000 --- a/doc/functions/gnutls_certificate_get_openpgp_crt +++ /dev/null @@ -1,31 +0,0 @@ - - - -@deftypefun {int} {gnutls_certificate_get_openpgp_crt} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_openpgp_crt_t ** @var{crt_list}, unsigned * @var{crt_list_size}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. - -@var{index}: The index of the certificate list to obtain. - -@var{crt_list}: Where to store the certificate list. - -@var{crt_list_size}: -- undescribed -- - -Obtains a X.509 certificate list that has been stored in @code{res} with one of -@code{gnutls_certificate_set_openpgp_key()} , -@code{gnutls_certificate_set_openpgp_key_file()} , -@code{gnutls_certificate_set_openpgp_key_file2()} , -@code{gnutls_certificate_set_openpgp_key_mem()} , or -@code{gnutls_certificate_set_openpgp_key_mem2()} . Each certificate in the -returned certificate list must be deallocated with -@code{gnutls_openpgp_crt_deinit()} , and the list itself must be freed with -@code{gnutls_free()} . - -If there is no certificate with the given index, -@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. If the certificate -with the given index is not a X.509 certificate, @code{GNUTLS_E_INVALID_REQUEST} -is returned. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_openpgp_crt.short b/doc/functions/gnutls_certificate_get_openpgp_crt.short deleted file mode 100644 index ce48008..0000000 --- a/doc/functions/gnutls_certificate_get_openpgp_crt.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_certificate_get_openpgp_crt} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_openpgp_crt_t ** @var{crt_list}, unsigned * @var{crt_list_size}) diff --git a/doc/functions/gnutls_certificate_get_openpgp_key b/doc/functions/gnutls_certificate_get_openpgp_key deleted file mode 100644 index 690db0f..0000000 --- a/doc/functions/gnutls_certificate_get_openpgp_key +++ /dev/null @@ -1,28 +0,0 @@ - - - - -@deftypefun {int} {gnutls_certificate_get_openpgp_key} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_openpgp_privkey_t * @var{key}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. - -@var{index}: The index of the key to obtain. - -@var{key}: Location to store the key. - -Obtains a OpenPGP private key that has been stored in @code{res} with one of -@code{gnutls_certificate_set_openpgp_key()} , -@code{gnutls_certificate_set_openpgp_key_file()} , -@code{gnutls_certificate_set_openpgp_key_file2()} , -@code{gnutls_certificate_set_openpgp_key_mem()} , or -@code{gnutls_certificate_set_openpgp_key_mem2()} . -The returned key must be deallocated with @code{gnutls_openpgp_privkey_deinit()} -when no longer needed. - -If there is no key with the given index, -@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. If the key with the -given index is not a X.509 key, @code{GNUTLS_E_INVALID_REQUEST} is returned. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_openpgp_key.short b/doc/functions/gnutls_certificate_get_openpgp_key.short deleted file mode 100644 index e1731bb..0000000 --- a/doc/functions/gnutls_certificate_get_openpgp_key.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_certificate_get_openpgp_key} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_openpgp_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_certificate_get_peers b/doc/functions/gnutls_certificate_get_peers index a69471c..39d05a8 100644 --- a/doc/functions/gnutls_certificate_get_peers +++ b/doc/functions/gnutls_certificate_get_peers @@ -16,7 +16,7 @@ issuer's certificate, then the issuer's issuer etc. In case of OpenPGP keys a single key will be returned in raw format. -@strong{Returns:} a pointer to a @code{gnutls_datum_t} containing the peer's +@strong{Returns:} a pointer to a @code{gnutls_datum_t} containing our certificates, or @code{NULL} in case of an error or if no certificate was used. @end deftypefun diff --git a/doc/functions/gnutls_certificate_get_trust_list b/doc/functions/gnutls_certificate_get_trust_list deleted file mode 100644 index 71f002c..0000000 --- a/doc/functions/gnutls_certificate_get_trust_list +++ /dev/null @@ -1,15 +0,0 @@ - - - -@deftypefun {void} {gnutls_certificate_get_trust_list} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_trust_list_t * @var{tlist}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. - -@var{tlist}: Location where to store the trust list. - -Obtains the list of trusted certificates stored in @code{res} and writes a -pointer to it to the location @code{tlist} . The pointer will point to memory -internal to @code{res} , and must not be deinitialized. It will be automatically -deallocated when the @code{res} structure is deinitialized. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_trust_list.short b/doc/functions/gnutls_certificate_get_trust_list.short deleted file mode 100644 index c2e6ed9..0000000 --- a/doc/functions/gnutls_certificate_get_trust_list.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_certificate_get_trust_list} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_trust_list_t * @var{tlist}) diff --git a/doc/functions/gnutls_certificate_get_verify_flags b/doc/functions/gnutls_certificate_get_verify_flags deleted file mode 100644 index 2faef02..0000000 --- a/doc/functions/gnutls_certificate_get_verify_flags +++ /dev/null @@ -1,14 +0,0 @@ - - - - -@deftypefun {unsigned int} {gnutls_certificate_get_verify_flags} (gnutls_certificate_credentials_t @var{res}) -@var{res}: is a gnutls_certificate_credentials_t type - -Returns the verification flags set with -@code{gnutls_certificate_set_verify_flags()} . - -@strong{Returns:} The certificate verification flags used by @code{res} . - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_verify_flags.short b/doc/functions/gnutls_certificate_get_verify_flags.short deleted file mode 100644 index c3db99f..0000000 --- a/doc/functions/gnutls_certificate_get_verify_flags.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{unsigned int} @ref{gnutls_certificate_get_verify_flags} (gnutls_certificate_credentials_t @var{res}) diff --git a/doc/functions/gnutls_certificate_get_x509_crt b/doc/functions/gnutls_certificate_get_x509_crt deleted file mode 100644 index e0a1636..0000000 --- a/doc/functions/gnutls_certificate_get_x509_crt +++ /dev/null @@ -1,32 +0,0 @@ - - - - -@deftypefun {int} {gnutls_certificate_get_x509_crt} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_crt_t ** @var{crt_list}, unsigned * @var{crt_list_size}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. - -@var{index}: The index of the certificate list to obtain. - -@var{crt_list}: Where to store the certificate list. - -@var{crt_list_size}: Will hold the number of certificates. - -Obtains a X.509 certificate list that has been stored in @code{res} with one of -@code{gnutls_certificate_set_x509_key()} , @code{gnutls_certificate_set_key()} , -@code{gnutls_certificate_set_x509_key_file()} , -@code{gnutls_certificate_set_x509_key_file2()} , -@code{gnutls_certificate_set_x509_key_mem()} , or -@code{gnutls_certificate_set_x509_key_mem2()} . Each certificate in the returned -certificate list must be deallocated with @code{gnutls_x509_crt_deinit()} , and the -list itself must be freed with @code{gnutls_free()} . - -If there is no certificate with the given index, -@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. If the certificate -with the given index is not a X.509 certificate, @code{GNUTLS_E_INVALID_REQUEST} -is returned. The returned certificates must be deinitialized after -use, and the @code{crt_list} pointer must be freed using @code{gnutls_free()} . - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_x509_crt.short b/doc/functions/gnutls_certificate_get_x509_crt.short deleted file mode 100644 index 43698e5..0000000 --- a/doc/functions/gnutls_certificate_get_x509_crt.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_certificate_get_x509_crt} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_crt_t ** @var{crt_list}, unsigned * @var{crt_list_size}) diff --git a/doc/functions/gnutls_certificate_get_x509_key b/doc/functions/gnutls_certificate_get_x509_key deleted file mode 100644 index bbe0ab7..0000000 --- a/doc/functions/gnutls_certificate_get_x509_key +++ /dev/null @@ -1,27 +0,0 @@ - - - - -@deftypefun {int} {gnutls_certificate_get_x509_key} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_privkey_t * @var{key}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. - -@var{index}: The index of the key to obtain. - -@var{key}: Location to store the key. - -Obtains a X.509 private key that has been stored in @code{res} with one of -@code{gnutls_certificate_set_x509_key()} , @code{gnutls_certificate_set_key()} , -@code{gnutls_certificate_set_x509_key_file()} , -@code{gnutls_certificate_set_x509_key_file2()} , -@code{gnutls_certificate_set_x509_key_mem()} , or -@code{gnutls_certificate_set_x509_key_mem2()} . The returned key must be deallocated -with @code{gnutls_x509_privkey_deinit()} when no longer needed. - -If there is no key with the given index, -@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. If the key with the -given index is not a X.509 key, @code{GNUTLS_E_INVALID_REQUEST} is returned. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_x509_key.short b/doc/functions/gnutls_certificate_get_x509_key.short deleted file mode 100644 index 73bcd73..0000000 --- a/doc/functions/gnutls_certificate_get_x509_key.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_certificate_get_x509_key} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_certificate_send_x509_rdn_sequence b/doc/functions/gnutls_certificate_send_x509_rdn_sequence index 1f83af6..71db033 100644 --- a/doc/functions/gnutls_certificate_send_x509_rdn_sequence +++ b/doc/functions/gnutls_certificate_send_x509_rdn_sequence @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_certificate_send_x509_rdn_sequence} (gnutls_session_t @var{session}, int @var{status}) -@var{session}: a @code{gnutls_session_t} type. +@var{session}: is a pointer to a @code{gnutls_session_t} structure. @var{status}: is 0 or 1 diff --git a/doc/functions/gnutls_certificate_server_set_request b/doc/functions/gnutls_certificate_server_set_request index 3d7b14d..ba83ff2 100644 --- a/doc/functions/gnutls_certificate_server_set_request +++ b/doc/functions/gnutls_certificate_server_set_request @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_certificate_server_set_request} (gnutls_session_t @var{session}, gnutls_certificate_request_t @var{req}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{req}: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE diff --git a/doc/functions/gnutls_certificate_server_set_retrieve_function b/doc/functions/gnutls_certificate_server_set_retrieve_function new file mode 100644 index 0000000..4a9e2a7 --- /dev/null +++ b/doc/functions/gnutls_certificate_server_set_retrieve_function @@ -0,0 +1,26 @@ + + + + +@deftypefun {void} {gnutls_certificate_server_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_server_retrieve_function * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. + +@var{func}: is the callback function + +This function sets a callback to be called in order to retrieve the +certificate to be used in the handshake. +You are advised to use @code{gnutls_certificate_set_retrieve_function2()} because it +is much more efficient in the processing it requires from gnutls. + +The callback's function prototype is: +int (*callback)(gnutls_session_t, gnutls_retr_st* st); + + @code{st} should contain the certificates and private keys. + +If the callback function is provided then gnutls will call it, in the +handshake, after the certificate request message has been received. + +The callback function should set the certificate list to be sent, and +return 0 on success. The value (-1) indicates error and the handshake +will be terminated. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_server_set_retrieve_function.short b/doc/functions/gnutls_certificate_server_set_retrieve_function.short new file mode 100644 index 0000000..d85cbad --- /dev/null +++ b/doc/functions/gnutls_certificate_server_set_retrieve_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_server_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_server_retrieve_function * @var{func}) diff --git a/doc/functions/gnutls_certificate_set_dh_params b/doc/functions/gnutls_certificate_set_dh_params index d4dc8ac..9c85c35 100644 --- a/doc/functions/gnutls_certificate_set_dh_params +++ b/doc/functions/gnutls_certificate_set_dh_params @@ -3,9 +3,9 @@ @deftypefun {void} {gnutls_certificate_set_dh_params} (gnutls_certificate_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) -@var{res}: is a gnutls_certificate_credentials_t type +@var{res}: is a gnutls_certificate_credentials_t structure -@var{dh_params}: the Diffie-Hellman parameters. +@var{dh_params}: is a structure that holds Diffie-Hellman parameters. This function will set the Diffie-Hellman parameters for a certificate server to use. These parameters will be used in diff --git a/doc/functions/gnutls_certificate_set_flags b/doc/functions/gnutls_certificate_set_flags deleted file mode 100644 index bf86b67..0000000 --- a/doc/functions/gnutls_certificate_set_flags +++ /dev/null @@ -1,15 +0,0 @@ - - - - -@deftypefun {void} {gnutls_certificate_set_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) -@var{res}: is a gnutls_certificate_credentials_t type - -@var{flags}: are the flags of @code{gnutls_certificate_flags} type - -This function will set flags to tweak the operation of -the credentials structure. See the @code{gnutls_certificate_flags} enumerations -for more information on the available flags. - -@strong{Since:} 3.4.7 -@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_flags.short b/doc/functions/gnutls_certificate_set_flags.short deleted file mode 100644 index 9e5734a..0000000 --- a/doc/functions/gnutls_certificate_set_flags.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_certificate_set_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_set_key b/doc/functions/gnutls_certificate_set_key index 83ae3a6..571fb8f 100644 --- a/doc/functions/gnutls_certificate_set_key +++ b/doc/functions/gnutls_certificate_set_key @@ -2,7 +2,7 @@ @deftypefun {int} {gnutls_certificate_set_key} (gnutls_certificate_credentials_t @var{res}, const char ** @var{names}, int @var{names_size}, gnutls_pcert_st * @var{pcert_list}, int @var{pcert_list_size}, gnutls_privkey_t @var{key}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{names}: is an array of DNS name of the certificate (NULL if none) @@ -15,7 +15,7 @@ @var{key}: is a @code{gnutls_privkey_t} key This function sets a certificate/private key pair in the -gnutls_certificate_credentials_t type. This function may be +gnutls_certificate_credentials_t structure. This function may be called more than once, in case multiple keys/certificates exist for the server. For clients that wants to send more than its own end entity certificate (e.g., also an intermediate CA cert) then put @@ -23,10 +23,7 @@ the certificate chain in @code{pcert_list} . Note that the @code{pcert_list} and @code{key} will become part of the credentials structure and must not be deallocated. They will be automatically deallocated -when the @code{res} type is deinitialized. - -If that function fails to load the @code{res} structure is at an undefined state, it must -not be reused to load other keys or certificates. +when the @code{res} structure is deinitialized. @strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_function b/doc/functions/gnutls_certificate_set_ocsp_status_request_function index 55f62af..4bc5c4f 100644 --- a/doc/functions/gnutls_certificate_set_ocsp_status_request_function +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_certificate_set_ocsp_status_request_function} (gnutls_certificate_credentials_t @var{sc}, gnutls_status_request_ocsp_func @var{ocsp_func}, void * @var{ptr}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. @var{ocsp_func}: function pointer to OCSP status request callback. diff --git a/doc/functions/gnutls_certificate_set_openpgp_key b/doc/functions/gnutls_certificate_set_openpgp_key index 33e25c3..678a951 100644 --- a/doc/functions/gnutls_certificate_set_openpgp_key +++ b/doc/functions/gnutls_certificate_set_openpgp_key @@ -1,16 +1,15 @@ - @deftypefun {int} {gnutls_certificate_set_openpgp_key} (gnutls_certificate_credentials_t @var{res}, gnutls_openpgp_crt_t @var{crt}, gnutls_openpgp_privkey_t @var{pkey}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{crt}: contains an openpgp public key @var{pkey}: is an openpgp private key This function sets a certificate/private key pair in the -gnutls_certificate_credentials_t type. This function may be +gnutls_certificate_credentials_t structure. This function may be called more than once (in case multiple keys/certificates exist for the server). diff --git a/doc/functions/gnutls_certificate_set_openpgp_key_file b/doc/functions/gnutls_certificate_set_openpgp_key_file index 699291a..5e401e3 100644 --- a/doc/functions/gnutls_certificate_set_openpgp_key_file +++ b/doc/functions/gnutls_certificate_set_openpgp_key_file @@ -11,7 +11,7 @@ @var{format}: the format of the keys -This function is used to load OpenPGP keys into the GnuTLS +This funtion is used to load OpenPGP keys into the GnuTLS credentials structure. The file should contain at least one valid non encrypted subkey. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a diff --git a/doc/functions/gnutls_certificate_set_openpgp_key_file2 b/doc/functions/gnutls_certificate_set_openpgp_key_file2 index f3586c8..626e227 100644 --- a/doc/functions/gnutls_certificate_set_openpgp_key_file2 +++ b/doc/functions/gnutls_certificate_set_openpgp_key_file2 @@ -13,7 +13,7 @@ @var{format}: the format of the keys -This function is used to load OpenPGP keys into the GnuTLS credential +This funtion is used to load OpenPGP keys into the GnuTLS credential structure. The file should contain at least one valid non encrypted subkey. The special keyword "auto" is also accepted as @code{subkey_id} . In that diff --git a/doc/functions/gnutls_certificate_set_openpgp_key_mem b/doc/functions/gnutls_certificate_set_openpgp_key_mem index 18d62fa..b97c528 100644 --- a/doc/functions/gnutls_certificate_set_openpgp_key_mem +++ b/doc/functions/gnutls_certificate_set_openpgp_key_mem @@ -11,7 +11,7 @@ @var{format}: the format of the keys -This function is used to load OpenPGP keys into the GnuTLS credential +This funtion is used to load OpenPGP keys into the GnuTLS credential structure. The datum should contain at least one valid non encrypted subkey. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a diff --git a/doc/functions/gnutls_certificate_set_openpgp_key_mem2 b/doc/functions/gnutls_certificate_set_openpgp_key_mem2 index db9d50f..db5b28a 100644 --- a/doc/functions/gnutls_certificate_set_openpgp_key_mem2 +++ b/doc/functions/gnutls_certificate_set_openpgp_key_mem2 @@ -13,7 +13,7 @@ @var{format}: the format of the keys -This function is used to load OpenPGP keys into the GnuTLS +This funtion is used to load OpenPGP keys into the GnuTLS credentials structure. The datum should contain at least one valid non encrypted subkey. The special keyword "auto" is also accepted as @code{subkey_id} . In that diff --git a/doc/functions/gnutls_certificate_set_params_function b/doc/functions/gnutls_certificate_set_params_function index ceeffaf..81b980e 100644 --- a/doc/functions/gnutls_certificate_set_params_function +++ b/doc/functions/gnutls_certificate_set_params_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_certificate_set_params_function} (gnutls_certificate_credentials_t @var{res}, gnutls_params_function * @var{func}) -@var{res}: is a gnutls_certificate_credentials_t type +@var{res}: is a gnutls_certificate_credentials_t structure @var{func}: is the function to be called diff --git a/doc/functions/gnutls_certificate_set_pin_function b/doc/functions/gnutls_certificate_set_pin_function index 1d0db50..495a50a 100644 --- a/doc/functions/gnutls_certificate_set_pin_function +++ b/doc/functions/gnutls_certificate_set_pin_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_certificate_set_pin_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) -@var{cred}: is a @code{gnutls_certificate_credentials_t} type. +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. @var{fn}: A PIN callback diff --git a/doc/functions/gnutls_certificate_set_retrieve_function b/doc/functions/gnutls_certificate_set_retrieve_function index 0d1f033..201892e 100644 --- a/doc/functions/gnutls_certificate_set_retrieve_function +++ b/doc/functions/gnutls_certificate_set_retrieve_function @@ -3,13 +3,12 @@ @deftypefun {void} {gnutls_certificate_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function * @var{func}) -@var{cred}: is a @code{gnutls_certificate_credentials_t} type. +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. @var{func}: is the callback function This function sets a callback to be called in order to retrieve the -certificate to be used in the handshake. The callback will take control -only if a certificate is requested by the peer. You are advised +certificate to be used in the handshake. You are advised to use @code{gnutls_certificate_set_retrieve_function2()} because it is much more efficient in the processing it requires from gnutls. @@ -17,10 +16,10 @@ The callback's function prototype is: int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st); - @code{req_ca_dn} is only used in X.509 certificates. + @code{req_ca_cert} is only used in X.509 certificates. Contains a list with the CA names that the server considers trusted. -This is a hint and typically the client should send a certificate that is signed -by one of these CAs. These names, when available, are DER encoded. To get a more +Normally we should send a certificate that is signed +by one of these CAs. These names are DER encoded. To get a more meaningful value use the function @code{gnutls_x509_rdn_get()} . @code{pk_algos} contains a list with server's acceptable signature algorithms. @@ -36,9 +35,7 @@ In server side pk_algos and req_ca_dn are NULL. The callback function should set the certificate list to be sent, and return 0 on success. If no certificate was selected then the number of certificates should be set to zero. The value (-1) -indicates error and the handshake will be terminated. If both certificates -are set in the credentials and a callback is available, the callback -takes predence. +indicates error and the handshake will be terminated. @strong{Since:} 3.0 @end deftypefun diff --git a/doc/functions/gnutls_certificate_set_retrieve_function2 b/doc/functions/gnutls_certificate_set_retrieve_function2 index 147f5f3..8c63845 100644 --- a/doc/functions/gnutls_certificate_set_retrieve_function2 +++ b/doc/functions/gnutls_certificate_set_retrieve_function2 @@ -3,29 +3,28 @@ @deftypefun {void} {gnutls_certificate_set_retrieve_function2} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function2 * @var{func}) -@var{cred}: is a @code{gnutls_certificate_credentials_t} type. +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. @var{func}: is the callback function This function sets a callback to be called in order to retrieve the -certificate to be used in the handshake. The callback will take control -only if a certificate is requested by the peer. +certificate to be used in the handshake. The callback's function prototype is: int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_pcert_st** pcert, unsigned int *pcert_length, gnutls_privkey_t * pkey); - @code{req_ca_dn} is only used in X.509 certificates. + @code{req_ca_cert} is only used in X.509 certificates. Contains a list with the CA names that the server considers trusted. -This is a hint and typically the client should send a certificate that is signed -by one of these CAs. These names, when available, are DER encoded. To get a more +Normally we should send a certificate that is signed +by one of these CAs. These names are DER encoded. To get a more meaningful value use the function @code{gnutls_x509_rdn_get()} . @code{pk_algos} contains a list with server's acceptable signature algorithms. The certificate returned should support the server's given algorithms. - @code{pcert} should contain a single certificate and public key or a list of them. + @code{pcert} should contain a single certificate and public or a list of them. @code{pcert_length} is the size of the previous list. @@ -33,17 +32,13 @@ The certificate returned should support the server's given algorithms. If the callback function is provided then gnutls will call it, in the handshake, after the certificate request message has been received. -All the provided by the callback values will not be released or -modified by gnutls. In server side pk_algos and req_ca_dn are NULL. The callback function should set the certificate list to be sent, and return 0 on success. If no certificate was selected then the number of certificates should be set to zero. The value (-1) -indicates error and the handshake will be terminated. If both certificates -are set in the credentials and a callback is available, the callback -takes predence. +indicates error and the handshake will be terminated. @strong{Since:} 3.0 @end deftypefun diff --git a/doc/functions/gnutls_certificate_set_rsa_export_params b/doc/functions/gnutls_certificate_set_rsa_export_params new file mode 100644 index 0000000..3a0d1bb --- /dev/null +++ b/doc/functions/gnutls_certificate_set_rsa_export_params @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_rsa_export_params} (gnutls_certificate_credentials_t @var{res}, gnutls_rsa_params_t @var{rsa_params}) +@var{res}: is a gnutls_certificate_credentials_t structure + +@var{rsa_params}: is a structure that holds temporary RSA parameters. + +This function will set the temporary RSA parameters for a +certificate server to use. These parameters will be used in +RSA-EXPORT cipher suites. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_rsa_export_params.short b/doc/functions/gnutls_certificate_set_rsa_export_params.short new file mode 100644 index 0000000..f758102 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_rsa_export_params.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_rsa_export_params} (gnutls_certificate_credentials_t @var{res}, gnutls_rsa_params_t @var{rsa_params}) diff --git a/doc/functions/gnutls_certificate_set_trust_list b/doc/functions/gnutls_certificate_set_trust_list index b1e92af..157ce5a 100644 --- a/doc/functions/gnutls_certificate_set_trust_list +++ b/doc/functions/gnutls_certificate_set_trust_list @@ -1,15 +1,14 @@ - @deftypefun {void} {gnutls_certificate_set_trust_list} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_trust_list_t @var{tlist}, unsigned @var{flags}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. -@var{tlist}: is a @code{gnutls_x509_trust_list_t} type +@var{tlist}: is a @code{gnutls_x509_trust_list_t} structure @var{flags}: must be zero -This function sets a trust list in the gnutls_certificate_credentials_t type. +This function sets a trust list in the gnutls_certificate_credentials_t structure. Note that the @code{tlist} will become part of the credentials structure and must not be deallocated. It will be automatically deallocated diff --git a/doc/functions/gnutls_certificate_set_verify_flags b/doc/functions/gnutls_certificate_set_verify_flags index bc7da3d..2a2ecd6 100644 --- a/doc/functions/gnutls_certificate_set_verify_flags +++ b/doc/functions/gnutls_certificate_set_verify_flags @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_certificate_set_verify_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) -@var{res}: is a gnutls_certificate_credentials_t type +@var{res}: is a gnutls_certificate_credentials_t structure @var{flags}: are the flags diff --git a/doc/functions/gnutls_certificate_set_verify_function b/doc/functions/gnutls_certificate_set_verify_function index 849e760..61bdf7d 100644 --- a/doc/functions/gnutls_certificate_set_verify_function +++ b/doc/functions/gnutls_certificate_set_verify_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_certificate_set_verify_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_verify_function * @var{func}) -@var{cred}: is a @code{gnutls_certificate_credentials_t} type. +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. @var{func}: is the callback function diff --git a/doc/functions/gnutls_certificate_set_verify_limits b/doc/functions/gnutls_certificate_set_verify_limits index 93cd5fe..f31e5e4 100644 --- a/doc/functions/gnutls_certificate_set_verify_limits +++ b/doc/functions/gnutls_certificate_set_verify_limits @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_certificate_set_verify_limits} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{max_bits}, unsigned int @var{max_depth}) -@var{res}: is a gnutls_certificate_credentials type +@var{res}: is a gnutls_certificate_credentials structure @var{max_bits}: is the number of bits of an acceptable certificate (default 8200) diff --git a/doc/functions/gnutls_certificate_set_x509_crl b/doc/functions/gnutls_certificate_set_x509_crl index 868a974..a2c25c0 100644 --- a/doc/functions/gnutls_certificate_set_x509_crl +++ b/doc/functions/gnutls_certificate_set_x509_crl @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_set_x509_crl} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crl_t * @var{crl_list}, int @var{crl_list_size}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{crl_list}: is a list of trusted CRLs. They should have been verified before. diff --git a/doc/functions/gnutls_certificate_set_x509_crl_file b/doc/functions/gnutls_certificate_set_x509_crl_file index 6a7d558..1e8cf25 100644 --- a/doc/functions/gnutls_certificate_set_x509_crl_file +++ b/doc/functions/gnutls_certificate_set_x509_crl_file @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_set_x509_crl_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{crlfile}, gnutls_x509_crt_fmt_t @var{type}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{crlfile}: is a file containing the list of verified CRLs (DER or PEM list) diff --git a/doc/functions/gnutls_certificate_set_x509_crl_mem b/doc/functions/gnutls_certificate_set_x509_crl_mem index a58545c..03ab04c 100644 --- a/doc/functions/gnutls_certificate_set_x509_crl_mem +++ b/doc/functions/gnutls_certificate_set_x509_crl_mem @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_set_x509_crl_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{CRL}, gnutls_x509_crt_fmt_t @var{type}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{CRL}: is a list of trusted CRLs. They should have been verified before. diff --git a/doc/functions/gnutls_certificate_set_x509_key b/doc/functions/gnutls_certificate_set_x509_key index a14e1a5..c903c03 100644 --- a/doc/functions/gnutls_certificate_set_x509_key +++ b/doc/functions/gnutls_certificate_set_x509_key @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_set_x509_key} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crt_t * @var{cert_list}, int @var{cert_list_size}, gnutls_x509_privkey_t @var{key}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{cert_list}: contains a certificate list (path) for the specified private key @@ -12,7 +12,7 @@ @var{key}: is a @code{gnutls_x509_privkey_t} key This function sets a certificate/private key pair in the -gnutls_certificate_credentials_t type. This function may be +gnutls_certificate_credentials_t structure. This function may be called more than once, in case multiple keys/certificates exist for the server. For clients that wants to send more than their own end entity certificate (e.g., also an intermediate CA cert) then put @@ -21,9 +21,6 @@ the certificate chain in @code{cert_list} . Note that the certificates and keys provided, can be safely deinitialized after this function is called. -If that function fails to load the @code{res} type is at an undefined state, it must -not be reused to load other keys or certificates. - @strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. @strong{Since:} 2.4.0 diff --git a/doc/functions/gnutls_certificate_set_x509_key_file b/doc/functions/gnutls_certificate_set_x509_key_file index b4b8229..e4fedb0 100644 --- a/doc/functions/gnutls_certificate_set_x509_key_file +++ b/doc/functions/gnutls_certificate_set_x509_key_file @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_set_x509_key_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{certfile}: is a file that containing the certificate list (path) for the specified private key, in PKCS7 format, or a list of certificates @@ -13,7 +13,7 @@ the specified private key, in PKCS7 format, or a list of certificates @var{type}: is PEM or DER This function sets a certificate/private key pair in the -gnutls_certificate_credentials_t type. This function may be +gnutls_certificate_credentials_t structure. This function may be called more than once, in case multiple keys/certificates exist for the server. For clients that need to send more than its own end entity certificate, e.g., also an intermediate CA cert, then the @@ -24,16 +24,11 @@ when selecting the appropriate certificate to use (in case of multiple certificate/key pairs). This function can also accept URLs at @code{keyfile} and @code{certfile} . In that case it -will use the private key and certificate indicated by the URLs. Note +will import the private key and certificate indicated by the URLs. Note that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . In case the @code{certfile} is provided as a PKCS @code{11} URL, then the certificate, and its -present issuers in the token are imported (i.e., forming the required trust chain). - -If that function fails to load the @code{res} structure is at an undefined state, it must -not be reused to load other keys or certificates. +present issuers in the token are are imported (i.e., the required trust chain). @strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. - -@strong{Since:} 3.1.11 @end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_key_file2 b/doc/functions/gnutls_certificate_set_x509_key_file2 index a68d791..a8562dc 100644 --- a/doc/functions/gnutls_certificate_set_x509_key_file2 +++ b/doc/functions/gnutls_certificate_set_x509_key_file2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_set_x509_key_file2} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{certfile}: is a file that containing the certificate list (path) for the specified private key, in PKCS7 format, or a list of certificates @@ -17,7 +17,7 @@ the specified private key, in PKCS7 format, or a list of certificates @var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t This function sets a certificate/private key pair in the -gnutls_certificate_credentials_t type. This function may be +gnutls_certificate_credentials_t structure. This function may be called more than once, in case multiple keys/certificates exist for the server. For clients that need to send more than its own end entity certificate, e.g., also an intermediate CA cert, then the @@ -28,16 +28,11 @@ when selecting the appropriate certificate to use (in case of multiple certificate/key pairs). This function can also accept URLs at @code{keyfile} and @code{certfile} . In that case it -will use the private key and certificate indicated by the URLs. Note +will import the private key and certificate indicated by the URLs. Note that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . -Before GnuTLS 3.4.0 when a URL was specified, the @code{pass} part was ignored and a -PIN callback had to be registered, this is no longer the case in current releases. In case the @code{certfile} is provided as a PKCS @code{11} URL, then the certificate, and its -present issuers in the token are imported (i.e., forming the required trust chain). - -If that function fails to load the @code{res} structure is at an undefined state, it must -not be reused to load other keys or certificates. +present issuers in the token are are imported (i.e., the required trust chain). @strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. @end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_key_mem b/doc/functions/gnutls_certificate_set_x509_key_mem index 1170c53..5c302fc 100644 --- a/doc/functions/gnutls_certificate_set_x509_key_mem +++ b/doc/functions/gnutls_certificate_set_x509_key_mem @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_set_x509_key_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{cert}, const gnutls_datum_t * @var{key}, gnutls_x509_crt_fmt_t @var{type}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{cert}: contains a certificate list (path) for the specified private key @@ -12,7 +12,7 @@ @var{type}: is PEM or DER This function sets a certificate/private key pair in the -gnutls_certificate_credentials_t type. This function may be called +gnutls_certificate_credentials_t structure. This function may be called more than once, in case multiple keys/certificates exist for the server. diff --git a/doc/functions/gnutls_certificate_set_x509_key_mem2 b/doc/functions/gnutls_certificate_set_x509_key_mem2 index 26f1840..cdd5e00 100644 --- a/doc/functions/gnutls_certificate_set_x509_key_mem2 +++ b/doc/functions/gnutls_certificate_set_x509_key_mem2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_set_x509_key_mem2} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{cert}, const gnutls_datum_t * @var{key}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{cert}: contains a certificate list (path) for the specified private key @@ -16,7 +16,7 @@ @var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t This function sets a certificate/private key pair in the -gnutls_certificate_credentials_t type. This function may be called +gnutls_certificate_credentials_t structure. This function may be called more than once, in case multiple keys/certificates exist for the server. diff --git a/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file index 6bf2f17..ec16c9c 100644 --- a/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file +++ b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_set_x509_simple_pkcs12_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{pkcs12file}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{password}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{pkcs12file}: filename of file containing PKCS@code{12} blob. @@ -12,7 +12,7 @@ @var{password}: optional password used to decrypt PKCS@code{12} file, bags and keys. This function sets a certificate/private key pair and/or a CRL in -the gnutls_certificate_credentials_t type. This function may +the gnutls_certificate_credentials_t structure. This function may be called more than once (in case multiple keys/certificates exist for the server). diff --git a/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem index 40cee81..e44eab3 100644 --- a/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem +++ b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_set_x509_simple_pkcs12_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{p12blob}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{password}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{p12blob}: the PKCS@code{12} blob. @@ -12,7 +12,7 @@ @var{password}: optional password used to decrypt PKCS@code{12} file, bags and keys. This function sets a certificate/private key pair and/or a CRL in -the gnutls_certificate_credentials_t type. This function may +the gnutls_certificate_credentials_t structure. This function may be called more than once (in case multiple keys/certificates exist for the server). diff --git a/doc/functions/gnutls_certificate_set_x509_system_trust b/doc/functions/gnutls_certificate_set_x509_system_trust index ec60c15..1a7a4ad 100644 --- a/doc/functions/gnutls_certificate_set_x509_system_trust +++ b/doc/functions/gnutls_certificate_set_x509_system_trust @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_set_x509_system_trust} (gnutls_certificate_credentials_t @var{cred}) -@var{cred}: is a @code{gnutls_certificate_credentials_t} type. +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. This function adds the system's default trusted CAs in order to verify client or server certificates. diff --git a/doc/functions/gnutls_certificate_set_x509_trust b/doc/functions/gnutls_certificate_set_x509_trust index 407b803..0a88f70 100644 --- a/doc/functions/gnutls_certificate_set_x509_trust +++ b/doc/functions/gnutls_certificate_set_x509_trust @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_set_x509_trust} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crt_t * @var{ca_list}, int @var{ca_list_size}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{ca_list}: is a list of trusted CAs diff --git a/doc/functions/gnutls_certificate_set_x509_trust_dir b/doc/functions/gnutls_certificate_set_x509_trust_dir deleted file mode 100644 index dd3515b..0000000 --- a/doc/functions/gnutls_certificate_set_x509_trust_dir +++ /dev/null @@ -1,20 +0,0 @@ - - - - -@deftypefun {int} {gnutls_certificate_set_x509_trust_dir} (gnutls_certificate_credentials_t @var{cred}, const char * @var{ca_dir}, gnutls_x509_crt_fmt_t @var{type}) -@var{cred}: is a @code{gnutls_certificate_credentials_t} type. - -@var{ca_dir}: is a directory containing the list of trusted CAs (DER or PEM list) - -@var{type}: is PEM or DER - -This function adds the trusted CAs present in the directory in order to -verify client or server certificates. This function is identical -to @code{gnutls_certificate_set_x509_trust_file()} but loads all certificates -in a directory. - -@strong{Returns:} the number of certificates processed - -@strong{Since:} 3.3.6 -@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_trust_dir.short b/doc/functions/gnutls_certificate_set_x509_trust_dir.short deleted file mode 100644 index 8f5e390..0000000 --- a/doc/functions/gnutls_certificate_set_x509_trust_dir.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_certificate_set_x509_trust_dir} (gnutls_certificate_credentials_t @var{cred}, const char * @var{ca_dir}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_set_x509_trust_file b/doc/functions/gnutls_certificate_set_x509_trust_file index 9a9a072..f211747 100644 --- a/doc/functions/gnutls_certificate_set_x509_trust_file +++ b/doc/functions/gnutls_certificate_set_x509_trust_file @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_set_x509_trust_file} (gnutls_certificate_credentials_t @var{cred}, const char * @var{cafile}, gnutls_x509_crt_fmt_t @var{type}) -@var{cred}: is a @code{gnutls_certificate_credentials_t} type. +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. @var{cafile}: is a file containing the list of trusted CAs (DER or PEM list) @@ -23,5 +23,6 @@ This function can also accept URLs. In that case it will import all certificates that are marked as trusted. Note that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . -@strong{Returns:} the number of certificates processed +@strong{Returns:} number of certificates processed, or a negative error code on +error. @end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_trust_mem b/doc/functions/gnutls_certificate_set_x509_trust_mem index ca1fc4b..f3cae8a 100644 --- a/doc/functions/gnutls_certificate_set_x509_trust_mem +++ b/doc/functions/gnutls_certificate_set_x509_trust_mem @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_certificate_set_x509_trust_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{ca}, gnutls_x509_crt_fmt_t @var{type}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{ca}: is a list of trusted CAs or a DER certificate diff --git a/doc/functions/gnutls_certificate_type_get b/doc/functions/gnutls_certificate_type_get index 5c9a8b1..8b16287 100644 --- a/doc/functions/gnutls_certificate_type_get +++ b/doc/functions/gnutls_certificate_type_get @@ -3,7 +3,7 @@ @deftypefun {gnutls_certificate_type_t} {gnutls_certificate_type_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. The certificate type is by default X.509, unless it is negotiated as a TLS extension. diff --git a/doc/functions/gnutls_certificate_type_set_priority b/doc/functions/gnutls_certificate_type_set_priority new file mode 100644 index 0000000..3e1b964 --- /dev/null +++ b/doc/functions/gnutls_certificate_type_set_priority @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_certificate_type_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) +@var{session}: is a @code{gnutls_session_t} structure. + +@var{list}: is a 0 terminated list of gnutls_certificate_type_t elements. + +Sets the priority on the certificate types supported by gnutls. +Priority is higher for elements specified before others. +After specifying the types you want, you must append a 0. +Note that the certificate type priority is set on the client. +The server does not use the cert type priority except for disabling +types that were not specified. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_type_set_priority.short b/doc/functions/gnutls_certificate_type_set_priority.short new file mode 100644 index 0000000..150c509 --- /dev/null +++ b/doc/functions/gnutls_certificate_type_set_priority.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_type_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) diff --git a/doc/functions/gnutls_certificate_verify_peers b/doc/functions/gnutls_certificate_verify_peers index 151692b..91c9081 100644 --- a/doc/functions/gnutls_certificate_verify_peers +++ b/doc/functions/gnutls_certificate_verify_peers @@ -19,19 +19,18 @@ The default verification flags used by this function can be overridden using @code{gnutls_certificate_set_verify_flags()} . See the documentation of @code{gnutls_certificate_verify_peers2()} for details in the verification process. -The acceptable @code{data} types are @code{GNUTLS_DT_DNS_HOSTNAME} , @code{GNUTLS_DT_RFC822NAME} and @code{GNUTLS_DT_KEY_PURPOSE_OID} . -The former two accept as data a null-terminated hostname or email address, and the latter a null-terminated -object identifier (e.g., @code{GNUTLS_KP_TLS_WWW_SERVER} ). +The acceptable data types are @code{GNUTLS_DT_DNS_HOSTNAME} and @code{GNUTLS_DT_KEY_PURPOSE_OID} . If a DNS hostname is provided then this function will compare -the hostname in the certificate against the given. If names do not match the -@code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will be set. +the hostname in the certificate against the given. The comparison will +be accurate for ascii names; non-ascii names are compared byte-by-byte. +If names do not match the @code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will be set. + If a key purpose OID is provided and the end-certificate contains the extended key usage PKIX extension, it will be required to be have the provided key purpose -or be marked for any purpose, otherwise verification will fail with @code{GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE} status. +(e.g., @code{GNUTLS_KP_TLS_WWW_SERVER} ), or be marked for any purpose, otherwise +verification will fail with @code{GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE} status. -@strong{Returns:} a negative error code on error and @code{GNUTLS_E_SUCCESS} (0) -when the peer's certificate was successfully parsed, whether or not -it was verified. +@strong{Returns:} a negative error code on error and @code{GNUTLS_E_SUCCESS} (0) on success. @strong{Since:} 3.3.0 @end deftypefun diff --git a/doc/functions/gnutls_certificate_verify_peers2 b/doc/functions/gnutls_certificate_verify_peers2 index 97ca891..9e2fd19 100644 --- a/doc/functions/gnutls_certificate_verify_peers2 +++ b/doc/functions/gnutls_certificate_verify_peers2 @@ -26,7 +26,5 @@ Note that you must also check the peer's name in order to check if the verified certificate belongs to the actual peer, see @code{gnutls_x509_crt_check_hostname()} , or use @code{gnutls_certificate_verify_peers3()} . -@strong{Returns:} a negative error code on error and @code{GNUTLS_E_SUCCESS} (0) -when the peer's certificate was successfully parsed, whether or not -it was verified. +@strong{Returns:} a negative error code on error and @code{GNUTLS_E_SUCCESS} (0) on success. @end deftypefun diff --git a/doc/functions/gnutls_certificate_verify_peers3 b/doc/functions/gnutls_certificate_verify_peers3 index 8150e37..c2f8301 100644 --- a/doc/functions/gnutls_certificate_verify_peers3 +++ b/doc/functions/gnutls_certificate_verify_peers3 @@ -25,9 +25,7 @@ If names do not match the @code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will In order to verify the purpose of the end-certificate (by checking the extended key usage), use @code{gnutls_certificate_verify_peers()} . -@strong{Returns:} a negative error code on error and @code{GNUTLS_E_SUCCESS} (0) -when the peer's certificate was successfully parsed, whether or not -it was verified. +@strong{Returns:} a negative error code on error and @code{GNUTLS_E_SUCCESS} (0) on success. @strong{Since:} 3.1.4 @end deftypefun diff --git a/doc/functions/gnutls_cipher_add_auth b/doc/functions/gnutls_cipher_add_auth index 3825143..0cb04bf 100644 --- a/doc/functions/gnutls_cipher_add_auth +++ b/doc/functions/gnutls_cipher_add_auth @@ -1,13 +1,12 @@ +@deftypefun {int} {gnutls_cipher_add_auth} (gnutls_cipher_hd_t @var{handle}, const void * @var{text}, size_t @var{text_size}) +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. -@deftypefun {int} {gnutls_cipher_add_auth} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_size}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@var{text}: the data to be authenticated -@var{ptext}: the data to be authenticated - -@var{ptext_size}: the length of the data +@var{text_size}: The length of the data This function operates on authenticated encryption with associated data (AEAD) ciphers and authenticate the diff --git a/doc/functions/gnutls_cipher_add_auth.short b/doc/functions/gnutls_cipher_add_auth.short index ca078ed..23042c7 100644 --- a/doc/functions/gnutls_cipher_add_auth.short +++ b/doc/functions/gnutls_cipher_add_auth.short @@ -1 +1 @@ -@item @var{int} @ref{gnutls_cipher_add_auth} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_size}) +@item @var{int} @ref{gnutls_cipher_add_auth} (gnutls_cipher_hd_t @var{handle}, const void * @var{text}, size_t @var{text_size}) diff --git a/doc/functions/gnutls_cipher_decrypt b/doc/functions/gnutls_cipher_decrypt index 1ab28e9..d78e20e 100644 --- a/doc/functions/gnutls_cipher_decrypt +++ b/doc/functions/gnutls_cipher_decrypt @@ -2,12 +2,12 @@ -@deftypefun {int} {gnutls_cipher_decrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ctext}, size_t @var{ctext_len}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@deftypefun {int} {gnutls_cipher_decrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ciphertext}, size_t @var{ciphertextlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. -@var{ctext}: the data to decrypt +@var{ciphertext}: the data to encrypt -@var{ctext_len}: the length of data to decrypt +@var{ciphertextlen}: The length of data to encrypt This function will decrypt the given data using the algorithm specified by the context. diff --git a/doc/functions/gnutls_cipher_decrypt.short b/doc/functions/gnutls_cipher_decrypt.short index 81a64f2..bd716ec 100644 --- a/doc/functions/gnutls_cipher_decrypt.short +++ b/doc/functions/gnutls_cipher_decrypt.short @@ -1 +1 @@ -@item @var{int} @ref{gnutls_cipher_decrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ctext}, size_t @var{ctext_len}) +@item @var{int} @ref{gnutls_cipher_decrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ciphertext}, size_t @var{ciphertextlen}) diff --git a/doc/functions/gnutls_cipher_decrypt2 b/doc/functions/gnutls_cipher_decrypt2 index 5ab0de8..d07bb0a 100644 --- a/doc/functions/gnutls_cipher_decrypt2 +++ b/doc/functions/gnutls_cipher_decrypt2 @@ -2,21 +2,19 @@ -@deftypefun {int} {gnutls_cipher_decrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t @var{ptext_len}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@deftypefun {int} {gnutls_cipher_decrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ciphertext}, size_t @var{ciphertextlen}, void * @var{text}, size_t @var{textlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. -@var{ctext}: the data to decrypt +@var{ciphertext}: the data to encrypt -@var{ctext_len}: the length of data to decrypt +@var{ciphertextlen}: The length of data to encrypt -@var{ptext}: the decrypted data +@var{text}: the decrypted data -@var{ptext_len}: the available length for decrypted data +@var{textlen}: The available length for decrypted data This function will decrypt the given data using the algorithm -specified by the context. For block ciphers the @code{ctext_len} must be -a multiple of the block size. For the supported ciphers the plaintext -data length will equal the ciphertext size. +specified by the context. Note that in AEAD ciphers, this will not check the tag. You will need to compare the tag sent with the value returned from @code{gnutls_cipher_tag()} . diff --git a/doc/functions/gnutls_cipher_decrypt2.short b/doc/functions/gnutls_cipher_decrypt2.short index 9843921..c9e305b 100644 --- a/doc/functions/gnutls_cipher_decrypt2.short +++ b/doc/functions/gnutls_cipher_decrypt2.short @@ -1 +1 @@ -@item @var{int} @ref{gnutls_cipher_decrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t @var{ptext_len}) +@item @var{int} @ref{gnutls_cipher_decrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ciphertext}, size_t @var{ciphertextlen}, void * @var{text}, size_t @var{textlen}) diff --git a/doc/functions/gnutls_cipher_deinit b/doc/functions/gnutls_cipher_deinit index 932ccca..958db8b 100644 --- a/doc/functions/gnutls_cipher_deinit +++ b/doc/functions/gnutls_cipher_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_cipher_deinit} (gnutls_cipher_hd_t @var{handle}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. This function will deinitialize all resources occupied by the given encryption context. diff --git a/doc/functions/gnutls_cipher_encrypt b/doc/functions/gnutls_cipher_encrypt index a2015a2..d202f6a 100644 --- a/doc/functions/gnutls_cipher_encrypt +++ b/doc/functions/gnutls_cipher_encrypt @@ -2,12 +2,12 @@ -@deftypefun {int} {gnutls_cipher_encrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ptext}, size_t @var{ptext_len}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@deftypefun {int} {gnutls_cipher_encrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{text}, size_t @var{textlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. -@var{ptext}: the data to encrypt +@var{text}: the data to encrypt -@var{ptext_len}: the length of data to encrypt +@var{textlen}: The length of data to encrypt This function will encrypt the given data using the algorithm specified by the context. diff --git a/doc/functions/gnutls_cipher_encrypt.short b/doc/functions/gnutls_cipher_encrypt.short index ed75439..d84a025 100644 --- a/doc/functions/gnutls_cipher_encrypt.short +++ b/doc/functions/gnutls_cipher_encrypt.short @@ -1 +1 @@ -@item @var{int} @ref{gnutls_cipher_encrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ptext}, size_t @var{ptext_len}) +@item @var{int} @ref{gnutls_cipher_encrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{text}, size_t @var{textlen}) diff --git a/doc/functions/gnutls_cipher_encrypt2 b/doc/functions/gnutls_cipher_encrypt2 index 4e85aef..8d60730 100644 --- a/doc/functions/gnutls_cipher_encrypt2 +++ b/doc/functions/gnutls_cipher_encrypt2 @@ -2,21 +2,19 @@ -@deftypefun {int} {gnutls_cipher_encrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t @var{ctext_len}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@deftypefun {int} {gnutls_cipher_encrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{text}, size_t @var{textlen}, void * @var{ciphertext}, size_t @var{ciphertextlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. -@var{ptext}: the data to encrypt +@var{text}: the data to encrypt -@var{ptext_len}: the length of data to encrypt +@var{textlen}: The length of data to encrypt -@var{ctext}: the encrypted data +@var{ciphertext}: the encrypted data -@var{ctext_len}: the available length for encrypted data +@var{ciphertextlen}: The available length for encrypted data This function will encrypt the given data using the algorithm -specified by the context. For block ciphers the @code{ptext_len} must be -a multiple of the block size. For the supported ciphers the encrypted -data length will equal the plaintext size. +specified by the context. @strong{Returns:} Zero or a negative error code on error. diff --git a/doc/functions/gnutls_cipher_encrypt2.short b/doc/functions/gnutls_cipher_encrypt2.short index 5f16b3f..735bbf2 100644 --- a/doc/functions/gnutls_cipher_encrypt2.short +++ b/doc/functions/gnutls_cipher_encrypt2.short @@ -1 +1 @@ -@item @var{int} @ref{gnutls_cipher_encrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t @var{ctext_len}) +@item @var{int} @ref{gnutls_cipher_encrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{text}, size_t @var{textlen}, void * @var{ciphertext}, size_t @var{ciphertextlen}) diff --git a/doc/functions/gnutls_cipher_get b/doc/functions/gnutls_cipher_get index cdb2d42..4266493 100644 --- a/doc/functions/gnutls_cipher_get +++ b/doc/functions/gnutls_cipher_get @@ -3,7 +3,7 @@ @deftypefun {gnutls_cipher_algorithm_t} {gnutls_cipher_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get currently used cipher. diff --git a/doc/functions/gnutls_cipher_init b/doc/functions/gnutls_cipher_init index 80737bc..f6e1b23 100644 --- a/doc/functions/gnutls_cipher_init +++ b/doc/functions/gnutls_cipher_init @@ -3,16 +3,16 @@ @deftypefun {int} {gnutls_cipher_init} (gnutls_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}, const gnutls_datum_t * @var{iv}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. @var{cipher}: the encryption algorithm to use -@var{key}: the key to be used for encryption/decryption +@var{key}: The key to be used for encryption -@var{iv}: the IV to use (if not applicable set NULL) +@var{iv}: The IV to use (if not applicable set NULL) -This function will initialize the @code{handle} context to be usable -for encryption/decryption of data. This will effectively use the +This function will initialize an context that can be used for +encryption/decryption of data. This will effectively use the current crypto backend in use by gnutls or the cryptographic accelerator in use. diff --git a/doc/functions/gnutls_cipher_set_iv b/doc/functions/gnutls_cipher_set_iv index 55884ca..a67de42 100644 --- a/doc/functions/gnutls_cipher_set_iv +++ b/doc/functions/gnutls_cipher_set_iv @@ -3,11 +3,11 @@ @deftypefun {void} {gnutls_cipher_set_iv} (gnutls_cipher_hd_t @var{handle}, void * @var{iv}, size_t @var{ivlen}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. @var{iv}: the IV to set -@var{ivlen}: the length of the IV +@var{ivlen}: The length of the IV This function will set the IV to be used for the next encryption block. diff --git a/doc/functions/gnutls_cipher_set_priority b/doc/functions/gnutls_cipher_set_priority new file mode 100644 index 0000000..202ef0f --- /dev/null +++ b/doc/functions/gnutls_cipher_set_priority @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_cipher_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) +@var{session}: is a @code{gnutls_session_t} structure. + +@var{list}: is a 0 terminated list of gnutls_cipher_algorithm_t elements. + +Sets the priority on the ciphers supported by gnutls. Priority is +higher for elements specified before others. After specifying the +ciphers you want, you must append a 0. Note that the priority is +set on the client. The server does not use the algorithm's +priority except for disabling algorithms that were not specified. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_cipher_set_priority.short b/doc/functions/gnutls_cipher_set_priority.short new file mode 100644 index 0000000..a775819 --- /dev/null +++ b/doc/functions/gnutls_cipher_set_priority.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) diff --git a/doc/functions/gnutls_cipher_tag b/doc/functions/gnutls_cipher_tag index 5994c87..254a865 100644 --- a/doc/functions/gnutls_cipher_tag +++ b/doc/functions/gnutls_cipher_tag @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_cipher_tag} (gnutls_cipher_hd_t @var{handle}, void * @var{tag}, size_t @var{tag_size}) -@var{handle}: is a @code{gnutls_cipher_hd_t} type +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. @var{tag}: will hold the tag -@var{tag_size}: the length of the tag to return +@var{tag_size}: The length of the tag to return This function operates on authenticated encryption with associated data (AEAD) ciphers and will return the diff --git a/doc/functions/gnutls_compression_get b/doc/functions/gnutls_compression_get index 81e6953..0af69b1 100644 --- a/doc/functions/gnutls_compression_get +++ b/doc/functions/gnutls_compression_get @@ -3,7 +3,7 @@ @deftypefun {gnutls_compression_method_t} {gnutls_compression_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get currently used compression algorithm. diff --git a/doc/functions/gnutls_compression_set_priority b/doc/functions/gnutls_compression_set_priority new file mode 100644 index 0000000..14ee3a2 --- /dev/null +++ b/doc/functions/gnutls_compression_set_priority @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_compression_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) +@var{session}: is a @code{gnutls_session_t} structure. + +@var{list}: is a 0 terminated list of gnutls_compression_method_t elements. + +Sets the priority on the compression algorithms supported by +gnutls. Priority is higher for elements specified before others. +After specifying the algorithms you want, you must append a 0. +Note that the priority is set on the client. The server does not +use the algorithm's priority except for disabling algorithms that +were not specified. + +TLS 1.0 does not define any compression algorithms except +NULL. Other compression algorithms are to be considered as gnutls +extensions. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_compression_set_priority.short b/doc/functions/gnutls_compression_set_priority.short new file mode 100644 index 0000000..d57206c --- /dev/null +++ b/doc/functions/gnutls_compression_set_priority.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_compression_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) diff --git a/doc/functions/gnutls_credentials_clear b/doc/functions/gnutls_credentials_clear index 9dd407a..3a8509f 100644 --- a/doc/functions/gnutls_credentials_clear +++ b/doc/functions/gnutls_credentials_clear @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_credentials_clear} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Clears all the credentials previously set in this session. @end deftypefun diff --git a/doc/functions/gnutls_credentials_get b/doc/functions/gnutls_credentials_get index 39b1990..5b8571b 100644 --- a/doc/functions/gnutls_credentials_get +++ b/doc/functions/gnutls_credentials_get @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_credentials_get} (gnutls_session_t @var{session}, gnutls_credentials_type_t @var{type}, void ** @var{cred}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{type}: is the type of the credentials to return -@var{cred}: will contain the credentials. +@var{cred}: will contain the pointer to the credentials structure. Returns the previously provided credentials structures. @@ -24,6 +24,4 @@ For @code{GNUTLS_CRD_CERTIFICATE} , @code{cred} will be @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error code is returned. - -@strong{Since:} 3.3.3 @end deftypefun diff --git a/doc/functions/gnutls_credentials_set b/doc/functions/gnutls_credentials_set index aabbbb0..2137b7e 100644 --- a/doc/functions/gnutls_credentials_set +++ b/doc/functions/gnutls_credentials_set @@ -3,13 +3,13 @@ @deftypefun {int} {gnutls_credentials_set} (gnutls_session_t @var{session}, gnutls_credentials_type_t @var{type}, void * @var{cred}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{type}: is the type of the credentials -@var{cred}: the credentials to set +@var{cred}: is a pointer to a structure. -Sets the needed credentials for the specified type. E.g. username, +Sets the needed credentials for the specified type. Eg username, password - or public and private keys etc. The @code{cred} parameter is a structure that depends on the specified type and on the current session (client or server). diff --git a/doc/functions/gnutls_crypto_register_aead_cipher b/doc/functions/gnutls_crypto_register_aead_cipher deleted file mode 100644 index 89bff7a..0000000 --- a/doc/functions/gnutls_crypto_register_aead_cipher +++ /dev/null @@ -1,35 +0,0 @@ - - - - -@deftypefun {int} {gnutls_crypto_register_aead_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_aead_encrypt_func @var{aead_encrypt}, gnutls_cipher_aead_decrypt_func @var{aead_decrypt}, gnutls_cipher_deinit_func @var{deinit}) -@var{algorithm}: is the gnutls AEAD cipher identifier - -@var{priority}: is the priority of the algorithm - -@var{init}: A function which initializes the cipher - -@var{setkey}: A function which sets the key of the cipher - -@var{aead_encrypt}: Perform the AEAD encryption - -@var{aead_decrypt}: Perform the AEAD decryption - -@var{deinit}: A function which deinitializes the cipher - -This function will register a cipher algorithm to be used by -gnutls. Any algorithm registered will override the included -algorithms and by convention kernel implemented algorithms have -priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be -used by gnutls. - -In the case the registered init or setkey functions return @code{GNUTLS_E_NEED_FALLBACK} , -GnuTLS will attempt to use the next in priority registered cipher. - -The functions registered will be used with the new AEAD API introduced in -GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_crypto_register_aead_cipher.short b/doc/functions/gnutls_crypto_register_aead_cipher.short deleted file mode 100644 index 3cddbc5..0000000 --- a/doc/functions/gnutls_crypto_register_aead_cipher.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_crypto_register_aead_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_aead_encrypt_func @var{aead_encrypt}, gnutls_cipher_aead_decrypt_func @var{aead_decrypt}, gnutls_cipher_deinit_func @var{deinit}) diff --git a/doc/functions/gnutls_crypto_register_cipher b/doc/functions/gnutls_crypto_register_cipher deleted file mode 100644 index a7883e1..0000000 --- a/doc/functions/gnutls_crypto_register_cipher +++ /dev/null @@ -1,38 +0,0 @@ - - - - -@deftypefun {int} {gnutls_crypto_register_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_setiv_func @var{setiv}, gnutls_cipher_encrypt_func @var{encrypt}, gnutls_cipher_decrypt_func @var{decrypt}, gnutls_cipher_deinit_func @var{deinit}) -@var{algorithm}: is the gnutls algorithm identifier - -@var{priority}: is the priority of the algorithm - -@var{init}: A function which initializes the cipher - -@var{setkey}: A function which sets the key of the cipher - -@var{setiv}: A function which sets the nonce/IV of the cipher (non-AEAD) - -@var{encrypt}: A function which performs encryption (non-AEAD) - -@var{decrypt}: A function which performs decryption (non-AEAD) - -@var{deinit}: A function which deinitializes the cipher - -This function will register a cipher algorithm to be used by -gnutls. Any algorithm registered will override the included -algorithms and by convention kernel implemented algorithms have -priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be -used by gnutls. - -In the case the registered init or setkey functions return @code{GNUTLS_E_NEED_FALLBACK} , -GnuTLS will attempt to use the next in priority registered cipher. - -The functions which are marked as non-AEAD they are not required when -registering a cipher to be used with the new AEAD API introduced in -GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_crypto_register_cipher.short b/doc/functions/gnutls_crypto_register_cipher.short deleted file mode 100644 index 040acdd..0000000 --- a/doc/functions/gnutls_crypto_register_cipher.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_crypto_register_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_setiv_func @var{setiv}, gnutls_cipher_encrypt_func @var{encrypt}, gnutls_cipher_decrypt_func @var{decrypt}, gnutls_cipher_deinit_func @var{deinit}) diff --git a/doc/functions/gnutls_crypto_register_digest b/doc/functions/gnutls_crypto_register_digest deleted file mode 100644 index 7921c04..0000000 --- a/doc/functions/gnutls_crypto_register_digest +++ /dev/null @@ -1,29 +0,0 @@ - - - - -@deftypefun {int} {gnutls_crypto_register_digest} (gnutls_digest_algorithm_t @var{algorithm}, int @var{priority}, gnutls_digest_init_func @var{init}, gnutls_digest_hash_func @var{hash}, gnutls_digest_output_func @var{output}, gnutls_digest_deinit_func @var{deinit}, gnutls_digest_fast_func @var{hash_fast}) -@var{algorithm}: is the gnutls digest identifier - -@var{priority}: is the priority of the algorithm - -@var{init}: A function which initializes the digest - -@var{hash}: Perform the hash operation - -@var{output}: Provide the output of the digest - -@var{deinit}: A function which deinitializes the digest - -@var{hash_fast}: Perform the digest operation in one go - -This function will register a digest algorithm to be used by gnutls. -Any algorithm registered will override the included algorithms and -by convention kernel implemented algorithms have priority of 90 -and CPU-assisted of 80. -The algorithm with the lowest priority will be used by gnutls. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_crypto_register_digest.short b/doc/functions/gnutls_crypto_register_digest.short deleted file mode 100644 index dc38057..0000000 --- a/doc/functions/gnutls_crypto_register_digest.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_crypto_register_digest} (gnutls_digest_algorithm_t @var{algorithm}, int @var{priority}, gnutls_digest_init_func @var{init}, gnutls_digest_hash_func @var{hash}, gnutls_digest_output_func @var{output}, gnutls_digest_deinit_func @var{deinit}, gnutls_digest_fast_func @var{hash_fast}) diff --git a/doc/functions/gnutls_crypto_register_mac b/doc/functions/gnutls_crypto_register_mac deleted file mode 100644 index f9951e7..0000000 --- a/doc/functions/gnutls_crypto_register_mac +++ /dev/null @@ -1,33 +0,0 @@ - - - - -@deftypefun {int} {gnutls_crypto_register_mac} (gnutls_mac_algorithm_t @var{algorithm}, int @var{priority}, gnutls_mac_init_func @var{init}, gnutls_mac_setkey_func @var{setkey}, gnutls_mac_setnonce_func @var{setnonce}, gnutls_mac_hash_func @var{hash}, gnutls_mac_output_func @var{output}, gnutls_mac_deinit_func @var{deinit}, gnutls_mac_fast_func @var{hash_fast}) -@var{algorithm}: is the gnutls MAC identifier - -@var{priority}: is the priority of the algorithm - -@var{init}: A function which initializes the MAC - -@var{setkey}: A function which sets the key of the MAC - -@var{setnonce}: A function which sets the nonce for the mac (may be @code{NULL} for common MAC algorithms) - -@var{hash}: Perform the hash operation - -@var{output}: Provide the output of the MAC - -@var{deinit}: A function which deinitializes the MAC - -@var{hash_fast}: Perform the MAC operation in one go - -This function will register a MAC algorithm to be used by gnutls. -Any algorithm registered will override the included algorithms and -by convention kernel implemented algorithms have priority of 90 -and CPU-assisted of 80. -The algorithm with the lowest priority will be used by gnutls. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_crypto_register_mac.short b/doc/functions/gnutls_crypto_register_mac.short deleted file mode 100644 index 31f84de..0000000 --- a/doc/functions/gnutls_crypto_register_mac.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_crypto_register_mac} (gnutls_mac_algorithm_t @var{algorithm}, int @var{priority}, gnutls_mac_init_func @var{init}, gnutls_mac_setkey_func @var{setkey}, gnutls_mac_setnonce_func @var{setnonce}, gnutls_mac_hash_func @var{hash}, gnutls_mac_output_func @var{output}, gnutls_mac_deinit_func @var{deinit}, gnutls_mac_fast_func @var{hash_fast}) diff --git a/doc/functions/gnutls_db_check_entry b/doc/functions/gnutls_db_check_entry index 7fc8f7c..83a0ec2 100644 --- a/doc/functions/gnutls_db_check_entry +++ b/doc/functions/gnutls_db_check_entry @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_db_check_entry} (gnutls_session_t @var{session}, gnutls_datum_t @var{session_entry}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{session_entry}: is the session data (not key) diff --git a/doc/functions/gnutls_db_check_entry_time b/doc/functions/gnutls_db_check_entry_time index 28d193b..5b8406f 100644 --- a/doc/functions/gnutls_db_check_entry_time +++ b/doc/functions/gnutls_db_check_entry_time @@ -3,7 +3,7 @@ @deftypefun {time_t} {gnutls_db_check_entry_time} (gnutls_datum_t * @var{entry}) -@var{entry}: is a pointer to a @code{gnutls_datum_t} type. +@var{entry}: is a pointer to a @code{gnutls_datum_t} structure. This function returns the time that this entry was active. It can be used for database entry expiration. diff --git a/doc/functions/gnutls_db_get_ptr b/doc/functions/gnutls_db_get_ptr index 03f82cc..1334935 100644 --- a/doc/functions/gnutls_db_get_ptr +++ b/doc/functions/gnutls_db_get_ptr @@ -3,7 +3,7 @@ @deftypefun {void *} {gnutls_db_get_ptr} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get db function pointer. diff --git a/doc/functions/gnutls_db_remove_session b/doc/functions/gnutls_db_remove_session index a9b9da7..4eabebb 100644 --- a/doc/functions/gnutls_db_remove_session +++ b/doc/functions/gnutls_db_remove_session @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_db_remove_session} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function will remove the current session data from the session database. This will prevent future handshakes reusing diff --git a/doc/functions/gnutls_db_set_cache_expiration b/doc/functions/gnutls_db_set_cache_expiration index 439583b..98a518e 100644 --- a/doc/functions/gnutls_db_set_cache_expiration +++ b/doc/functions/gnutls_db_set_cache_expiration @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_db_set_cache_expiration} (gnutls_session_t @var{session}, int @var{seconds}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{seconds}: is the number of seconds. diff --git a/doc/functions/gnutls_db_set_ptr b/doc/functions/gnutls_db_set_ptr index 712f0e8..dac1f81 100644 --- a/doc/functions/gnutls_db_set_ptr +++ b/doc/functions/gnutls_db_set_ptr @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_db_set_ptr} (gnutls_session_t @var{session}, void * @var{ptr}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{ptr}: is the pointer diff --git a/doc/functions/gnutls_db_set_remove_function b/doc/functions/gnutls_db_set_remove_function index 1674458..9c5310e 100644 --- a/doc/functions/gnutls_db_set_remove_function +++ b/doc/functions/gnutls_db_set_remove_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_db_set_remove_function} (gnutls_session_t @var{session}, gnutls_db_remove_func @var{rem_func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{rem_func}: is the function. diff --git a/doc/functions/gnutls_db_set_retrieve_function b/doc/functions/gnutls_db_set_retrieve_function index 82a4874..46db9d2 100644 --- a/doc/functions/gnutls_db_set_retrieve_function +++ b/doc/functions/gnutls_db_set_retrieve_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_db_set_retrieve_function} (gnutls_session_t @var{session}, gnutls_db_retr_func @var{retr_func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{retr_func}: is the function. diff --git a/doc/functions/gnutls_db_set_store_function b/doc/functions/gnutls_db_set_store_function index b71f2b5..6cd9d64 100644 --- a/doc/functions/gnutls_db_set_store_function +++ b/doc/functions/gnutls_db_set_store_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_db_set_store_function} (gnutls_session_t @var{session}, gnutls_db_store_func @var{store_func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{store_func}: is the function diff --git a/doc/functions/gnutls_deinit b/doc/functions/gnutls_deinit index 8331434..2d73753 100644 --- a/doc/functions/gnutls_deinit +++ b/doc/functions/gnutls_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_deinit} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function clears all buffers associated with the @code{session} . This function will also remove session data from the session diff --git a/doc/functions/gnutls_dh_get_group b/doc/functions/gnutls_dh_get_group index 131c9f2..2c8e5e8 100644 --- a/doc/functions/gnutls_dh_get_group +++ b/doc/functions/gnutls_dh_get_group @@ -15,9 +15,6 @@ the generator used. This function should be used for both anonymous and ephemeral Diffie-Hellman. The output parameters must be freed with @code{gnutls_free()} . -Note, that the prime and generator are exported as non-negative -integers and may include a leading zero byte. - @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise an error code is returned. @end deftypefun diff --git a/doc/functions/gnutls_dh_get_pubkey b/doc/functions/gnutls_dh_get_pubkey index 9af9546..b3d3554 100644 --- a/doc/functions/gnutls_dh_get_pubkey +++ b/doc/functions/gnutls_dh_get_pubkey @@ -12,9 +12,6 @@ Diffie-Hellman key exchange. This function should be used for both anonymous and ephemeral Diffie-Hellman. The output parameters must be freed with @code{gnutls_free()} . -Note, that public key is exported as non-negative -integer and may include a leading zero byte. - @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise an error code is returned. @end deftypefun diff --git a/doc/functions/gnutls_dh_params_cpy b/doc/functions/gnutls_dh_params_cpy index cbaa103..83c7f3c 100644 --- a/doc/functions/gnutls_dh_params_cpy +++ b/doc/functions/gnutls_dh_params_cpy @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_dh_params_cpy} (gnutls_dh_params_t @var{dst}, gnutls_dh_params_t @var{src}) -@var{dst}: Is the destination parameters, which should be initialized. +@var{dst}: Is the destination structure, which should be initialized. -@var{src}: Is the source parameters +@var{src}: Is the source structure This function will copy the DH parameters structure from source to destination. diff --git a/doc/functions/gnutls_dh_params_deinit b/doc/functions/gnutls_dh_params_deinit index d97af19..08f58ad 100644 --- a/doc/functions/gnutls_dh_params_deinit +++ b/doc/functions/gnutls_dh_params_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_dh_params_deinit} (gnutls_dh_params_t @var{dh_params}) -@var{dh_params}: The parameters +@var{dh_params}: Is a structure that holds the prime numbers -This function will deinitialize the DH parameters type. +This function will deinitialize the DH parameters structure. @end deftypefun diff --git a/doc/functions/gnutls_dh_params_generate2 b/doc/functions/gnutls_dh_params_generate2 index 48797bd..adc025d 100644 --- a/doc/functions/gnutls_dh_params_generate2 +++ b/doc/functions/gnutls_dh_params_generate2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_dh_params_generate2} (gnutls_dh_params_t @var{dparams}, unsigned int @var{bits}) -@var{dparams}: The parameters +@var{dparams}: Is the structure that the DH parameters will be stored @var{bits}: is the prime's number of bits diff --git a/doc/functions/gnutls_dh_params_import_pkcs3 b/doc/functions/gnutls_dh_params_import_pkcs3 index 511d976..bea046a 100644 --- a/doc/functions/gnutls_dh_params_import_pkcs3 +++ b/doc/functions/gnutls_dh_params_import_pkcs3 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_dh_params_import_pkcs3} (gnutls_dh_params_t @var{params}, const gnutls_datum_t * @var{pkcs3_params}, gnutls_x509_crt_fmt_t @var{format}) -@var{params}: The parameters +@var{params}: A structure where the parameters will be copied to @var{pkcs3_params}: should contain a PKCS3 DHParams structure PEM or DER encoded diff --git a/doc/functions/gnutls_dh_params_import_raw b/doc/functions/gnutls_dh_params_import_raw index 75bb897..6907f75 100644 --- a/doc/functions/gnutls_dh_params_import_raw +++ b/doc/functions/gnutls_dh_params_import_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_dh_params_import_raw} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}) -@var{dh_params}: The parameters +@var{dh_params}: Is a structure that will hold the prime numbers @var{prime}: holds the new prime diff --git a/doc/functions/gnutls_dh_params_import_raw2 b/doc/functions/gnutls_dh_params_import_raw2 deleted file mode 100644 index 9c400c1..0000000 --- a/doc/functions/gnutls_dh_params_import_raw2 +++ /dev/null @@ -1,20 +0,0 @@ - - - - -@deftypefun {int} {gnutls_dh_params_import_raw2} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}, unsigned @var{key_bits}) -@var{dh_params}: The parameters - -@var{prime}: holds the new prime - -@var{generator}: holds the new generator - -@var{key_bits}: the private key bits (set to zero when unknown) - -This function will replace the pair of prime and generator for use -in the Diffie-Hellman key exchange. The new parameters should be -stored in the appropriate gnutls_datum. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, -otherwise a negative error code is returned. -@end deftypefun diff --git a/doc/functions/gnutls_dh_params_import_raw2.short b/doc/functions/gnutls_dh_params_import_raw2.short deleted file mode 100644 index 77b87f6..0000000 --- a/doc/functions/gnutls_dh_params_import_raw2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_dh_params_import_raw2} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}, unsigned @var{key_bits}) diff --git a/doc/functions/gnutls_dh_params_init b/doc/functions/gnutls_dh_params_init index 6a0826a..4a3da58 100644 --- a/doc/functions/gnutls_dh_params_init +++ b/doc/functions/gnutls_dh_params_init @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_dh_params_init} (gnutls_dh_params_t * @var{dh_params}) -@var{dh_params}: The parameters +@var{dh_params}: Is a structure that will hold the prime numbers -This function will initialize the DH parameters type. +This function will initialize the DH parameters structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error code is returned. diff --git a/doc/functions/gnutls_dh_set_prime_bits b/doc/functions/gnutls_dh_set_prime_bits index ef791c4..6cdcb70 100644 --- a/doc/functions/gnutls_dh_set_prime_bits +++ b/doc/functions/gnutls_dh_set_prime_bits @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_dh_set_prime_bits} (gnutls_session_t @var{session}, unsigned int @var{bits}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{bits}: is the number of bits @@ -16,8 +16,8 @@ In the client side it sets the minimum accepted number of bits. If a server sends a prime with less bits than that @code{GNUTLS_E_DH_PRIME_UNACCEPTABLE} will be returned by the handshake. -Note that this function will warn via the audit log for value that -are believed to be weak. +Note that values lower than 512 bits may allow decryption of the +exchanged data. The function has no effect in server side. diff --git a/doc/functions/gnutls_digest_get_id b/doc/functions/gnutls_digest_get_id index 3e3cb1c..beb0497 100644 --- a/doc/functions/gnutls_digest_get_id +++ b/doc/functions/gnutls_digest_get_id @@ -9,5 +9,5 @@ Convert a string to a @code{gnutls_digest_algorithm_t} value. The names are compared in a case insensitive way. @strong{Returns:} a @code{gnutls_digest_algorithm_t} id of the specified MAC -algorithm string, or @code{GNUTLS_DIG_UNKNOWN} on failure. +algorithm string, or @code{GNUTLS_DIG_UNKNOWN} on failures. @end deftypefun diff --git a/doc/functions/gnutls_digest_get_oid b/doc/functions/gnutls_digest_get_oid deleted file mode 100644 index 7633ad4..0000000 --- a/doc/functions/gnutls_digest_get_oid +++ /dev/null @@ -1,14 +0,0 @@ - - - - -@deftypefun {const char *} {gnutls_digest_get_oid} (gnutls_digest_algorithm_t @var{algorithm}) -@var{algorithm}: is a digest algorithm - -Convert a @code{gnutls_digest_algorithm_t} value to its object identifier. - -@strong{Returns:} a string that contains the object identifier of the specified digest -algorithm, or @code{NULL} . - -@strong{Since:} 3.4.3 -@end deftypefun diff --git a/doc/functions/gnutls_digest_get_oid.short b/doc/functions/gnutls_digest_get_oid.short deleted file mode 100644 index a562afe..0000000 --- a/doc/functions/gnutls_digest_get_oid.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{const char *} @ref{gnutls_digest_get_oid} (gnutls_digest_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_dtls_get_data_mtu b/doc/functions/gnutls_dtls_get_data_mtu index 2242070..8869da8 100644 --- a/doc/functions/gnutls_dtls_get_data_mtu +++ b/doc/functions/gnutls_dtls_get_data_mtu @@ -3,7 +3,7 @@ @deftypefun {unsigned int} {gnutls_dtls_get_data_mtu} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function will return the actual maximum transfer unit for application data. I.e. DTLS headers are subtracted from the diff --git a/doc/functions/gnutls_dtls_get_mtu b/doc/functions/gnutls_dtls_get_mtu index cb899fc..aa6d39e 100644 --- a/doc/functions/gnutls_dtls_get_mtu +++ b/doc/functions/gnutls_dtls_get_mtu @@ -3,7 +3,7 @@ @deftypefun {unsigned int} {gnutls_dtls_get_mtu} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function will return the MTU size as set with @code{gnutls_dtls_set_mtu()} . This is not the actual MTU diff --git a/doc/functions/gnutls_dtls_get_timeout b/doc/functions/gnutls_dtls_get_timeout index 8f50a9a..0483fbd 100644 --- a/doc/functions/gnutls_dtls_get_timeout +++ b/doc/functions/gnutls_dtls_get_timeout @@ -3,7 +3,7 @@ @deftypefun {unsigned int} {gnutls_dtls_get_timeout} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function will return the milliseconds remaining for a retransmission of the previously sent handshake diff --git a/doc/functions/gnutls_dtls_set_data_mtu b/doc/functions/gnutls_dtls_set_data_mtu index bcd5245..62700db 100644 --- a/doc/functions/gnutls_dtls_set_data_mtu +++ b/doc/functions/gnutls_dtls_set_data_mtu @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_dtls_set_data_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{mtu}: The maximum unencrypted transfer unit of the session diff --git a/doc/functions/gnutls_dtls_set_mtu b/doc/functions/gnutls_dtls_set_mtu index c59a9eb..e35fd63 100644 --- a/doc/functions/gnutls_dtls_set_mtu +++ b/doc/functions/gnutls_dtls_set_mtu @@ -3,14 +3,14 @@ @deftypefun {void} {gnutls_dtls_set_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{mtu}: The maximum transfer unit of the transport This function will set the maximum transfer unit of the transport that DTLS packets are sent over. Note that this should exclude the IP (or IPv6) and UDP headers. So for DTLS over IPv6 on an -Ethernet device with MTU 1500, the DTLS MTU set with this function +Ethenet device with MTU 1500, the DTLS MTU set with this function would be 1500 - 40 (IPV6 header) - 8 (UDP header) = 1452. @strong{Since:} 3.0 diff --git a/doc/functions/gnutls_dtls_set_timeouts b/doc/functions/gnutls_dtls_set_timeouts index c620ff9..751132f 100644 --- a/doc/functions/gnutls_dtls_set_timeouts +++ b/doc/functions/gnutls_dtls_set_timeouts @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_dtls_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{retrans_timeout}: The time at which a retransmission will occur in milliseconds @@ -16,7 +16,10 @@ be retransmitted. The total timeout is the time after which the handshake will be aborted with @code{GNUTLS_E_TIMEDOUT} . The DTLS protocol recommends the values of 1 sec and 60 seconds -respectively, and these are the default values. +respectively. + +If the retransmission timeout is zero then the handshake will operate +in a non-blocking way, i.e., return @code{GNUTLS_E_AGAIN} . To disable retransmissions set a @code{retrans_timeout} larger than the @code{total_timeout} . diff --git a/doc/functions/gnutls_ecc_curve_get b/doc/functions/gnutls_ecc_curve_get index 04ad9b7..6d981b6 100644 --- a/doc/functions/gnutls_ecc_curve_get +++ b/doc/functions/gnutls_ecc_curve_get @@ -3,7 +3,7 @@ @deftypefun {gnutls_ecc_curve_t} {gnutls_ecc_curve_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Returns the currently used elliptic curve. Only valid when using an elliptic curve ciphersuite. diff --git a/doc/functions/gnutls_ecc_curve_get_id b/doc/functions/gnutls_ecc_curve_get_id deleted file mode 100644 index 98ec51c..0000000 --- a/doc/functions/gnutls_ecc_curve_get_id +++ /dev/null @@ -1,14 +0,0 @@ - - - - -@deftypefun {gnutls_ecc_curve_t} {gnutls_ecc_curve_get_id} (const char * @var{name}) -@var{name}: is a curve name - -The names are compared in a case insensitive way. - -@strong{Returns:} return a @code{gnutls_ecc_curve_t} value corresponding to -the specified curve, or @code{GNUTLS_ECC_CURVE_INVALID} on error. - -@strong{Since:} 3.4.3 -@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_get_id.short b/doc/functions/gnutls_ecc_curve_get_id.short deleted file mode 100644 index 681ff64..0000000 --- a/doc/functions/gnutls_ecc_curve_get_id.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{gnutls_ecc_curve_t} @ref{gnutls_ecc_curve_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_ecc_curve_get_oid b/doc/functions/gnutls_ecc_curve_get_oid deleted file mode 100644 index 6c1fb57..0000000 --- a/doc/functions/gnutls_ecc_curve_get_oid +++ /dev/null @@ -1,14 +0,0 @@ - - - - -@deftypefun {const char *} {gnutls_ecc_curve_get_oid} (gnutls_ecc_curve_t @var{curve}) -@var{curve}: is an ECC curve - -Convert a @code{gnutls_ecc_curve_t} value to its object identifier. - -@strong{Returns:} a string that contains the OID of the specified -curve or @code{NULL} . - -@strong{Since:} 3.4.3 -@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_get_oid.short b/doc/functions/gnutls_ecc_curve_get_oid.short deleted file mode 100644 index a9309dc..0000000 --- a/doc/functions/gnutls_ecc_curve_get_oid.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{const char *} @ref{gnutls_ecc_curve_get_oid} (gnutls_ecc_curve_t @var{curve}) diff --git a/doc/functions/gnutls_error_is_fatal b/doc/functions/gnutls_error_is_fatal index 3f389ec..8986bdd 100644 --- a/doc/functions/gnutls_error_is_fatal +++ b/doc/functions/gnutls_error_is_fatal @@ -17,5 +17,6 @@ This function is only useful if you are dealing with errors from functions that relate to a TLS session (e.g., record layer or handshake layer handling functions). -@strong{Returns:} Non-zero value on fatal errors or zero on non-fatal. +@strong{Returns:} zero on non fatal errors or positive @code{error} values. Non-zero +on fatal error codes. @end deftypefun diff --git a/doc/functions/gnutls_ext_get_data b/doc/functions/gnutls_ext_get_data deleted file mode 100644 index cda3ba5..0000000 --- a/doc/functions/gnutls_ext_get_data +++ /dev/null @@ -1,17 +0,0 @@ - - - - -@deftypefun {int} {gnutls_ext_get_data} (gnutls_session_t @var{session}, unsigned @var{type}, gnutls_ext_priv_data_t * @var{data}) -@var{session}: a @code{gnutls_session_t} opaque pointer - -@var{type}: the numeric id of the extension - -@var{data}: a pointer to the private data to retrieve - -This function retrieves any data previously stored with @code{gnutls_ext_set_data()} . - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_ext_get_data.short b/doc/functions/gnutls_ext_get_data.short deleted file mode 100644 index 7e81ad5..0000000 --- a/doc/functions/gnutls_ext_get_data.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_ext_get_data} (gnutls_session_t @var{session}, unsigned @var{type}, gnutls_ext_priv_data_t * @var{data}) diff --git a/doc/functions/gnutls_ext_register b/doc/functions/gnutls_ext_register deleted file mode 100644 index e871ace..0000000 --- a/doc/functions/gnutls_ext_register +++ /dev/null @@ -1,35 +0,0 @@ - - - - -@deftypefun {int} {gnutls_ext_register} (const char * @var{name}, int @var{type}, gnutls_ext_parse_type_t @var{parse_type}, gnutls_ext_recv_func @var{recv_func}, gnutls_ext_send_func @var{send_func}, gnutls_ext_deinit_data_func @var{deinit_func}, gnutls_ext_pack_func @var{pack_func}, gnutls_ext_unpack_func @var{unpack_func}) -@var{name}: the name of the extension to register - -@var{type}: the numeric id of the extension - -@var{parse_type}: the parse type of the extension (see gnutls_ext_parse_type_t) - -@var{recv_func}: a function to receive the data - -@var{send_func}: a function to send the data - -@var{deinit_func}: a function deinitialize any private data - -@var{pack_func}: a function which serializes the extension's private data (used on session packing for resumption) - -@var{unpack_func}: a function which will deserialize the extension's private data - -This function will register a new extension type. The extension will remain -registered until @code{gnutls_global_deinit()} is called. If the extension type -is already registered then @code{GNUTLS_E_ALREADY_REGISTERED} will be returned. - -Each registered extension can store temporary data into the gnutls_session_t -structure using @code{gnutls_ext_set_data()} , and they can be retrieved using -@code{gnutls_ext_get_data()} . - -This function is not thread safe. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_ext_register.short b/doc/functions/gnutls_ext_register.short deleted file mode 100644 index da32699..0000000 --- a/doc/functions/gnutls_ext_register.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_ext_register} (const char * @var{name}, int @var{type}, gnutls_ext_parse_type_t @var{parse_type}, gnutls_ext_recv_func @var{recv_func}, gnutls_ext_send_func @var{send_func}, gnutls_ext_deinit_data_func @var{deinit_func}, gnutls_ext_pack_func @var{pack_func}, gnutls_ext_unpack_func @var{unpack_func}) diff --git a/doc/functions/gnutls_ext_set_data b/doc/functions/gnutls_ext_set_data deleted file mode 100644 index f099e1b..0000000 --- a/doc/functions/gnutls_ext_set_data +++ /dev/null @@ -1,17 +0,0 @@ - - - - -@deftypefun {void} {gnutls_ext_set_data} (gnutls_session_t @var{session}, unsigned @var{type}, gnutls_ext_priv_data_t @var{data}) -@var{session}: a @code{gnutls_session_t} opaque pointer - -@var{type}: the numeric id of the extension - -@var{data}: the private data to set - -This function allows an extension handler to store data in the current session -and retrieve them later on. The set data will be deallocated using -the gnutls_ext_deinit_data_func. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_ext_set_data.short b/doc/functions/gnutls_ext_set_data.short deleted file mode 100644 index 44bbd65..0000000 --- a/doc/functions/gnutls_ext_set_data.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_ext_set_data} (gnutls_session_t @var{session}, unsigned @var{type}, gnutls_ext_priv_data_t @var{data}) diff --git a/doc/functions/gnutls_global_init b/doc/functions/gnutls_global_init index 78499ac..70e4a53 100644 --- a/doc/functions/gnutls_global_init +++ b/doc/functions/gnutls_global_init @@ -17,10 +17,9 @@ GnuTLS is used by more than one library in an application. This function can be called many times, but will only do something the first time. -Since GnuTLS 3.3.0 this function is automatically called on library -constructor. Since the same version this function is also thread safe. -The automatic initialization can be avoided if the environment variable -@code{GNUTLS_NO_EXPLICIT_INIT} is set to be 1. +Since GnuTLS 3.3.0 this function is only required in systems that +do not support library constructors and static linking. This +function also became thread safe. A subsequent call of this function if the initial has failed will return the same error code. diff --git a/doc/functions/gnutls_global_set_mem_functions b/doc/functions/gnutls_global_set_mem_functions index 78aaf50..9cb725e 100644 --- a/doc/functions/gnutls_global_set_mem_functions +++ b/doc/functions/gnutls_global_set_mem_functions @@ -1,6 +1,7 @@ + @deftypefun {void} {gnutls_global_set_mem_functions} (gnutls_alloc_function @var{alloc_func}, gnutls_alloc_function @var{secure_alloc_func}, gnutls_is_secure_function @var{is_secure_func}, gnutls_realloc_function @var{realloc_func}, gnutls_free_function @var{free_func}) @var{alloc_func}: it's the default memory allocation function. Like @code{malloc()} . diff --git a/doc/functions/gnutls_global_set_mutex b/doc/functions/gnutls_global_set_mutex index af8b87e..4314881 100644 --- a/doc/functions/gnutls_global_set_mutex +++ b/doc/functions/gnutls_global_set_mutex @@ -14,7 +14,7 @@ With this function you are allowed to override the default mutex locks used in some parts of gnutls and dependent libraries. This function should be used if you have complete control of your program and libraries. -Do not call this function from a library, or preferably from any application +Do not call this function from a library, or preferrably from any application unless really needed to. GnuTLS will use the appropriate locks for the running system. diff --git a/doc/functions/gnutls_handshake b/doc/functions/gnutls_handshake index daa8c8e..088079c 100644 --- a/doc/functions/gnutls_handshake +++ b/doc/functions/gnutls_handshake @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_handshake} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function does the handshake of the TLS/SSL protocol, and initializes the TLS connection. @@ -13,28 +13,19 @@ return a negative error code. In case of a client, if the client has asked to resume a session, but the server couldn't, then a full handshake will be performed. -The non-fatal errors expected by this function are: -@code{GNUTLS_E_INTERRUPTED} , @code{GNUTLS_E_AGAIN} , -@code{GNUTLS_E_WARNING_ALERT_RECEIVED} , and @code{GNUTLS_E_GOT_APPLICATION_DATA} , -the latter only in a case of rehandshake. - -The former two interrupt the handshake procedure due to the lower -layer being interrupted, and the latter because of an alert that -may be sent by a server (it is always a good idea to check any -received alerts). On these errors call this function again, until it +The non-fatal errors such as @code{GNUTLS_E_AGAIN} and +@code{GNUTLS_E_INTERRUPTED} interrupt the handshake procedure, which +should be resumed later. Call this function again, until it returns 0; cf. @code{gnutls_record_get_direction()} and -@code{gnutls_error_is_fatal()} . In DTLS sessions the non-fatal error -@code{GNUTLS_E_LARGE_PACKET} is also possible, and indicates that -the MTU should be adjusted. +@code{gnutls_error_is_fatal()} . If this function is called by a server after a rehandshake request then @code{GNUTLS_E_GOT_APPLICATION_DATA} or @code{GNUTLS_E_WARNING_ALERT_RECEIVED} may be returned. Note that these are non fatal errors, only in the specific case of a rehandshake. Their meaning is that the client rejected the rehandshake request or -in the case of @code{GNUTLS_E_GOT_APPLICATION_DATA} it could also mean that -some data were pending. A client may receive that error code if -it initiates the handshake and the server doesn't agreed. +in the case of @code{GNUTLS_E_GOT_APPLICATION_DATA} it might also mean that +some data were pending. @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. @end deftypefun diff --git a/doc/functions/gnutls_handshake_get_last_in b/doc/functions/gnutls_handshake_get_last_in index 3c5d8e4..cd26008 100644 --- a/doc/functions/gnutls_handshake_get_last_in +++ b/doc/functions/gnutls_handshake_get_last_in @@ -3,7 +3,7 @@ @deftypefun {gnutls_handshake_description_t} {gnutls_handshake_get_last_in} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function is only useful to check where the last performed handshake failed. If the previous handshake succeed or was not diff --git a/doc/functions/gnutls_handshake_get_last_out b/doc/functions/gnutls_handshake_get_last_out index 5d36300..730926f 100644 --- a/doc/functions/gnutls_handshake_get_last_out +++ b/doc/functions/gnutls_handshake_get_last_out @@ -3,7 +3,7 @@ @deftypefun {gnutls_handshake_description_t} {gnutls_handshake_get_last_out} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function is only useful to check where the last performed handshake failed. If the previous handshake succeed or was not diff --git a/doc/functions/gnutls_handshake_set_hook_function b/doc/functions/gnutls_handshake_set_hook_function index b0455ee..430f3d4 100644 --- a/doc/functions/gnutls_handshake_set_hook_function +++ b/doc/functions/gnutls_handshake_set_hook_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_handshake_set_hook_function} (gnutls_session_t @var{session}, unsigned int @var{htype}, int @var{post}, gnutls_handshake_hook_func @var{func}) -@var{session}: is a @code{gnutls_session_t} type +@var{session}: is a @code{gnutls_session_t} structure @var{htype}: the @code{gnutls_handshake_description_t} of the message to hook at diff --git a/doc/functions/gnutls_handshake_set_max_packet_length b/doc/functions/gnutls_handshake_set_max_packet_length index bbed256..bb09995 100644 --- a/doc/functions/gnutls_handshake_set_max_packet_length +++ b/doc/functions/gnutls_handshake_set_max_packet_length @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_handshake_set_max_packet_length} (gnutls_session_t @var{session}, size_t @var{max}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{max}: is the maximum number. diff --git a/doc/functions/gnutls_handshake_set_post_client_hello_function b/doc/functions/gnutls_handshake_set_post_client_hello_function index fbc8074..58f7ac4 100644 --- a/doc/functions/gnutls_handshake_set_post_client_hello_function +++ b/doc/functions/gnutls_handshake_set_post_client_hello_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_handshake_set_post_client_hello_function} (gnutls_session_t @var{session}, gnutls_handshake_post_client_hello_func @var{func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{func}: is the function to be called diff --git a/doc/functions/gnutls_handshake_set_private_extensions b/doc/functions/gnutls_handshake_set_private_extensions index 2805ecf..f9d7091 100644 --- a/doc/functions/gnutls_handshake_set_private_extensions +++ b/doc/functions/gnutls_handshake_set_private_extensions @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_handshake_set_private_extensions} (gnutls_session_t @var{session}, int @var{allow}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{allow}: is an integer (0 or 1) diff --git a/doc/functions/gnutls_handshake_set_random b/doc/functions/gnutls_handshake_set_random index 3ab3d2b..df25ac2 100644 --- a/doc/functions/gnutls_handshake_set_random +++ b/doc/functions/gnutls_handshake_set_random @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_handshake_set_random} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{random}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{random}: a random value of 32-bytes diff --git a/doc/functions/gnutls_handshake_set_timeout b/doc/functions/gnutls_handshake_set_timeout index 52854d3..0a11ec1 100644 --- a/doc/functions/gnutls_handshake_set_timeout +++ b/doc/functions/gnutls_handshake_set_timeout @@ -3,18 +3,13 @@ @deftypefun {void} {gnutls_handshake_set_timeout} (gnutls_session_t @var{session}, unsigned int @var{ms}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{ms}: is a timeout value in milliseconds -This function sets the timeout for the TLS handshake process +This function sets the timeout for the handshake process to the provided value. Use an @code{ms} value of zero to disable -timeout, or @code{GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT} for a reasonable -default value. For the DTLS protocol, the more detailed -@code{gnutls_dtls_set_timeouts()} is provided. - -This function requires to set a pull timeout callback. See -@code{gnutls_transport_set_pull_timeout_function()} . +timeout. @strong{Since:} 3.1.0 @end deftypefun diff --git a/doc/functions/gnutls_hash b/doc/functions/gnutls_hash index 6d314b5..5dd5e23 100644 --- a/doc/functions/gnutls_hash +++ b/doc/functions/gnutls_hash @@ -2,12 +2,12 @@ -@deftypefun {int} {gnutls_hash} (gnutls_hash_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) -@var{handle}: is a @code{gnutls_hash_hd_t} type +@deftypefun {int} {gnutls_hash} (gnutls_hash_hd_t @var{handle}, const void * @var{text}, size_t @var{textlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. -@var{ptext}: the data to hash +@var{text}: the data to hash -@var{ptext_len}: the length of data to hash +@var{textlen}: The length of data to hash This function will hash the given data using the algorithm specified by the context. diff --git a/doc/functions/gnutls_hash.short b/doc/functions/gnutls_hash.short index c2bbe7c..ecf1e50 100644 --- a/doc/functions/gnutls_hash.short +++ b/doc/functions/gnutls_hash.short @@ -1 +1 @@ -@item @var{int} @ref{gnutls_hash} (gnutls_hash_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) +@item @var{int} @ref{gnutls_hash} (gnutls_hash_hd_t @var{handle}, const void * @var{text}, size_t @var{textlen}) diff --git a/doc/functions/gnutls_hash_deinit b/doc/functions/gnutls_hash_deinit index d47b943..8d40359 100644 --- a/doc/functions/gnutls_hash_deinit +++ b/doc/functions/gnutls_hash_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_hash_deinit} (gnutls_hash_hd_t @var{handle}, void * @var{digest}) -@var{handle}: is a @code{gnutls_hash_hd_t} type +@var{handle}: is a @code{gnutls_hash_hd_t} structure. @var{digest}: is the output value of the hash diff --git a/doc/functions/gnutls_hash_fast b/doc/functions/gnutls_hash_fast index 329635f..c81e8e9 100644 --- a/doc/functions/gnutls_hash_fast +++ b/doc/functions/gnutls_hash_fast @@ -2,12 +2,12 @@ -@deftypefun {int} {gnutls_hash_fast} (gnutls_digest_algorithm_t @var{algorithm}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) +@deftypefun {int} {gnutls_hash_fast} (gnutls_digest_algorithm_t @var{algorithm}, const void * @var{text}, size_t @var{textlen}, void * @var{digest}) @var{algorithm}: the hash algorithm to use -@var{ptext}: the data to hash +@var{text}: the data to hash -@var{ptext_len}: the length of data to hash +@var{textlen}: The length of data to hash @var{digest}: is the output value of the hash diff --git a/doc/functions/gnutls_hash_fast.short b/doc/functions/gnutls_hash_fast.short index c4f7a1c..6bf3f5a 100644 --- a/doc/functions/gnutls_hash_fast.short +++ b/doc/functions/gnutls_hash_fast.short @@ -1 +1 @@ -@item @var{int} @ref{gnutls_hash_fast} (gnutls_digest_algorithm_t @var{algorithm}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) +@item @var{int} @ref{gnutls_hash_fast} (gnutls_digest_algorithm_t @var{algorithm}, const void * @var{text}, size_t @var{textlen}, void * @var{digest}) diff --git a/doc/functions/gnutls_hash_init b/doc/functions/gnutls_hash_init index d253c84..c97940d 100644 --- a/doc/functions/gnutls_hash_init +++ b/doc/functions/gnutls_hash_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_hash_init} (gnutls_hash_hd_t * @var{dig}, gnutls_digest_algorithm_t @var{algorithm}) -@var{dig}: is a @code{gnutls_hash_hd_t} type +@var{dig}: is a @code{gnutls_hash_hd_t} structure. @var{algorithm}: the hash algorithm to use diff --git a/doc/functions/gnutls_hash_output b/doc/functions/gnutls_hash_output index c3a4557..a530e48 100644 --- a/doc/functions/gnutls_hash_output +++ b/doc/functions/gnutls_hash_output @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_hash_output} (gnutls_hash_hd_t @var{handle}, void * @var{digest}) -@var{handle}: is a @code{gnutls_hash_hd_t} type +@var{handle}: is a @code{gnutls_hash_hd_t} structure. @var{digest}: is the output value of the hash diff --git a/doc/functions/gnutls_heartbeat_allowed b/doc/functions/gnutls_heartbeat_allowed index 420e252..2b98423 100644 --- a/doc/functions/gnutls_heartbeat_allowed +++ b/doc/functions/gnutls_heartbeat_allowed @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_heartbeat_allowed} (gnutls_session_t @var{session}, unsigned int @var{type}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{type}: one of @code{GNUTLS_HB_LOCAL_ALLOWED_TO_SEND} and @code{GNUTLS_HB_PEER_ALLOWED_TO_SEND} diff --git a/doc/functions/gnutls_heartbeat_enable b/doc/functions/gnutls_heartbeat_enable index 1630fc0..e50d595 100644 --- a/doc/functions/gnutls_heartbeat_enable +++ b/doc/functions/gnutls_heartbeat_enable @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_heartbeat_enable} (gnutls_session_t @var{session}, unsigned int @var{type}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{type}: one of the GNUTLS_HB_* flags diff --git a/doc/functions/gnutls_heartbeat_get_timeout b/doc/functions/gnutls_heartbeat_get_timeout index 23d7f97..8833af9 100644 --- a/doc/functions/gnutls_heartbeat_get_timeout +++ b/doc/functions/gnutls_heartbeat_get_timeout @@ -3,7 +3,7 @@ @deftypefun {unsigned int} {gnutls_heartbeat_get_timeout} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function will return the milliseconds remaining for a retransmission of the previously sent ping diff --git a/doc/functions/gnutls_heartbeat_ping b/doc/functions/gnutls_heartbeat_ping index 2f0a590..34368a5 100644 --- a/doc/functions/gnutls_heartbeat_ping +++ b/doc/functions/gnutls_heartbeat_ping @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_heartbeat_ping} (gnutls_session_t @var{session}, size_t @var{data_size}, unsigned int @var{max_tries}, unsigned int @var{flags}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{data_size}: is the length of the ping payload. diff --git a/doc/functions/gnutls_heartbeat_pong b/doc/functions/gnutls_heartbeat_pong index d8ffc26..383809c 100644 --- a/doc/functions/gnutls_heartbeat_pong +++ b/doc/functions/gnutls_heartbeat_pong @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_heartbeat_pong} (gnutls_session_t @var{session}, unsigned int @var{flags}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{flags}: should be zero diff --git a/doc/functions/gnutls_heartbeat_set_timeouts b/doc/functions/gnutls_heartbeat_set_timeouts index c45a16b..6032f64 100644 --- a/doc/functions/gnutls_heartbeat_set_timeouts +++ b/doc/functions/gnutls_heartbeat_set_timeouts @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_heartbeat_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{retrans_timeout}: The time at which a retransmission will occur in milliseconds @@ -15,5 +15,8 @@ message from the peer is not received, the previous request will be retransmitted. The total timeout is the time after which the handshake will be aborted with @code{GNUTLS_E_TIMEDOUT} . +If the retransmission timeout is zero then the handshake will operate +in a non-blocking way, i.e., return @code{GNUTLS_E_AGAIN} . + @strong{Since:} 3.1.2 @end deftypefun diff --git a/doc/functions/gnutls_hex2bin b/doc/functions/gnutls_hex2bin index 1207cc2..d73ef13 100644 --- a/doc/functions/gnutls_hex2bin +++ b/doc/functions/gnutls_hex2bin @@ -12,9 +12,7 @@ @var{bin_size}: when calling should hold maximum size of @code{bin_data} , on return will hold actual length of @code{bin_data} . -Convert a buffer with hex data to binary data. This function -unlike @code{gnutls_hex_decode()} can parse hex data with separators -between numbers. That is, it ignores any non-hex characters. +Convert a buffer with hex data to binary data. @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. diff --git a/doc/functions/gnutls_hex_decode b/doc/functions/gnutls_hex_decode index 81f6fc7..18dd5ac 100644 --- a/doc/functions/gnutls_hex_decode +++ b/doc/functions/gnutls_hex_decode @@ -12,9 +12,8 @@ This function will decode the given encoded data, using the hex encoding used by PSK password files. -Initially @code{result_size} must hold the maximum size available in - @code{result} , and on return it will contain the number of bytes written. +Note that hex_data should be null terminated. @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not -long enough, @code{GNUTLS_E_PARSING_ERROR} on invalid hex data, or 0 on success. +long enough, or 0 on success. @end deftypefun diff --git a/doc/functions/gnutls_hex_decode2 b/doc/functions/gnutls_hex_decode2 deleted file mode 100644 index da8d8e2..0000000 --- a/doc/functions/gnutls_hex_decode2 +++ /dev/null @@ -1,14 +0,0 @@ - - - - -@deftypefun {int} {gnutls_hex_decode2} (const gnutls_datum_t * @var{hex_data}, gnutls_datum_t * @var{result}) -@var{hex_data}: contain the encoded data - -@var{result}: the result in an allocated string - -This function will decode the given encoded data, using the hex -encoding used by PSK password files. - -@strong{Returns:} @code{GNUTLS_E_PARSING_ERROR} on invalid hex data, or 0 on success. -@end deftypefun diff --git a/doc/functions/gnutls_hex_decode2.short b/doc/functions/gnutls_hex_decode2.short deleted file mode 100644 index 677adff..0000000 --- a/doc/functions/gnutls_hex_decode2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_hex_decode2} (const gnutls_datum_t * @var{hex_data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_hex_encode2 b/doc/functions/gnutls_hex_encode2 deleted file mode 100644 index 93bd082..0000000 --- a/doc/functions/gnutls_hex_encode2 +++ /dev/null @@ -1,16 +0,0 @@ - - - - -@deftypefun {int} {gnutls_hex_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) -@var{data}: contain the raw data - -@var{result}: the result in an allocated string - -This function will convert the given data to printable data, using -the hex encoding, as used in the PSK password files. - -Note that the size of the result does NOT include the null terminator. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. -@end deftypefun diff --git a/doc/functions/gnutls_hex_encode2.short b/doc/functions/gnutls_hex_encode2.short deleted file mode 100644 index d813940..0000000 --- a/doc/functions/gnutls_hex_encode2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_hex_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_hmac b/doc/functions/gnutls_hmac index a0076d6..1c67ef2 100644 --- a/doc/functions/gnutls_hmac +++ b/doc/functions/gnutls_hmac @@ -2,12 +2,12 @@ -@deftypefun {int} {gnutls_hmac} (gnutls_hmac_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) -@var{handle}: is a @code{gnutls_hmac_hd_t} type +@deftypefun {int} {gnutls_hmac} (gnutls_hmac_hd_t @var{handle}, const void * @var{text}, size_t @var{textlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. -@var{ptext}: the data to hash +@var{text}: the data to hash -@var{ptext_len}: the length of data to hash +@var{textlen}: The length of data to hash This function will hash the given data using the algorithm specified by the context. diff --git a/doc/functions/gnutls_hmac.short b/doc/functions/gnutls_hmac.short index 8430351..0cb68e4 100644 --- a/doc/functions/gnutls_hmac.short +++ b/doc/functions/gnutls_hmac.short @@ -1 +1 @@ -@item @var{int} @ref{gnutls_hmac} (gnutls_hmac_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) +@item @var{int} @ref{gnutls_hmac} (gnutls_hmac_hd_t @var{handle}, const void * @var{text}, size_t @var{textlen}) diff --git a/doc/functions/gnutls_hmac_deinit b/doc/functions/gnutls_hmac_deinit index dd813b0..835ba09 100644 --- a/doc/functions/gnutls_hmac_deinit +++ b/doc/functions/gnutls_hmac_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_hmac_deinit} (gnutls_hmac_hd_t @var{handle}, void * @var{digest}) -@var{handle}: is a @code{gnutls_hmac_hd_t} type +@var{handle}: is a @code{gnutls_hmac_hd_t} structure. @var{digest}: is the output value of the MAC diff --git a/doc/functions/gnutls_hmac_fast b/doc/functions/gnutls_hmac_fast index a461144..a4f4508 100644 --- a/doc/functions/gnutls_hmac_fast +++ b/doc/functions/gnutls_hmac_fast @@ -2,16 +2,16 @@ -@deftypefun {int} {gnutls_hmac_fast} (gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) +@deftypefun {int} {gnutls_hmac_fast} (gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}, const void * @var{text}, size_t @var{textlen}, void * @var{digest}) @var{algorithm}: the hash algorithm to use @var{key}: the key to use -@var{keylen}: the length of the key +@var{keylen}: The length of the key -@var{ptext}: the data to hash +@var{text}: the data to hash -@var{ptext_len}: the length of data to hash +@var{textlen}: The length of data to hash @var{digest}: is the output value of the hash diff --git a/doc/functions/gnutls_hmac_fast.short b/doc/functions/gnutls_hmac_fast.short index 010bdaa..12b7741 100644 --- a/doc/functions/gnutls_hmac_fast.short +++ b/doc/functions/gnutls_hmac_fast.short @@ -1 +1 @@ -@item @var{int} @ref{gnutls_hmac_fast} (gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) +@item @var{int} @ref{gnutls_hmac_fast} (gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}, const void * @var{text}, size_t @var{textlen}, void * @var{digest}) diff --git a/doc/functions/gnutls_hmac_init b/doc/functions/gnutls_hmac_init index 7058511..37ea7c1 100644 --- a/doc/functions/gnutls_hmac_init +++ b/doc/functions/gnutls_hmac_init @@ -3,13 +3,13 @@ @deftypefun {int} {gnutls_hmac_init} (gnutls_hmac_hd_t * @var{dig}, gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}) -@var{dig}: is a @code{gnutls_hmac_hd_t} type +@var{dig}: is a @code{gnutls_hmac_hd_t} structure. @var{algorithm}: the HMAC algorithm to use -@var{key}: the key to be used for encryption +@var{key}: The key to be used for encryption -@var{keylen}: the length of the key +@var{keylen}: The length of the key This function will initialize an context that can be used to produce a Message Authentication Code (MAC) of data. This will diff --git a/doc/functions/gnutls_hmac_output b/doc/functions/gnutls_hmac_output index a2fbaef..b9b4a9c 100644 --- a/doc/functions/gnutls_hmac_output +++ b/doc/functions/gnutls_hmac_output @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_hmac_output} (gnutls_hmac_hd_t @var{handle}, void * @var{digest}) -@var{handle}: is a @code{gnutls_hmac_hd_t} type +@var{handle}: is a @code{gnutls_hmac_hd_t} structure. @var{digest}: is the output value of the MAC diff --git a/doc/functions/gnutls_hmac_set_nonce b/doc/functions/gnutls_hmac_set_nonce index ae38bc2..ceecd3f 100644 --- a/doc/functions/gnutls_hmac_set_nonce +++ b/doc/functions/gnutls_hmac_set_nonce @@ -3,11 +3,11 @@ @deftypefun {void} {gnutls_hmac_set_nonce} (gnutls_hmac_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}) -@var{handle}: is a @code{gnutls_hmac_hd_t} type +@var{handle}: is a @code{gnutls_cipher_hd_t} structure. @var{nonce}: the data to set as nonce -@var{nonce_len}: the length of data +@var{nonce_len}: The length of data This function will set the nonce in the MAC algorithm. diff --git a/doc/functions/gnutls_init b/doc/functions/gnutls_init index d1ed40a..b20ee73 100644 --- a/doc/functions/gnutls_init +++ b/doc/functions/gnutls_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_init} (gnutls_session_t * @var{session}, unsigned int @var{flags}) -@var{session}: is a pointer to a @code{gnutls_session_t} type. +@var{session}: is a pointer to a @code{gnutls_session_t} structure. @var{flags}: indicate if this session is to be used for server or client. @@ -12,8 +12,10 @@ session must be initialized before use, so internal structures can be allocated. This function allocates structures which can only be free'd by calling @code{gnutls_deinit()} . Returns @code{GNUTLS_E_SUCCESS} (0) on success. - @code{flags} can be one of @code{GNUTLS_CLIENT} , @code{GNUTLS_SERVER} , @code{GNUTLS_DATAGRAM} , -@code{GNUTLS_NONBLOCK} or @code{GNUTLS_NOSIGNAL} (since 3.4.2). + @code{flags} can be one of @code{GNUTLS_CLIENT} and @code{GNUTLS_SERVER} . For a DTLS +entity, the flags @code{GNUTLS_DATAGRAM} and @code{GNUTLS_NONBLOCK} are +also available. The latter flag will enable a non-blocking +operation of the DTLS timers. The flag @code{GNUTLS_NO_REPLAY_PROTECTION} will disable any replay protection in DTLS mode. That must only used when diff --git a/doc/functions/gnutls_key_generate b/doc/functions/gnutls_key_generate index 930b617..b1053da 100644 --- a/doc/functions/gnutls_key_generate +++ b/doc/functions/gnutls_key_generate @@ -4,9 +4,9 @@ @deftypefun {int} {gnutls_key_generate} (gnutls_datum_t * @var{key}, unsigned int @var{key_size}) @var{key}: is a pointer to a @code{gnutls_datum_t} which will contain a newly -created key +created key. -@var{key_size}: the number of bytes of the key +@var{key_size}: The number of bytes of the key. Generates a random key of @code{key_size} bytes. diff --git a/doc/functions/gnutls_kx_get b/doc/functions/gnutls_kx_get index d6d2c85..63702a8 100644 --- a/doc/functions/gnutls_kx_get +++ b/doc/functions/gnutls_kx_get @@ -3,7 +3,7 @@ @deftypefun {gnutls_kx_algorithm_t} {gnutls_kx_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get currently used key exchange algorithm. diff --git a/doc/functions/gnutls_kx_set_priority b/doc/functions/gnutls_kx_set_priority new file mode 100644 index 0000000..847b107 --- /dev/null +++ b/doc/functions/gnutls_kx_set_priority @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_kx_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) +@var{session}: is a @code{gnutls_session_t} structure. + +@var{list}: is a 0 terminated list of gnutls_kx_algorithm_t elements. + +Sets the priority on the key exchange algorithms supported by +gnutls. Priority is higher for elements specified before others. +After specifying the algorithms you want, you must append a 0. +Note that the priority is set on the client. The server does not +use the algorithm's priority except for disabling algorithms that +were not specified. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_kx_set_priority.short b/doc/functions/gnutls_kx_set_priority.short new file mode 100644 index 0000000..80717f7 --- /dev/null +++ b/doc/functions/gnutls_kx_set_priority.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_kx_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) diff --git a/doc/functions/gnutls_mac_get b/doc/functions/gnutls_mac_get index b02b9e8..7b68d94 100644 --- a/doc/functions/gnutls_mac_get +++ b/doc/functions/gnutls_mac_get @@ -3,7 +3,7 @@ @deftypefun {gnutls_mac_algorithm_t} {gnutls_mac_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get currently used MAC algorithm. diff --git a/doc/functions/gnutls_mac_get_id b/doc/functions/gnutls_mac_get_id index 8022d84..f002c44 100644 --- a/doc/functions/gnutls_mac_get_id +++ b/doc/functions/gnutls_mac_get_id @@ -9,5 +9,5 @@ Convert a string to a @code{gnutls_mac_algorithm_t} value. The names are compared in a case insensitive way. @strong{Returns:} a @code{gnutls_mac_algorithm_t} id of the specified MAC -algorithm string, or @code{GNUTLS_MAC_UNKNOWN} on failure. +algorithm string, or @code{GNUTLS_MAC_UNKNOWN} on failures. @end deftypefun diff --git a/doc/functions/gnutls_mac_set_priority b/doc/functions/gnutls_mac_set_priority new file mode 100644 index 0000000..57c519f --- /dev/null +++ b/doc/functions/gnutls_mac_set_priority @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_mac_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) +@var{session}: is a @code{gnutls_session_t} structure. + +@var{list}: is a 0 terminated list of gnutls_mac_algorithm_t elements. + +Sets the priority on the mac algorithms supported by gnutls. +Priority is higher for elements specified before others. After +specifying the algorithms you want, you must append a 0. Note +that the priority is set on the client. The server does not use +the algorithm's priority except for disabling algorithms that were +not specified. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_mac_set_priority.short b/doc/functions/gnutls_mac_set_priority.short new file mode 100644 index 0000000..71e7382 --- /dev/null +++ b/doc/functions/gnutls_mac_set_priority.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_mac_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) diff --git a/doc/functions/gnutls_memcmp b/doc/functions/gnutls_memcmp deleted file mode 100644 index 03baf31..0000000 --- a/doc/functions/gnutls_memcmp +++ /dev/null @@ -1,19 +0,0 @@ - - - - -@deftypefun {int} {gnutls_memcmp} (const void * @var{s1}, const void * @var{s2}, size_t @var{n}) -@var{s1}: the first address to compare - -@var{s2}: the second address to compare - -@var{n}: the size of memory to compare - -This function will operate similarly to @code{memcmp()} , but will operate -on time that depends only on the size of the string. That is will -not return early if the strings don't match on the first byte. - -@strong{Returns:} non zero on difference and zero if the buffers are identical. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_memcmp.short b/doc/functions/gnutls_memcmp.short deleted file mode 100644 index fbd757c..0000000 --- a/doc/functions/gnutls_memcmp.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_memcmp} (const void * @var{s1}, const void * @var{s2}, size_t @var{n}) diff --git a/doc/functions/gnutls_memset b/doc/functions/gnutls_memset deleted file mode 100644 index 7e49201..0000000 --- a/doc/functions/gnutls_memset +++ /dev/null @@ -1,18 +0,0 @@ - - - - -@deftypefun {void} {gnutls_memset} (void * @var{data}, int @var{c}, size_t @var{size}) -@var{data}: the memory to set - -@var{c}: the constant byte to fill the memory with - -@var{size}: the size of memory - -This function will operate similarly to @code{memset()} , but will -not be optimized out by the compiler. - -@strong{Returns:} void. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_memset.short b/doc/functions/gnutls_memset.short deleted file mode 100644 index 9a66fa5..0000000 --- a/doc/functions/gnutls_memset.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_memset} (void * @var{data}, int @var{c}, size_t @var{size}) diff --git a/doc/functions/gnutls_ocsp_req_add_cert b/doc/functions/gnutls_ocsp_req_add_cert index 73fff72..fbd7295 100644 --- a/doc/functions/gnutls_ocsp_req_add_cert +++ b/doc/functions/gnutls_ocsp_req_add_cert @@ -2,7 +2,7 @@ @deftypefun {int} {gnutls_ocsp_req_add_cert} (gnutls_ocsp_req_t @var{req}, gnutls_digest_algorithm_t @var{digest}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_crt_t @var{cert}) -@var{req}: should contain a @code{gnutls_ocsp_req_t} type +@var{req}: should contain a @code{gnutls_ocsp_req_t} structure @var{digest}: hash algorithm, a @code{gnutls_digest_algorithm_t} value diff --git a/doc/functions/gnutls_ocsp_req_add_cert_id b/doc/functions/gnutls_ocsp_req_add_cert_id index 8d2f9b6..3033ea6 100644 --- a/doc/functions/gnutls_ocsp_req_add_cert_id +++ b/doc/functions/gnutls_ocsp_req_add_cert_id @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_req_add_cert_id} (gnutls_ocsp_req_t @var{req}, gnutls_digest_algorithm_t @var{digest}, const gnutls_datum_t * @var{issuer_name_hash}, const gnutls_datum_t * @var{issuer_key_hash}, const gnutls_datum_t * @var{serial_number}) -@var{req}: should contain a @code{gnutls_ocsp_req_t} type +@var{req}: should contain a @code{gnutls_ocsp_req_t} structure @var{digest}: hash algorithm, a @code{gnutls_digest_algorithm_t} value diff --git a/doc/functions/gnutls_ocsp_req_deinit b/doc/functions/gnutls_ocsp_req_deinit index 7b8e753..f1eefc1 100644 --- a/doc/functions/gnutls_ocsp_req_deinit +++ b/doc/functions/gnutls_ocsp_req_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_ocsp_req_deinit} (gnutls_ocsp_req_t @var{req}) -@var{req}: The data to be deinitialized +@var{req}: The structure to be deinitialized This function will deinitialize a OCSP request structure. @end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_get_cert_id b/doc/functions/gnutls_ocsp_req_get_cert_id index b9b9c9d..f612499 100644 --- a/doc/functions/gnutls_ocsp_req_get_cert_id +++ b/doc/functions/gnutls_ocsp_req_get_cert_id @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_req_get_cert_id} (gnutls_ocsp_req_t @var{req}, unsigned @var{indx}, gnutls_digest_algorithm_t * @var{digest}, gnutls_datum_t * @var{issuer_name_hash}, gnutls_datum_t * @var{issuer_key_hash}, gnutls_datum_t * @var{serial_number}) -@var{req}: should contain a @code{gnutls_ocsp_req_t} type +@var{req}: should contain a @code{gnutls_ocsp_req_t} structure @var{indx}: Specifies which extension OID to get. Use (0) to get the first one. diff --git a/doc/functions/gnutls_ocsp_req_get_extension b/doc/functions/gnutls_ocsp_req_get_extension index a61b5e5..0a1a77d 100644 --- a/doc/functions/gnutls_ocsp_req_get_extension +++ b/doc/functions/gnutls_ocsp_req_get_extension @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_req_get_extension} (gnutls_ocsp_req_t @var{req}, unsigned @var{indx}, gnutls_datum_t * @var{oid}, unsigned int * @var{critical}, gnutls_datum_t * @var{data}) -@var{req}: should contain a @code{gnutls_ocsp_req_t} type +@var{req}: should contain a @code{gnutls_ocsp_req_t} structure @var{indx}: Specifies which extension OID to get. Use (0) to get the first one. diff --git a/doc/functions/gnutls_ocsp_req_get_nonce b/doc/functions/gnutls_ocsp_req_get_nonce index ab640bf..d8ba938 100644 --- a/doc/functions/gnutls_ocsp_req_get_nonce +++ b/doc/functions/gnutls_ocsp_req_get_nonce @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_req_get_nonce} (gnutls_ocsp_req_t @var{req}, unsigned int * @var{critical}, gnutls_datum_t * @var{nonce}) -@var{req}: should contain a @code{gnutls_ocsp_req_t} type +@var{req}: should contain a @code{gnutls_ocsp_req_t} structure @var{critical}: whether nonce extension is marked critical, or NULL diff --git a/doc/functions/gnutls_ocsp_req_get_version b/doc/functions/gnutls_ocsp_req_get_version index ecd24af..c15d601 100644 --- a/doc/functions/gnutls_ocsp_req_get_version +++ b/doc/functions/gnutls_ocsp_req_get_version @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_req_get_version} (gnutls_ocsp_req_t @var{req}) -@var{req}: should contain a @code{gnutls_ocsp_req_t} type +@var{req}: should contain a @code{gnutls_ocsp_req_t} structure This function will return the version of the OCSP request. Typically this is always 1 indicating version 1. diff --git a/doc/functions/gnutls_ocsp_req_import b/doc/functions/gnutls_ocsp_req_import index ef981bf..9325336 100644 --- a/doc/functions/gnutls_ocsp_req_import +++ b/doc/functions/gnutls_ocsp_req_import @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_req_import} (gnutls_ocsp_req_t @var{req}, const gnutls_datum_t * @var{data}) -@var{req}: The data to store the parsed request. +@var{req}: The structure to store the parsed request. @var{data}: DER encoded OCSP request. diff --git a/doc/functions/gnutls_ocsp_req_init b/doc/functions/gnutls_ocsp_req_init index f13c6ba..48f845b 100644 --- a/doc/functions/gnutls_ocsp_req_init +++ b/doc/functions/gnutls_ocsp_req_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_req_init} (gnutls_ocsp_req_t * @var{req}) -@var{req}: A pointer to the type to be initialized +@var{req}: The structure to be initialized This function will initialize an OCSP request structure. diff --git a/doc/functions/gnutls_ocsp_req_print b/doc/functions/gnutls_ocsp_req_print index ff62adb..3689cf9 100644 --- a/doc/functions/gnutls_ocsp_req_print +++ b/doc/functions/gnutls_ocsp_req_print @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_req_print} (gnutls_ocsp_req_t @var{req}, gnutls_ocsp_print_formats_t @var{format}, gnutls_datum_t * @var{out}) -@var{req}: The data to be printed +@var{req}: The structure to be printed @var{format}: Indicate the format to use diff --git a/doc/functions/gnutls_ocsp_req_randomize_nonce b/doc/functions/gnutls_ocsp_req_randomize_nonce index dbeaf6c..75446c3 100644 --- a/doc/functions/gnutls_ocsp_req_randomize_nonce +++ b/doc/functions/gnutls_ocsp_req_randomize_nonce @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_req_randomize_nonce} (gnutls_ocsp_req_t @var{req}) -@var{req}: should contain a @code{gnutls_ocsp_req_t} type +@var{req}: should contain a @code{gnutls_ocsp_req_t} structure This function will add or update an nonce extension to the OCSP request with a newly generated random value. diff --git a/doc/functions/gnutls_ocsp_req_set_extension b/doc/functions/gnutls_ocsp_req_set_extension index 6fb1e00..fa542a8 100644 --- a/doc/functions/gnutls_ocsp_req_set_extension +++ b/doc/functions/gnutls_ocsp_req_set_extension @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_req_set_extension} (gnutls_ocsp_req_t @var{req}, const char * @var{oid}, unsigned int @var{critical}, const gnutls_datum_t * @var{data}) -@var{req}: should contain a @code{gnutls_ocsp_req_t} type +@var{req}: should contain a @code{gnutls_ocsp_req_t} structure @var{oid}: buffer with OID of extension as a string. diff --git a/doc/functions/gnutls_ocsp_req_set_nonce b/doc/functions/gnutls_ocsp_req_set_nonce index 71f8eae..d39d285 100644 --- a/doc/functions/gnutls_ocsp_req_set_nonce +++ b/doc/functions/gnutls_ocsp_req_set_nonce @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_req_set_nonce} (gnutls_ocsp_req_t @var{req}, unsigned int @var{critical}, const gnutls_datum_t * @var{nonce}) -@var{req}: should contain a @code{gnutls_ocsp_req_t} type +@var{req}: should contain a @code{gnutls_ocsp_req_t} structure @var{critical}: critical flag, normally false. diff --git a/doc/functions/gnutls_ocsp_resp_check_crt b/doc/functions/gnutls_ocsp_resp_check_crt index 14486ef..4d127cf 100644 --- a/doc/functions/gnutls_ocsp_resp_check_crt +++ b/doc/functions/gnutls_ocsp_resp_check_crt @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_resp_check_crt} (gnutls_ocsp_resp_t @var{resp}, unsigned int @var{indx}, gnutls_x509_crt_t @var{crt}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} structure @var{indx}: Specifies response number to get. Use (0) to get the first one. diff --git a/doc/functions/gnutls_ocsp_resp_deinit b/doc/functions/gnutls_ocsp_resp_deinit index 5cfb575..6f6959e 100644 --- a/doc/functions/gnutls_ocsp_resp_deinit +++ b/doc/functions/gnutls_ocsp_resp_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_ocsp_resp_deinit} (gnutls_ocsp_resp_t @var{resp}) -@var{resp}: The data to be deinitialized +@var{resp}: The structure to be deinitialized This function will deinitialize a OCSP response structure. @end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_certs b/doc/functions/gnutls_ocsp_resp_get_certs index 6512c70..3bdf0a5 100644 --- a/doc/functions/gnutls_ocsp_resp_get_certs +++ b/doc/functions/gnutls_ocsp_resp_get_certs @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_resp_get_certs} (gnutls_ocsp_resp_t @var{resp}, gnutls_x509_crt_t ** @var{certs}, size_t * @var{ncerts}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} structure @var{certs}: newly allocated array with @code{gnutls_x509_crt_t} certificates diff --git a/doc/functions/gnutls_ocsp_resp_get_extension b/doc/functions/gnutls_ocsp_resp_get_extension index 18b9f51..8123ea6 100644 --- a/doc/functions/gnutls_ocsp_resp_get_extension +++ b/doc/functions/gnutls_ocsp_resp_get_extension @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_resp_get_extension} (gnutls_ocsp_resp_t @var{resp}, unsigned @var{indx}, gnutls_datum_t * @var{oid}, unsigned int * @var{critical}, gnutls_datum_t * @var{data}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} structure @var{indx}: Specifies which extension OID to get. Use (0) to get the first one. diff --git a/doc/functions/gnutls_ocsp_resp_get_nonce b/doc/functions/gnutls_ocsp_resp_get_nonce index a4bd19e..a8c0ec4 100644 --- a/doc/functions/gnutls_ocsp_resp_get_nonce +++ b/doc/functions/gnutls_ocsp_resp_get_nonce @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_resp_get_nonce} (gnutls_ocsp_resp_t @var{resp}, unsigned int * @var{critical}, gnutls_datum_t * @var{nonce}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} structure @var{critical}: whether nonce extension is marked critical diff --git a/doc/functions/gnutls_ocsp_resp_get_produced b/doc/functions/gnutls_ocsp_resp_get_produced index a89910a..15dbbef 100644 --- a/doc/functions/gnutls_ocsp_resp_get_produced +++ b/doc/functions/gnutls_ocsp_resp_get_produced @@ -3,7 +3,7 @@ @deftypefun {time_t} {gnutls_ocsp_resp_get_produced} (gnutls_ocsp_resp_t @var{resp}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} structure This function will return the time when the OCSP response was signed. diff --git a/doc/functions/gnutls_ocsp_resp_get_responder b/doc/functions/gnutls_ocsp_resp_get_responder index efc8ca3..9e4e1cc 100644 --- a/doc/functions/gnutls_ocsp_resp_get_responder +++ b/doc/functions/gnutls_ocsp_resp_get_responder @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_resp_get_responder} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{dn}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} structure @var{dn}: newly allocated buffer with name @@ -12,9 +12,6 @@ the provided buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string will be ASCII or UTF-8 encoded, depending on the certificate data. -If the responder ID is not a name but a hash, this function -will return zero and the @code{dn} elements will be set to @code{NULL} . - The caller needs to deallocate memory by calling @code{gnutls_free()} on @code{dn} ->data. diff --git a/doc/functions/gnutls_ocsp_resp_get_responder_raw_id b/doc/functions/gnutls_ocsp_resp_get_responder_raw_id deleted file mode 100644 index 0755c74..0000000 --- a/doc/functions/gnutls_ocsp_resp_get_responder_raw_id +++ /dev/null @@ -1,21 +0,0 @@ - - - - -@deftypefun {int} {gnutls_ocsp_resp_get_responder_raw_id} (gnutls_ocsp_resp_t @var{resp}, unsigned @var{type}, gnutls_datum_t * @var{raw}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type - -@var{type}: should be @code{GNUTLS_OCSP_RESP_ID_KEY} or @code{GNUTLS_OCSP_RESP_ID_DN} - -@var{raw}: newly allocated buffer with the raw ID - -This function will extract the raw key (or DN) ID of the Basic OCSP Response in -the provided buffer. If the responder ID is not a key ID then -this function will return @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . - -The caller needs to deallocate memory by calling @code{gnutls_free()} on - @code{dn} ->data. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error code is returned. -@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_responder_raw_id.short b/doc/functions/gnutls_ocsp_resp_get_responder_raw_id.short deleted file mode 100644 index e381a60..0000000 --- a/doc/functions/gnutls_ocsp_resp_get_responder_raw_id.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_ocsp_resp_get_responder_raw_id} (gnutls_ocsp_resp_t @var{resp}, unsigned @var{type}, gnutls_datum_t * @var{raw}) diff --git a/doc/functions/gnutls_ocsp_resp_get_response b/doc/functions/gnutls_ocsp_resp_get_response index 69ef606..64a18cc 100644 --- a/doc/functions/gnutls_ocsp_resp_get_response +++ b/doc/functions/gnutls_ocsp_resp_get_response @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_resp_get_response} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{response_type_oid}, gnutls_datum_t * @var{response}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} structure @var{response_type_oid}: newly allocated output buffer with response type OID diff --git a/doc/functions/gnutls_ocsp_resp_get_signature b/doc/functions/gnutls_ocsp_resp_get_signature index 1cadb24..86d3ecf 100644 --- a/doc/functions/gnutls_ocsp_resp_get_signature +++ b/doc/functions/gnutls_ocsp_resp_get_signature @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_resp_get_signature} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{sig}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} structure @var{sig}: newly allocated output buffer with signature data diff --git a/doc/functions/gnutls_ocsp_resp_get_signature_algorithm b/doc/functions/gnutls_ocsp_resp_get_signature_algorithm index 0812c3a..a16a9e0 100644 --- a/doc/functions/gnutls_ocsp_resp_get_signature_algorithm +++ b/doc/functions/gnutls_ocsp_resp_get_signature_algorithm @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_resp_get_signature_algorithm} (gnutls_ocsp_resp_t @var{resp}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} structure This function will return a value of the @code{gnutls_sign_algorithm_t} enumeration that is the signature algorithm that has been used to diff --git a/doc/functions/gnutls_ocsp_resp_get_single b/doc/functions/gnutls_ocsp_resp_get_single index a77a539..09941b7 100644 --- a/doc/functions/gnutls_ocsp_resp_get_single +++ b/doc/functions/gnutls_ocsp_resp_get_single @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_resp_get_single} (gnutls_ocsp_resp_t @var{resp}, unsigned @var{indx}, gnutls_digest_algorithm_t * @var{digest}, gnutls_datum_t * @var{issuer_name_hash}, gnutls_datum_t * @var{issuer_key_hash}, gnutls_datum_t * @var{serial_number}, unsigned int * @var{cert_status}, time_t * @var{this_update}, time_t * @var{next_update}, time_t * @var{revocation_time}, unsigned int * @var{revocation_reason}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} structure @var{indx}: Specifies response number to get. Use (0) to get the first one. diff --git a/doc/functions/gnutls_ocsp_resp_get_status b/doc/functions/gnutls_ocsp_resp_get_status index cfa0171..f0ef2d1 100644 --- a/doc/functions/gnutls_ocsp_resp_get_status +++ b/doc/functions/gnutls_ocsp_resp_get_status @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_resp_get_status} (gnutls_ocsp_resp_t @var{resp}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} structure This function will return the status of a OCSP response, an @code{gnutls_ocsp_resp_status_t} enumeration. diff --git a/doc/functions/gnutls_ocsp_resp_get_version b/doc/functions/gnutls_ocsp_resp_get_version index 0884c6b..6842c18 100644 --- a/doc/functions/gnutls_ocsp_resp_get_version +++ b/doc/functions/gnutls_ocsp_resp_get_version @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_resp_get_version} (gnutls_ocsp_resp_t @var{resp}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} structure This function will return the version of the Basic OCSP Response. Typically this is always 1 indicating version 1. diff --git a/doc/functions/gnutls_ocsp_resp_import b/doc/functions/gnutls_ocsp_resp_import index 7db9c5d..f47811a 100644 --- a/doc/functions/gnutls_ocsp_resp_import +++ b/doc/functions/gnutls_ocsp_resp_import @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_resp_import} (gnutls_ocsp_resp_t @var{resp}, const gnutls_datum_t * @var{data}) -@var{resp}: The data to store the parsed response. +@var{resp}: The structure to store the parsed response. @var{data}: DER encoded OCSP response. diff --git a/doc/functions/gnutls_ocsp_resp_init b/doc/functions/gnutls_ocsp_resp_init index 928ae39..6c669e8 100644 --- a/doc/functions/gnutls_ocsp_resp_init +++ b/doc/functions/gnutls_ocsp_resp_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_resp_init} (gnutls_ocsp_resp_t * @var{resp}) -@var{resp}: A pointer to the type to be initialized +@var{resp}: The structure to be initialized This function will initialize an OCSP response structure. diff --git a/doc/functions/gnutls_ocsp_resp_print b/doc/functions/gnutls_ocsp_resp_print index d0265c6..969a75a 100644 --- a/doc/functions/gnutls_ocsp_resp_print +++ b/doc/functions/gnutls_ocsp_resp_print @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_resp_print} (gnutls_ocsp_resp_t @var{resp}, gnutls_ocsp_print_formats_t @var{format}, gnutls_datum_t * @var{out}) -@var{resp}: The data to be printed +@var{resp}: The structure to be printed @var{format}: Indicate the format to use diff --git a/doc/functions/gnutls_ocsp_resp_verify b/doc/functions/gnutls_ocsp_resp_verify index 40b8515..1082d28 100644 --- a/doc/functions/gnutls_ocsp_resp_verify +++ b/doc/functions/gnutls_ocsp_resp_verify @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_ocsp_resp_verify} (gnutls_ocsp_resp_t @var{resp}, gnutls_x509_trust_list_t @var{trustlist}, unsigned int * @var{verify}, unsigned int @var{flags}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} structure -@var{trustlist}: trust anchors as a @code{gnutls_x509_trust_list_t} type +@var{trustlist}: trust anchors as a @code{gnutls_x509_trust_list_t} structure -@var{verify}: output variable with verification status, an @code{gnutls_ocsp_verify_reason_t} +@var{verify}: output variable with verification status, an @code{gnutls_ocsp_cert_status_t} @var{flags}: verification flags, 0 for now. diff --git a/doc/functions/gnutls_ocsp_resp_verify_direct b/doc/functions/gnutls_ocsp_resp_verify_direct index 544f992..570b05f 100644 --- a/doc/functions/gnutls_ocsp_resp_verify_direct +++ b/doc/functions/gnutls_ocsp_resp_verify_direct @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_ocsp_resp_verify_direct} (gnutls_ocsp_resp_t @var{resp}, gnutls_x509_crt_t @var{issuer}, unsigned int * @var{verify}, unsigned int @var{flags}) -@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} structure @var{issuer}: certificate believed to have signed the response -@var{verify}: output variable with verification status, an @code{gnutls_ocsp_verify_reason_t} +@var{verify}: output variable with verification status, an @code{gnutls_ocsp_cert_status_t} @var{flags}: verification flags, 0 for now. diff --git a/doc/functions/gnutls_ocsp_status_request_enable_client b/doc/functions/gnutls_ocsp_status_request_enable_client index 313ac7f..303f446 100644 --- a/doc/functions/gnutls_ocsp_status_request_enable_client +++ b/doc/functions/gnutls_ocsp_status_request_enable_client @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_status_request_enable_client} (gnutls_session_t @var{session}, gnutls_datum_t * @var{responder_id}, size_t @var{responder_id_size}, gnutls_datum_t * @var{extensions}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{responder_id}: array with @code{gnutls_datum_t} with DER data of responder id diff --git a/doc/functions/gnutls_ocsp_status_request_get b/doc/functions/gnutls_ocsp_status_request_get index 4017217..cdea69c 100644 --- a/doc/functions/gnutls_ocsp_status_request_get +++ b/doc/functions/gnutls_ocsp_status_request_get @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_ocsp_status_request_get} (gnutls_session_t @var{session}, gnutls_datum_t * @var{response}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{response}: a @code{gnutls_datum_t} with DER encoded OCSP response diff --git a/doc/functions/gnutls_ocsp_status_request_is_checked b/doc/functions/gnutls_ocsp_status_request_is_checked index 0d2cc1b..611aead 100644 --- a/doc/functions/gnutls_ocsp_status_request_is_checked +++ b/doc/functions/gnutls_ocsp_status_request_is_checked @@ -5,18 +5,14 @@ @deftypefun {int} {gnutls_ocsp_status_request_is_checked} (gnutls_session_t @var{session}, unsigned int @var{flags}) @var{session}: is a gnutls session -@var{flags}: should be zero or @code{GNUTLS_OCSP_SR_IS_AVAIL} +@var{flags}: should be zero Check whether an OCSP status response was included in the handshake and whether it was checked and valid (not too old or superseded). This is a helper function when needing to decide whether to perform an -OCSP validity check on the peer's certificate. Should be called after -any of gnutls_certificate_verify_peers*() are called. +OCSP validity check on the peer's certificate. Must be called after +@code{gnutls_certificate_verify_peers3()} is called. -If the flag @code{GNUTLS_OCSP_SR_IS_AVAIL} is specified, the return -value of the function indicates whether an OCSP status response have -been received (even if invalid). The flag was introduced in GnuTLS 3.4.0. - -@strong{Returns:} non zero if the response was valid, or a zero if it wasn't sent, +@strong{Returns:} non zero it was valid, or a zero if it wasn't sent, or sent and was invalid. @end deftypefun diff --git a/doc/functions/gnutls_oid_to_digest b/doc/functions/gnutls_oid_to_digest deleted file mode 100644 index 9ac2809..0000000 --- a/doc/functions/gnutls_oid_to_digest +++ /dev/null @@ -1,14 +0,0 @@ - - - - -@deftypefun {gnutls_digest_algorithm_t} {gnutls_oid_to_digest} (const char * @var{oid}) -@var{oid}: is an object identifier - -Converts a textual object identifier to a @code{gnutls_digest_algorithm_t} value. - -@strong{Returns:} a @code{gnutls_digest_algorithm_t} id of the specified digest -algorithm, or @code{GNUTLS_DIG_UNKNOWN} on failure. - -@strong{Since:} 3.4.3 -@end deftypefun diff --git a/doc/functions/gnutls_oid_to_digest.short b/doc/functions/gnutls_oid_to_digest.short deleted file mode 100644 index ad6e948..0000000 --- a/doc/functions/gnutls_oid_to_digest.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{gnutls_digest_algorithm_t} @ref{gnutls_oid_to_digest} (const char * @var{oid}) diff --git a/doc/functions/gnutls_oid_to_ecc_curve b/doc/functions/gnutls_oid_to_ecc_curve deleted file mode 100644 index e5baf3c..0000000 --- a/doc/functions/gnutls_oid_to_ecc_curve +++ /dev/null @@ -1,13 +0,0 @@ - - - - -@deftypefun {gnutls_ecc_curve_t} {gnutls_oid_to_ecc_curve} (const char * @var{oid}) -@var{oid}: is a curve's OID - - -@strong{Returns:} return a @code{gnutls_ecc_curve_t} value corresponding to -the specified OID, or @code{GNUTLS_ECC_CURVE_INVALID} on error. - -@strong{Since:} 3.4.3 -@end deftypefun diff --git a/doc/functions/gnutls_oid_to_ecc_curve.short b/doc/functions/gnutls_oid_to_ecc_curve.short deleted file mode 100644 index 1c5072b..0000000 --- a/doc/functions/gnutls_oid_to_ecc_curve.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{gnutls_ecc_curve_t} @ref{gnutls_oid_to_ecc_curve} (const char * @var{oid}) diff --git a/doc/functions/gnutls_oid_to_pk b/doc/functions/gnutls_oid_to_pk deleted file mode 100644 index 5bcf3de..0000000 --- a/doc/functions/gnutls_oid_to_pk +++ /dev/null @@ -1,14 +0,0 @@ - - - - -@deftypefun {gnutls_pk_algorithm_t} {gnutls_oid_to_pk} (const char * @var{oid}) -@var{oid}: is an object identifier - -Converts a textual object identifier to a @code{gnutls_pk_algorithm_t} value. - -@strong{Returns:} a @code{gnutls_pk_algorithm_t} id of the specified digest -algorithm, or @code{GNUTLS_PK_UNKNOWN} on failure. - -@strong{Since:} 3.4.3 -@end deftypefun diff --git a/doc/functions/gnutls_oid_to_pk.short b/doc/functions/gnutls_oid_to_pk.short deleted file mode 100644 index f8c2fcf..0000000 --- a/doc/functions/gnutls_oid_to_pk.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{gnutls_pk_algorithm_t} @ref{gnutls_oid_to_pk} (const char * @var{oid}) diff --git a/doc/functions/gnutls_oid_to_sign b/doc/functions/gnutls_oid_to_sign deleted file mode 100644 index 4d3b4b3..0000000 --- a/doc/functions/gnutls_oid_to_sign +++ /dev/null @@ -1,14 +0,0 @@ - - - - -@deftypefun {gnutls_sign_algorithm_t} {gnutls_oid_to_sign} (const char * @var{oid}) -@var{oid}: is an object identifier - -Converts a textual object identifier to a @code{gnutls_sign_algorithm_t} value. - -@strong{Returns:} a @code{gnutls_sign_algorithm_t} id of the specified digest -algorithm, or @code{GNUTLS_SIGN_UNKNOWN} on failure. - -@strong{Since:} 3.4.3 -@end deftypefun diff --git a/doc/functions/gnutls_oid_to_sign.short b/doc/functions/gnutls_oid_to_sign.short deleted file mode 100644 index 11cf76b..0000000 --- a/doc/functions/gnutls_oid_to_sign.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{gnutls_sign_algorithm_t} @ref{gnutls_oid_to_sign} (const char * @var{oid}) diff --git a/doc/functions/gnutls_openpgp_crt_check_email b/doc/functions/gnutls_openpgp_crt_check_email deleted file mode 100644 index eacedb9..0000000 --- a/doc/functions/gnutls_openpgp_crt_check_email +++ /dev/null @@ -1,16 +0,0 @@ - - - - -@deftypefun {int} {gnutls_openpgp_crt_check_email} (gnutls_openpgp_crt_t @var{key}, const char * @var{email}, unsigned @var{flags}) -@var{key}: should contain a @code{gnutls_openpgp_crt_t} type - -@var{email}: A null terminated string that contains an RFC822 address (email) - -@var{flags}: gnutls_certificate_verify_flags - -This function will check if the given key's owner matches the -given email address. - -@strong{Returns:} non-zero for a successful match, and zero on failure. -@end deftypefun diff --git a/doc/functions/gnutls_openpgp_crt_check_email.short b/doc/functions/gnutls_openpgp_crt_check_email.short deleted file mode 100644 index eb1b78f..0000000 --- a/doc/functions/gnutls_openpgp_crt_check_email.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_openpgp_crt_check_email} (gnutls_openpgp_crt_t @var{key}, const char * @var{email}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_openpgp_crt_check_hostname b/doc/functions/gnutls_openpgp_crt_check_hostname index 0de0c11..b129e17 100644 --- a/doc/functions/gnutls_openpgp_crt_check_hostname +++ b/doc/functions/gnutls_openpgp_crt_check_hostname @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_openpgp_crt_check_hostname} (gnutls_openpgp_crt_t @var{key}, const char * @var{hostname}) -@var{key}: should contain a @code{gnutls_openpgp_crt_t} type +@var{key}: should contain a @code{gnutls_openpgp_crt_t} structure @var{hostname}: A null terminated string that contains a DNS name diff --git a/doc/functions/gnutls_openpgp_crt_check_hostname2 b/doc/functions/gnutls_openpgp_crt_check_hostname2 index 36c5db7..7b23aa5 100644 --- a/doc/functions/gnutls_openpgp_crt_check_hostname2 +++ b/doc/functions/gnutls_openpgp_crt_check_hostname2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_openpgp_crt_check_hostname2} (gnutls_openpgp_crt_t @var{key}, const char * @var{hostname}, unsigned @var{flags}) -@var{key}: should contain a @code{gnutls_openpgp_crt_t} type +@var{key}: should contain a @code{gnutls_openpgp_crt_t} structure @var{hostname}: A null terminated string that contains a DNS name diff --git a/doc/functions/gnutls_openpgp_crt_deinit b/doc/functions/gnutls_openpgp_crt_deinit index 56a199a..bbc8cfd 100644 --- a/doc/functions/gnutls_openpgp_crt_deinit +++ b/doc/functions/gnutls_openpgp_crt_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_openpgp_crt_deinit} (gnutls_openpgp_crt_t @var{key}) -@var{key}: A pointer to the type to be initialized +@var{key}: The structure to be initialized This function will deinitialize a key structure. @end deftypefun diff --git a/doc/functions/gnutls_openpgp_crt_get_key_usage b/doc/functions/gnutls_openpgp_crt_get_key_usage index 836748f..b98640d 100644 --- a/doc/functions/gnutls_openpgp_crt_get_key_usage +++ b/doc/functions/gnutls_openpgp_crt_get_key_usage @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_openpgp_crt_get_key_usage} (gnutls_openpgp_crt_t @var{key}, unsigned int * @var{key_usage}) -@var{key}: should contain a gnutls_openpgp_crt_t type +@var{key}: should contain a gnutls_openpgp_crt_t structure @var{key_usage}: where the key usage bits will be stored diff --git a/doc/functions/gnutls_openpgp_crt_get_subkey_usage b/doc/functions/gnutls_openpgp_crt_get_subkey_usage index 1411e98..b02943e 100644 --- a/doc/functions/gnutls_openpgp_crt_get_subkey_usage +++ b/doc/functions/gnutls_openpgp_crt_get_subkey_usage @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_openpgp_crt_get_subkey_usage} (gnutls_openpgp_crt_t @var{key}, unsigned int @var{idx}, unsigned int * @var{key_usage}) -@var{key}: should contain a gnutls_openpgp_crt_t type +@var{key}: should contain a gnutls_openpgp_crt_t structure @var{idx}: the subkey index diff --git a/doc/functions/gnutls_openpgp_crt_init b/doc/functions/gnutls_openpgp_crt_init index 1cef02c..59b3b83 100644 --- a/doc/functions/gnutls_openpgp_crt_init +++ b/doc/functions/gnutls_openpgp_crt_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_openpgp_crt_init} (gnutls_openpgp_crt_t * @var{key}) -@var{key}: A pointer to the type to be initialized +@var{key}: The structure to be initialized This function will initialize an OpenPGP key structure. diff --git a/doc/functions/gnutls_openpgp_keyring_deinit b/doc/functions/gnutls_openpgp_keyring_deinit index 18f7890..4ea2297 100644 --- a/doc/functions/gnutls_openpgp_keyring_deinit +++ b/doc/functions/gnutls_openpgp_keyring_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_openpgp_keyring_deinit} (gnutls_openpgp_keyring_t @var{keyring}) -@var{keyring}: A pointer to the type to be initialized +@var{keyring}: The structure to be initialized This function will deinitialize a keyring structure. @end deftypefun diff --git a/doc/functions/gnutls_openpgp_keyring_get_crt b/doc/functions/gnutls_openpgp_keyring_get_crt index 7f8eb5b..1595f11 100644 --- a/doc/functions/gnutls_openpgp_keyring_get_crt +++ b/doc/functions/gnutls_openpgp_keyring_get_crt @@ -7,7 +7,7 @@ @var{idx}: the index of the certificate to export -@var{cert}: An uninitialized @code{gnutls_openpgp_crt_t} type +@var{cert}: An uninitialized @code{gnutls_openpgp_crt_t} structure This function will extract an OpenPGP certificate from the given keyring. If the index given is out of range diff --git a/doc/functions/gnutls_openpgp_keyring_init b/doc/functions/gnutls_openpgp_keyring_init index 6ae7212..1cfaa78 100644 --- a/doc/functions/gnutls_openpgp_keyring_init +++ b/doc/functions/gnutls_openpgp_keyring_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_openpgp_keyring_init} (gnutls_openpgp_keyring_t * @var{keyring}) -@var{keyring}: A pointer to the type to be initialized +@var{keyring}: The structure to be initialized This function will initialize an keyring structure. diff --git a/doc/functions/gnutls_openpgp_privkey_deinit b/doc/functions/gnutls_openpgp_privkey_deinit index 48697e5..390c462 100644 --- a/doc/functions/gnutls_openpgp_privkey_deinit +++ b/doc/functions/gnutls_openpgp_privkey_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_openpgp_privkey_deinit} (gnutls_openpgp_privkey_t @var{key}) -@var{key}: A pointer to the type to be initialized +@var{key}: The structure to be initialized This function will deinitialize a key structure. @end deftypefun diff --git a/doc/functions/gnutls_openpgp_privkey_init b/doc/functions/gnutls_openpgp_privkey_init index 0513039..0614c67 100644 --- a/doc/functions/gnutls_openpgp_privkey_init +++ b/doc/functions/gnutls_openpgp_privkey_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_openpgp_privkey_init} (gnutls_openpgp_privkey_t * @var{key}) -@var{key}: A pointer to the type to be initialized +@var{key}: The structure to be initialized This function will initialize an OpenPGP key structure. diff --git a/doc/functions/gnutls_openpgp_send_cert b/doc/functions/gnutls_openpgp_send_cert index 0413836..09f895c 100644 --- a/doc/functions/gnutls_openpgp_send_cert +++ b/doc/functions/gnutls_openpgp_send_cert @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_openpgp_send_cert} (gnutls_session_t @var{session}, gnutls_openpgp_crt_status_t @var{status}) -@var{session}: a @code{gnutls_session_t} type. +@var{session}: is a pointer to a @code{gnutls_session_t} structure. @var{status}: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT diff --git a/doc/functions/gnutls_openpgp_set_recv_key_function b/doc/functions/gnutls_openpgp_set_recv_key_function index 4008021..eb68300 100644 --- a/doc/functions/gnutls_openpgp_set_recv_key_function +++ b/doc/functions/gnutls_openpgp_set_recv_key_function @@ -7,7 +7,7 @@ @var{func}: the callback -This function will set a key retrieval function for OpenPGP keys. This +This funtion will set a key retrieval function for OpenPGP keys. This callback is only useful in server side, and will be used if the peer sent a key fingerprint instead of a full key. diff --git a/doc/functions/gnutls_packet_get b/doc/functions/gnutls_packet_get index 8621d8e..6b7cf63 100644 --- a/doc/functions/gnutls_packet_get +++ b/doc/functions/gnutls_packet_get @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_packet_get} (gnutls_packet_t @var{packet}, gnutls_datum_t * @var{data}, unsigned char * @var{sequence}) -@var{packet}: is a @code{gnutls_packet_t} type. +@var{packet}: is a @code{gnutls_packet_t} structure. @var{data}: will contain the data present in the @code{packet} structure (may be @code{NULL} ) diff --git a/doc/functions/gnutls_pcert_export_openpgp b/doc/functions/gnutls_pcert_export_openpgp deleted file mode 100644 index 0a0c750..0000000 --- a/doc/functions/gnutls_pcert_export_openpgp +++ /dev/null @@ -1,19 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pcert_export_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t * @var{crt}) -@var{pcert}: The pcert structure. - -@var{crt}: An initialized @code{gnutls_openpgp_crt_t} . - -Converts the given @code{gnutls_pcert_t} type into a @code{gnutls_openpgp_crt_t} . -This function only works if the type of @code{pcert} is @code{GNUTLS_CRT_OPENPGP} . -When successful, the value written to @code{crt} must be freed with -@code{gnutls_openpgp_crt_deinit()} when no longer needed. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_pcert_export_openpgp.short b/doc/functions/gnutls_pcert_export_openpgp.short deleted file mode 100644 index 6832d59..0000000 --- a/doc/functions/gnutls_pcert_export_openpgp.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pcert_export_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t * @var{crt}) diff --git a/doc/functions/gnutls_pcert_export_x509 b/doc/functions/gnutls_pcert_export_x509 deleted file mode 100644 index ef043df..0000000 --- a/doc/functions/gnutls_pcert_export_x509 +++ /dev/null @@ -1,19 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pcert_export_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t * @var{crt}) -@var{pcert}: The pcert structure. - -@var{crt}: An initialized @code{gnutls_x509_crt_t} . - -Converts the given @code{gnutls_pcert_t} type into a @code{gnutls_x509_crt_t} . -This function only works if the type of @code{pcert} is @code{GNUTLS_CRT_X509} . -When successful, the value written to @code{crt} must be freed with -@code{gnutls_x509_crt_deinit()} when no longer needed. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_pcert_export_x509.short b/doc/functions/gnutls_pcert_export_x509.short deleted file mode 100644 index 2a38cd4..0000000 --- a/doc/functions/gnutls_pcert_export_x509.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pcert_export_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t * @var{crt}) diff --git a/doc/functions/gnutls_pcert_import_x509 b/doc/functions/gnutls_pcert_import_x509 index 0e45e9e..50f1dc5 100644 --- a/doc/functions/gnutls_pcert_import_x509 +++ b/doc/functions/gnutls_pcert_import_x509 @@ -5,7 +5,7 @@ @deftypefun {int} {gnutls_pcert_import_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}) @var{pcert}: The pcert structure -@var{crt}: The certificate to be imported +@var{crt}: The raw certificate to be imported @var{flags}: zero for now diff --git a/doc/functions/gnutls_pcert_import_x509_list b/doc/functions/gnutls_pcert_import_x509_list deleted file mode 100644 index 0433719..0000000 --- a/doc/functions/gnutls_pcert_import_x509_list +++ /dev/null @@ -1,27 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pcert_import_x509_list} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t * @var{crt}, unsigned * @var{ncrt}, unsigned int @var{flags}) -@var{pcert}: The pcert structure - -@var{crt}: The certificates to be imported - -@var{ncrt}: The number of certificates - -@var{flags}: zero or @code{GNUTLS_X509_CRT_LIST_SORT} - -This convenience function will import the given certificate to a -@code{gnutls_pcert_st} structure. The structure must be deinitialized -afterwards using @code{gnutls_pcert_deinit()} ; - -In the case @code{GNUTLS_X509_CRT_LIST_SORT} is specified and that -function cannot sort the list, @code{GNUTLS_E_CERTIFICATE_LIST_UNSORTED} -will be returned. Currently sorting can fail if the list size -exceeds an internal constraint (16). - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_x509_list.short b/doc/functions/gnutls_pcert_import_x509_list.short deleted file mode 100644 index 33bfe1d..0000000 --- a/doc/functions/gnutls_pcert_import_x509_list.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pcert_import_x509_list} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t * @var{crt}, unsigned * @var{ncrt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pem_base64_decode2.short b/doc/functions/gnutls_pem_base64_decode2.short deleted file mode 100644 index ee7d03b..0000000 --- a/doc/functions/gnutls_pem_base64_decode2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pem_base64_decode2} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_pem_base64_decode2 b/doc/functions/gnutls_pem_base64_decode_alloc similarity index 80% rename from doc/functions/gnutls_pem_base64_decode2 rename to doc/functions/gnutls_pem_base64_decode_alloc index 18530c2..0689d7b 100644 --- a/doc/functions/gnutls_pem_base64_decode2 +++ b/doc/functions/gnutls_pem_base64_decode_alloc @@ -2,7 +2,7 @@ -@deftypefun {int} {gnutls_pem_base64_decode2} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) +@deftypefun {int} {gnutls_pem_base64_decode_alloc} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) @var{header}: The PEM header (eg. CERTIFICATE) @var{b64_data}: contains the encoded data diff --git a/doc/functions/gnutls_pem_base64_decode_alloc.short b/doc/functions/gnutls_pem_base64_decode_alloc.short new file mode 100644 index 0000000..3995de9 --- /dev/null +++ b/doc/functions/gnutls_pem_base64_decode_alloc.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pem_base64_decode_alloc} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_pem_base64_encode2.short b/doc/functions/gnutls_pem_base64_encode2.short deleted file mode 100644 index b91dd56..0000000 --- a/doc/functions/gnutls_pem_base64_encode2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pem_base64_encode2} (const char * @var{msg}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_pem_base64_encode2 b/doc/functions/gnutls_pem_base64_encode_alloc similarity index 79% rename from doc/functions/gnutls_pem_base64_encode2 rename to doc/functions/gnutls_pem_base64_encode_alloc index 33bf72f..ee81ce4 100644 --- a/doc/functions/gnutls_pem_base64_encode2 +++ b/doc/functions/gnutls_pem_base64_encode_alloc @@ -2,7 +2,7 @@ -@deftypefun {int} {gnutls_pem_base64_encode2} (const char * @var{msg}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@deftypefun {int} {gnutls_pem_base64_encode_alloc} (const char * @var{msg}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) @var{msg}: is a message to be put in the encoded header @var{data}: contains the raw data diff --git a/doc/functions/gnutls_pem_base64_encode_alloc.short b/doc/functions/gnutls_pem_base64_encode_alloc.short new file mode 100644 index 0000000..457c778 --- /dev/null +++ b/doc/functions/gnutls_pem_base64_encode_alloc.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pem_base64_encode_alloc} (const char * @var{msg}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_pk_get_oid b/doc/functions/gnutls_pk_get_oid deleted file mode 100644 index 1b6e39f..0000000 --- a/doc/functions/gnutls_pk_get_oid +++ /dev/null @@ -1,14 +0,0 @@ - - - - -@deftypefun {const char *} {gnutls_pk_get_oid} (gnutls_pk_algorithm_t @var{algorithm}) -@var{algorithm}: is a public key algorithm - -Convert a @code{gnutls_pk_algorithm_t} value to its object identifier string. - -@strong{Returns:} a pointer to a string that contains the object identifier of the -specified public key algorithm, or @code{NULL} . - -@strong{Since:} 3.4.3 -@end deftypefun diff --git a/doc/functions/gnutls_pk_get_oid.short b/doc/functions/gnutls_pk_get_oid.short deleted file mode 100644 index a0c3f80..0000000 --- a/doc/functions/gnutls_pk_get_oid.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{const char *} @ref{gnutls_pk_get_oid} (gnutls_pk_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_pkcs11_copy_attached_extension b/doc/functions/gnutls_pkcs11_copy_attached_extension deleted file mode 100644 index d186669..0000000 --- a/doc/functions/gnutls_pkcs11_copy_attached_extension +++ /dev/null @@ -1,25 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs11_copy_attached_extension} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{data}, const char * @var{label}, unsigned int @var{flags}) -@var{token_url}: A PKCS @code{11} URL specifying a token - -@var{crt}: An X.509 certificate object - -@var{data}: the attached extension - -@var{label}: A name to be used for the attached extension (may be @code{NULL} ) - -@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_* - -This function will copy an the attached extension in @code{data} for -the certificate provided in @code{crt} in the PKCS @code{11} token specified -by the URL (typically a trust module). The extension must be in -RFC5280 Extension format. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.3.8 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_attached_extension.short b/doc/functions/gnutls_pkcs11_copy_attached_extension.short deleted file mode 100644 index 4670092..0000000 --- a/doc/functions/gnutls_pkcs11_copy_attached_extension.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs11_copy_attached_extension} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{data}, const char * @var{label}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_pubkey b/doc/functions/gnutls_pkcs11_copy_pubkey deleted file mode 100644 index a21827b..0000000 --- a/doc/functions/gnutls_pkcs11_copy_pubkey +++ /dev/null @@ -1,27 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs11_copy_pubkey} (const char * @var{token_url}, gnutls_pubkey_t @var{pubkey}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{key_usage}, unsigned int @var{flags}) -@var{token_url}: A PKCS @code{11} URL specifying a token - -@var{pubkey}: The public key to copy - -@var{label}: The name to be used for the stored data - -@var{cid}: The CKA_ID to set for the object -if NULL, the ID will be derived from the public key - -@var{key_usage}: One of GNUTLS_KEY_* - -@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_* - -This function will copy a public key object into a PKCS @code{11} token specified by -a URL. Valid flags to mark the key: @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} , -@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE} , -@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.6 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_pubkey.short b/doc/functions/gnutls_pkcs11_copy_pubkey.short deleted file mode 100644 index 43b8440..0000000 --- a/doc/functions/gnutls_pkcs11_copy_pubkey.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs11_copy_pubkey} (const char * @var{token_url}, gnutls_pubkey_t @var{pubkey}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_x509_crt2 b/doc/functions/gnutls_pkcs11_copy_x509_crt2 deleted file mode 100644 index 12c8b4a..0000000 --- a/doc/functions/gnutls_pkcs11_copy_x509_crt2 +++ /dev/null @@ -1,25 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs11_copy_x509_crt2} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{flags}) -@var{token_url}: A PKCS @code{11} URL specifying a token - -@var{crt}: The certificate to copy - -@var{label}: The name to be used for the stored data - -@var{cid}: The CKA_ID to set for the object -if NULL, the ID will be derived from the public key - -@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_* - -This function will copy a certificate into a PKCS @code{11} token specified by -a URL. Valid flags to mark the certificate: @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} , -@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE} , -@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_x509_crt2.short b/doc/functions/gnutls_pkcs11_copy_x509_crt2.short deleted file mode 100644 index de3eafd..0000000 --- a/doc/functions/gnutls_pkcs11_copy_x509_crt2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs11_copy_x509_crt2} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_x509_privkey2 b/doc/functions/gnutls_pkcs11_copy_x509_privkey2 deleted file mode 100644 index 295fa65..0000000 --- a/doc/functions/gnutls_pkcs11_copy_x509_privkey2 +++ /dev/null @@ -1,26 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs11_copy_x509_privkey2} (const char * @var{token_url}, gnutls_x509_privkey_t @var{key}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{key_usage}, unsigned int @var{flags}) -@var{token_url}: A PKCS @code{11} URL specifying a token - -@var{key}: A private key - -@var{label}: A name to be used for the stored data - -@var{cid}: The CKA_ID to set for the object -if NULL, the ID will be derived from the public key - -@var{key_usage}: One of GNUTLS_KEY_* - -@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags - -This function will copy a private key into a PKCS @code{11} token specified by -a URL. It is highly recommended flags to contain @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE} -unless there is a strong reason not to. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_x509_privkey2.short b/doc/functions/gnutls_pkcs11_copy_x509_privkey2.short deleted file mode 100644 index 2953b75..0000000 --- a/doc/functions/gnutls_pkcs11_copy_x509_privkey2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs11_copy_x509_privkey2} (const char * @var{token_url}, gnutls_x509_privkey_t @var{key}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_crt_is_known b/doc/functions/gnutls_pkcs11_crt_is_known index 573f86a..1a9455b 100644 --- a/doc/functions/gnutls_pkcs11_crt_is_known +++ b/doc/functions/gnutls_pkcs11_crt_is_known @@ -11,7 +11,7 @@ This function will check whether the provided certificate is stored in the specified token. This is useful in combination with -@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED} or +@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED} or @code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED} , to check whether a CA is present or a certificate is blacklisted in a trust PKCS @code{11} module. diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer b/doc/functions/gnutls_pkcs11_get_raw_issuer index 2c86955..112d074 100644 --- a/doc/functions/gnutls_pkcs11_get_raw_issuer +++ b/doc/functions/gnutls_pkcs11_get_raw_issuer @@ -7,7 +7,7 @@ @var{cert}: is the certificate to find issuer for -@var{issuer}: Will hold the issuer if any in an allocated buffer. +@var{issuer}: Will hold the issuer if any in an allocated buffer. @var{fmt}: The format of the exported issuer. diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn deleted file mode 100644 index 261ddc1..0000000 --- a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn +++ /dev/null @@ -1,28 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs11_get_raw_issuer_by_dn} (const char * @var{url}, const gnutls_datum_t * @var{dn}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) -@var{url}: A PKCS 11 url identifying a token - -@var{dn}: is the DN to search for - -@var{issuer}: Will hold the issuer if any in an allocated buffer. - -@var{fmt}: The format of the exported issuer. - -@var{flags}: Use zero or flags from @code{GNUTLS_PKCS11_OBJ_FLAG} . - -This function will return the certificate with the given DN, if it -is stored in the token. By default only marked as trusted issuers -are retuned. If any issuer should be returned specify -@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY} in @code{flags} . - -The name of the function includes issuer because it can -be used to discover issuers of certificates. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn.short b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn.short deleted file mode 100644 index b357db6..0000000 --- a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs11_get_raw_issuer_by_dn} (const char * @var{url}, const gnutls_datum_t * @var{dn}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id deleted file mode 100644 index bfbbbd5..0000000 --- a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id +++ /dev/null @@ -1,30 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs11_get_raw_issuer_by_subject_key_id} (const char * @var{url}, const gnutls_datum_t * @var{dn}, const gnutls_datum_t * @var{spki}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) -@var{url}: A PKCS 11 url identifying a token - -@var{dn}: is the DN to search for (may be @code{NULL} ) - -@var{spki}: is the subject key ID to search for - -@var{issuer}: Will hold the issuer if any in an allocated buffer. - -@var{fmt}: The format of the exported issuer. - -@var{flags}: Use zero or flags from @code{GNUTLS_PKCS11_OBJ_FLAG} . - -This function will return the certificate with the given DN and @code{spki} , if it -is stored in the token. By default only marked as trusted issuers -are retuned. If any issuer should be returned specify -@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY} in @code{flags} . - -The name of the function includes issuer because it can -be used to discover issuers of certificates. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.2 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.short b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.short deleted file mode 100644 index d27dbe9..0000000 --- a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs11_get_raw_issuer_by_subject_key_id} (const char * @var{url}, const gnutls_datum_t * @var{dn}, const gnutls_datum_t * @var{spki}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_init b/doc/functions/gnutls_pkcs11_init index 8ccfcef..699658a 100644 --- a/doc/functions/gnutls_pkcs11_init +++ b/doc/functions/gnutls_pkcs11_init @@ -13,8 +13,8 @@ read configuration files if @code{GNUTLS_PKCS11_FLAG_AUTO} is used or allow you to independently load PKCS 11 modules using @code{gnutls_pkcs11_add_provider()} if @code{GNUTLS_PKCS11_FLAG_MANUAL} is specified. -You don't need to call this function since GnuTLS 3.3.0 because it is being called -during the first request PKCS 11 operation. That call will assume the @code{GNUTLS_PKCS11_FLAG_AUTO} +Normally you don't need to call this function since it is being called +when the first PKCS 11 operation is requested using the @code{GNUTLS_PKCS11_FLAG_AUTO} flag. If another flags are required then it must be called independently prior to any PKCS 11 operation. diff --git a/doc/functions/gnutls_pkcs11_obj_deinit b/doc/functions/gnutls_pkcs11_obj_deinit index e4d8539..1e9ed8a 100644 --- a/doc/functions/gnutls_pkcs11_obj_deinit +++ b/doc/functions/gnutls_pkcs11_obj_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_pkcs11_obj_deinit} (gnutls_pkcs11_obj_t @var{obj}) -@var{obj}: The type to be deinitialized +@var{obj}: The structure to be initialized This function will deinitialize a certificate structure. diff --git a/doc/functions/gnutls_pkcs11_obj_flags_get_str b/doc/functions/gnutls_pkcs11_obj_flags_get_str deleted file mode 100644 index ac8d193..0000000 --- a/doc/functions/gnutls_pkcs11_obj_flags_get_str +++ /dev/null @@ -1,15 +0,0 @@ - - - - -@deftypefun {char *} {gnutls_pkcs11_obj_flags_get_str} (unsigned int @var{flags}) -@var{flags}: holds the flags - -This function given an or-sequence of @code{GNUTLS_PKCS11_OBJ_FLAG_MARK} , -will return an allocated string with its description. The string -needs to be deallocated using @code{gnutls_free()} . - -@strong{Returns:} If flags is zero @code{NULL} is returned, otherwise an allocated string. - -@strong{Since:} 3.3.7 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_flags_get_str.short b/doc/functions/gnutls_pkcs11_obj_flags_get_str.short deleted file mode 100644 index 535d55a..0000000 --- a/doc/functions/gnutls_pkcs11_obj_flags_get_str.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{char *} @ref{gnutls_pkcs11_obj_flags_get_str} (unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_get_exts b/doc/functions/gnutls_pkcs11_obj_get_exts deleted file mode 100644 index bbe56f5..0000000 --- a/doc/functions/gnutls_pkcs11_obj_get_exts +++ /dev/null @@ -1,21 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs11_obj_get_exts} (gnutls_pkcs11_obj_t @var{obj}, gnutls_x509_ext_st ** @var{exts}, unsigned int * @var{exts_size}, unsigned int @var{flags}) -@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type - -@var{exts}: an allocated list of pointers to @code{gnutls_x509_ext_st} - -@var{exts_size}: the number of @code{exts} - -@var{flags}: Or sequence of @code{GNUTLS_PKCS11_OBJ_} * flags - -This function will return information about attached extensions -that associate to the provided object (which should be a certificate). -The extensions are the attached p11-kit trust module extensions. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. - -@strong{Since:} 3.3.8 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_get_exts.short b/doc/functions/gnutls_pkcs11_obj_get_exts.short deleted file mode 100644 index bf7b110..0000000 --- a/doc/functions/gnutls_pkcs11_obj_get_exts.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs11_obj_get_exts} (gnutls_pkcs11_obj_t @var{obj}, gnutls_x509_ext_st ** @var{exts}, unsigned int * @var{exts_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_get_flags b/doc/functions/gnutls_pkcs11_obj_get_flags deleted file mode 100644 index 430657f..0000000 --- a/doc/functions/gnutls_pkcs11_obj_get_flags +++ /dev/null @@ -1,18 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs11_obj_get_flags} (gnutls_pkcs11_obj_t @var{obj}, unsigned int * @var{oflags}) -@var{obj}: The pkcs11 object - -@var{oflags}: Will hold the output flags - -This function will return the flags of the object. -The @code{oflags} will be flags from @code{gnutls_pkcs11_obj_flags} . That is, -the @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_} * flags. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.3.7 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_get_flags.short b/doc/functions/gnutls_pkcs11_obj_get_flags.short deleted file mode 100644 index a405edc..0000000 --- a/doc/functions/gnutls_pkcs11_obj_get_flags.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs11_obj_get_flags} (gnutls_pkcs11_obj_t @var{obj}, unsigned int * @var{oflags}) diff --git a/doc/functions/gnutls_pkcs11_obj_get_info b/doc/functions/gnutls_pkcs11_obj_get_info index ecd6d15..8331296 100644 --- a/doc/functions/gnutls_pkcs11_obj_get_info +++ b/doc/functions/gnutls_pkcs11_obj_get_info @@ -2,8 +2,8 @@ -@deftypefun {int} {gnutls_pkcs11_obj_get_info} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size}) -@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type +@deftypefun {int} {gnutls_pkcs11_obj_get_info} (gnutls_pkcs11_obj_t @var{crt}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size}) +@var{crt}: should contain a @code{gnutls_pkcs11_obj_t} structure @var{itype}: Denotes the type of information requested diff --git a/doc/functions/gnutls_pkcs11_obj_get_info.short b/doc/functions/gnutls_pkcs11_obj_get_info.short index a13017e..a3fd506 100644 --- a/doc/functions/gnutls_pkcs11_obj_get_info.short +++ b/doc/functions/gnutls_pkcs11_obj_get_info.short @@ -1 +1 @@ -@item @var{int} @ref{gnutls_pkcs11_obj_get_info} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size}) +@item @var{int} @ref{gnutls_pkcs11_obj_get_info} (gnutls_pkcs11_obj_t @var{crt}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size}) diff --git a/doc/functions/gnutls_pkcs11_obj_get_type b/doc/functions/gnutls_pkcs11_obj_get_type index 8d8fd73..d8b4d59 100644 --- a/doc/functions/gnutls_pkcs11_obj_get_type +++ b/doc/functions/gnutls_pkcs11_obj_get_type @@ -5,10 +5,10 @@ @deftypefun {gnutls_pkcs11_obj_type_t} {gnutls_pkcs11_obj_get_type} (gnutls_pkcs11_obj_t @var{obj}) @var{obj}: Holds the PKCS 11 object -This function will return the type of the object being +This function will return the type of the certificate being stored in the structure. -@strong{Returns:} The type of the object +@strong{Returns:} The type of the certificate. @strong{Since:} 2.12.0 @end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_import_url b/doc/functions/gnutls_pkcs11_obj_import_url index 81e41a3..0e58938 100644 --- a/doc/functions/gnutls_pkcs11_obj_import_url +++ b/doc/functions/gnutls_pkcs11_obj_import_url @@ -7,10 +7,10 @@ @var{url}: a PKCS 11 url identifying the key -@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags This function will "import" a PKCS 11 URL identifying an object (e.g. certificate) -to the @code{gnutls_pkcs11_obj_t} type. This does not involve any +to the @code{gnutls_pkcs11_obj_t} structure. This does not involve any parsing (such as X.509 or OpenPGP) since the @code{gnutls_pkcs11_obj_t} is format agnostic. Only data are transferred. diff --git a/doc/functions/gnutls_pkcs11_obj_init b/doc/functions/gnutls_pkcs11_obj_init index 6e4679e..3f5e56f 100644 --- a/doc/functions/gnutls_pkcs11_obj_init +++ b/doc/functions/gnutls_pkcs11_obj_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs11_obj_init} (gnutls_pkcs11_obj_t * @var{obj}) -@var{obj}: A pointer to the type to be initialized +@var{obj}: The structure to be initialized This function will initialize a pkcs11 certificate structure. diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url b/doc/functions/gnutls_pkcs11_obj_list_import_url new file mode 100644 index 0000000..3dea9b9 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_list_import_url @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_list_import_url} (gnutls_pkcs11_obj_t * @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, gnutls_pkcs11_obj_attr_t @var{attrs}, unsigned int @var{flags}) +@var{p_list}: An uninitialized object list (may be NULL) + +@var{n_list}: initially should hold the maximum size of the list. Will contain the actual size. + +@var{url}: A PKCS 11 url identifying a set of objects + +@var{attrs}: Attributes of type @code{gnutls_pkcs11_obj_attr_t} that can be used to limit output + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags + +This function will initialize and set values to an object list +by using all objects identified by a PKCS 11 URL. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url.short b/doc/functions/gnutls_pkcs11_obj_list_import_url.short new file mode 100644 index 0000000..84f5921 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_list_import_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_list_import_url} (gnutls_pkcs11_obj_t * @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, gnutls_pkcs11_obj_attr_t @var{attrs}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url2 b/doc/functions/gnutls_pkcs11_obj_list_import_url2 new file mode 100644 index 0000000..5d15e13 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_list_import_url2 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_list_import_url2} (gnutls_pkcs11_obj_t ** @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, gnutls_pkcs11_obj_attr_t @var{attrs}, unsigned int @var{flags}) +@var{p_list}: An uninitialized object list (may be NULL) + +@var{n_list}: It will contain the size of the list. + +@var{url}: A PKCS 11 url identifying a set of objects + +@var{attrs}: Attributes of type @code{gnutls_pkcs11_obj_attr_t} that can be used to limit output + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags + +This function will initialize and set values to an object list +by using all objects identified by the PKCS 11 URL. The output +is stored in @code{p_list} , which will be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url2.short b/doc/functions/gnutls_pkcs11_obj_list_import_url2.short new file mode 100644 index 0000000..6ec2579 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_list_import_url2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_list_import_url2} (gnutls_pkcs11_obj_t ** @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, gnutls_pkcs11_obj_attr_t @var{attrs}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url3 b/doc/functions/gnutls_pkcs11_obj_list_import_url3 deleted file mode 100644 index 169f415..0000000 --- a/doc/functions/gnutls_pkcs11_obj_list_import_url3 +++ /dev/null @@ -1,27 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs11_obj_list_import_url3} (gnutls_pkcs11_obj_t * @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, unsigned int @var{flags}) -@var{p_list}: An uninitialized object list (may be NULL) - -@var{n_list}: initially should hold the maximum size of the list. Will contain the actual size. - -@var{url}: A PKCS 11 url identifying a set of objects - -@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags - -This function will initialize and set values to an object list -by using all objects identified by a PKCS 11 URL. - -The supported in this function @code{flags} are @code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN} , -@code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE} , -@code{GNUTLS_PKCS11_OBJ_FLAG_CRT} , @code{GNUTLS_PKCS11_OBJ_FLAG_PUBKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY} , -@code{GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} , -@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url3.short b/doc/functions/gnutls_pkcs11_obj_list_import_url3.short deleted file mode 100644 index 5fe1632..0000000 --- a/doc/functions/gnutls_pkcs11_obj_list_import_url3.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs11_obj_list_import_url3} (gnutls_pkcs11_obj_t * @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url4 b/doc/functions/gnutls_pkcs11_obj_list_import_url4 deleted file mode 100644 index e505cd5..0000000 --- a/doc/functions/gnutls_pkcs11_obj_list_import_url4 +++ /dev/null @@ -1,31 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs11_obj_list_import_url4} (gnutls_pkcs11_obj_t ** @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, unsigned int @var{flags}) -@var{p_list}: An uninitialized object list (may be NULL) - -@var{n_list}: It will contain the size of the list. - -@var{url}: A PKCS 11 url identifying a set of objects - -@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags - -This function will initialize and set values to an object list -by using all objects identified by the PKCS 11 URL. The output -is stored in @code{p_list} , which will be initialized. - -All returned objects must be deinitialized using @code{gnutls_pkcs11_obj_deinit()} , -and @code{p_list} must be free'd using @code{gnutls_free()} . - -The supported in this function @code{flags} are @code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN} , -@code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE} , -@code{GNUTLS_PKCS11_OBJ_FLAG_CRT} , @code{GNUTLS_PKCS11_OBJ_FLAG_PUBKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY} , -@code{GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} , -@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url4.short b/doc/functions/gnutls_pkcs11_obj_list_import_url4.short deleted file mode 100644 index d6abf75..0000000 --- a/doc/functions/gnutls_pkcs11_obj_list_import_url4.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs11_obj_list_import_url4} (gnutls_pkcs11_obj_t ** @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_set_info b/doc/functions/gnutls_pkcs11_obj_set_info deleted file mode 100644 index 37b1489..0000000 --- a/doc/functions/gnutls_pkcs11_obj_set_info +++ /dev/null @@ -1,23 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs11_obj_set_info} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_obj_info_t @var{itype}, const void * @var{data}, size_t @var{data_size}, unsigned @var{flags}) -@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type - -@var{itype}: Denotes the type of information to be set - -@var{data}: the data to set - -@var{data_size}: the size of data - -@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags - -This function will set attributes on the provided object. -Available options for @code{itype} are @code{GNUTLS_PKCS11_OBJ_LABEL} , -@code{GNUTLS_PKCS11_OBJ_ID_HEX} , and @code{GNUTLS_PKCS11_OBJ_ID} . - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_set_info.short b/doc/functions/gnutls_pkcs11_obj_set_info.short deleted file mode 100644 index 5a335b2..0000000 --- a/doc/functions/gnutls_pkcs11_obj_set_info.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs11_obj_set_info} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_obj_info_t @var{itype}, const void * @var{data}, size_t @var{data_size}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_privkey_cpy b/doc/functions/gnutls_pkcs11_privkey_cpy deleted file mode 100644 index 91e78aa..0000000 --- a/doc/functions/gnutls_pkcs11_privkey_cpy +++ /dev/null @@ -1,17 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs11_privkey_cpy} (gnutls_pkcs11_privkey_t @var{dst}, gnutls_pkcs11_privkey_t @var{src}) -@var{dst}: The destination key, which should be initialized. - -@var{src}: The source key - -This function will copy a private key from source to destination -key. Destination has to be initialized. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_cpy.short b/doc/functions/gnutls_pkcs11_privkey_cpy.short deleted file mode 100644 index 70725ee..0000000 --- a/doc/functions/gnutls_pkcs11_privkey_cpy.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs11_privkey_cpy} (gnutls_pkcs11_privkey_t @var{dst}, gnutls_pkcs11_privkey_t @var{src}) diff --git a/doc/functions/gnutls_pkcs11_privkey_deinit b/doc/functions/gnutls_pkcs11_privkey_deinit index 44485ea..2d4ad2a 100644 --- a/doc/functions/gnutls_pkcs11_privkey_deinit +++ b/doc/functions/gnutls_pkcs11_privkey_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_pkcs11_privkey_deinit} (gnutls_pkcs11_privkey_t @var{key}) -@var{key}: the key to be deinitialized +@var{key}: The structure to be initialized This function will deinitialize a private key structure. @end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_export_pubkey b/doc/functions/gnutls_pkcs11_privkey_export_pubkey deleted file mode 100644 index 719f4cc..0000000 --- a/doc/functions/gnutls_pkcs11_privkey_export_pubkey +++ /dev/null @@ -1,23 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs11_privkey_export_pubkey} (gnutls_pkcs11_privkey_t @var{pkey}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{data}, unsigned int @var{flags}) -@var{pkey}: The private key - -@var{fmt}: the format of output params. PEM or DER. - -@var{data}: will hold the public key - -@var{flags}: should be zero - -This function will extract the public key (modulus and public -exponent) from the private key specified by the @code{url} private key. -This public key will be stored in @code{pubkey} in the format specified -by @code{fmt} . @code{pubkey} should be deinitialized using @code{gnutls_free()} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.3.7 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_export_pubkey.short b/doc/functions/gnutls_pkcs11_privkey_export_pubkey.short deleted file mode 100644 index a98ebb5..0000000 --- a/doc/functions/gnutls_pkcs11_privkey_export_pubkey.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs11_privkey_export_pubkey} (gnutls_pkcs11_privkey_t @var{pkey}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{data}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_privkey_generate2 b/doc/functions/gnutls_pkcs11_privkey_generate2 index 607c00f..e95bc2e 100644 --- a/doc/functions/gnutls_pkcs11_privkey_generate2 +++ b/doc/functions/gnutls_pkcs11_privkey_generate2 @@ -11,11 +11,11 @@ @var{label}: a label -@var{fmt}: the format of output params. PEM or DER +@var{fmt}: the format of output params. PEM or DER. @var{pubkey}: will hold the public key (may be @code{NULL} ) -@var{flags}: zero or an OR'ed sequence of @code{GNUTLS_PKCS11_OBJ_FLAGs} +@var{flags}: should be zero This function will generate a private key in the specified by the @code{url} token. The private key will be generate within @@ -23,10 +23,6 @@ the token and will not be exportable. This function will store the DER-encoded public key in the SubjectPublicKeyInfo format in @code{pubkey} . The @code{pubkey} should be deinitialized using @code{gnutls_free()} . -Note that when generating an elliptic curve key, the curve -can be substituted in the place of the bits parameter using the -@code{GNUTLS_CURVE_TO_BITS()} macro. - @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_pkcs11_privkey_generate3 b/doc/functions/gnutls_pkcs11_privkey_generate3 deleted file mode 100644 index 56daa94..0000000 --- a/doc/functions/gnutls_pkcs11_privkey_generate3 +++ /dev/null @@ -1,38 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs11_privkey_generate3} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, const gnutls_datum_t * @var{cid}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{pubkey}, unsigned int @var{key_usage}, unsigned int @var{flags}) -@var{url}: a token URL - -@var{pk}: the public key algorithm - -@var{bits}: the security bits - -@var{label}: a label - -@var{cid}: The CKA_ID to use for the new object - -@var{fmt}: the format of output params. PEM or DER - -@var{pubkey}: will hold the public key (may be @code{NULL} ) - -@var{key_usage}: One of GNUTLS_KEY_* - -@var{flags}: zero or an OR'ed sequence of @code{GNUTLS_PKCS11_OBJ_FLAGs} - -This function will generate a private key in the specified -by the @code{url} token. The private key will be generate within -the token and will not be exportable. This function will -store the DER-encoded public key in the SubjectPublicKeyInfo format -in @code{pubkey} . The @code{pubkey} should be deinitialized using @code{gnutls_free()} . - -Note that when generating an elliptic curve key, the curve -can be substituted in the place of the bits parameter using the -@code{GNUTLS_CURVE_TO_BITS()} macro. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_generate3.short b/doc/functions/gnutls_pkcs11_privkey_generate3.short deleted file mode 100644 index cc8d0c9..0000000 --- a/doc/functions/gnutls_pkcs11_privkey_generate3.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs11_privkey_generate3} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, const gnutls_datum_t * @var{cid}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{pubkey}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_privkey_get_info b/doc/functions/gnutls_pkcs11_privkey_get_info index e184716..408c5b0 100644 --- a/doc/functions/gnutls_pkcs11_privkey_get_info +++ b/doc/functions/gnutls_pkcs11_privkey_get_info @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs11_privkey_get_info} (gnutls_pkcs11_privkey_t @var{pkey}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size}) -@var{pkey}: should contain a @code{gnutls_pkcs11_privkey_t} type +@var{pkey}: should contain a @code{gnutls_pkcs11_privkey_t} structure @var{itype}: Denotes the type of information requested diff --git a/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm b/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm index 6f367d4..0369fcf 100644 --- a/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm +++ b/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs11_privkey_get_pk_algorithm} (gnutls_pkcs11_privkey_t @var{key}, unsigned int * @var{bits}) -@var{key}: should contain a @code{gnutls_pkcs11_privkey_t} type +@var{key}: should contain a @code{gnutls_pkcs11_privkey_t} structure @var{bits}: if bits is non null it will hold the size of the parameters' in bits diff --git a/doc/functions/gnutls_pkcs11_privkey_import_url b/doc/functions/gnutls_pkcs11_privkey_import_url index 122a8e6..4553aad 100644 --- a/doc/functions/gnutls_pkcs11_privkey_import_url +++ b/doc/functions/gnutls_pkcs11_privkey_import_url @@ -3,14 +3,14 @@ @deftypefun {int} {gnutls_pkcs11_privkey_import_url} (gnutls_pkcs11_privkey_t @var{pkey}, const char * @var{url}, unsigned int @var{flags}) -@var{pkey}: The private key +@var{pkey}: The structure to store the parsed key @var{url}: a PKCS 11 url identifying the key -@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags +@var{flags}: sequence of GNUTLS_PKCS_PRIVKEY_* This function will "import" a PKCS 11 URL identifying a private -key to the @code{gnutls_pkcs11_privkey_t} type. In reality since +key to the @code{gnutls_pkcs11_privkey_t} structure. In reality since in most cases keys cannot be exported, the private key structure is being associated with the available operations on the token. diff --git a/doc/functions/gnutls_pkcs11_privkey_init b/doc/functions/gnutls_pkcs11_privkey_init index c58e717..fdadab4 100644 --- a/doc/functions/gnutls_pkcs11_privkey_init +++ b/doc/functions/gnutls_pkcs11_privkey_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs11_privkey_init} (gnutls_pkcs11_privkey_t * @var{key}) -@var{key}: A pointer to the type to be initialized +@var{key}: The structure to be initialized This function will initialize an private key structure. diff --git a/doc/functions/gnutls_pkcs12_bag_deinit b/doc/functions/gnutls_pkcs12_bag_deinit index 3292568..8d6fa66 100644 --- a/doc/functions/gnutls_pkcs12_bag_deinit +++ b/doc/functions/gnutls_pkcs12_bag_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_pkcs12_bag_deinit} (gnutls_pkcs12_bag_t @var{bag}) -@var{bag}: A pointer to the type to be initialized +@var{bag}: The structure to be initialized This function will deinitialize a PKCS12 Bag structure. @end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_enc_info b/doc/functions/gnutls_pkcs12_bag_enc_info deleted file mode 100644 index 9824bf1..0000000 --- a/doc/functions/gnutls_pkcs12_bag_enc_info +++ /dev/null @@ -1,30 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs12_bag_enc_info} (gnutls_pkcs12_bag_t @var{bag}, unsigned int * @var{schema}, unsigned int * @var{cipher}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) -@var{bag}: The bag - -@var{schema}: indicate the schema as one of @code{gnutls_pkcs_encrypt_flags_t} - -@var{cipher}: the cipher used as @code{gnutls_cipher_algorithm_t} - -@var{salt}: PBKDF2 salt (if non-NULL then @code{salt_size} initially holds its size) - -@var{salt_size}: PBKDF2 salt size - -@var{iter_count}: PBKDF2 iteration count - -@var{oid}: if non-NULL it will contain an allocated null-terminated variable with the OID - -This function will provide information on the encryption algorithms used -in an encrypted bag. If the structure algorithms -are unknown the code @code{GNUTLS_E_UNKNOWN_CIPHER_TYPE} will be returned, -and only @code{oid} , will be set. That is, @code{oid} will be set on encrypted bags -whether supported or not. It must be deinitialized using @code{gnutls_free()} . -The other variables are only set on supported structures. - -@strong{Returns:} @code{GNUTLS_E_INVALID_REQUEST} if the provided bag isn't encrypted, -@code{GNUTLS_E_UNKNOWN_CIPHER_TYPE} if the structure's encryption isn't supported, or -another negative error code in case of a failure. Zero on success. -@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_enc_info.short b/doc/functions/gnutls_pkcs12_bag_enc_info.short deleted file mode 100644 index ee06a74..0000000 --- a/doc/functions/gnutls_pkcs12_bag_enc_info.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs12_bag_enc_info} (gnutls_pkcs12_bag_t @var{bag}, unsigned int * @var{schema}, unsigned int * @var{cipher}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) diff --git a/doc/functions/gnutls_pkcs12_bag_get_count b/doc/functions/gnutls_pkcs12_bag_get_count index 277029d..d2a519c 100644 --- a/doc/functions/gnutls_pkcs12_bag_get_count +++ b/doc/functions/gnutls_pkcs12_bag_get_count @@ -5,7 +5,7 @@ @deftypefun {int} {gnutls_pkcs12_bag_get_count} (gnutls_pkcs12_bag_t @var{bag}) @var{bag}: The bag -This function will return the number of the elements within the bag. +This function will return the number of the elements withing the bag. @strong{Returns:} Number of elements in bag, or an negative error code on error. diff --git a/doc/functions/gnutls_pkcs12_bag_init b/doc/functions/gnutls_pkcs12_bag_init index 05f7557..11c4a02 100644 --- a/doc/functions/gnutls_pkcs12_bag_init +++ b/doc/functions/gnutls_pkcs12_bag_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs12_bag_init} (gnutls_pkcs12_bag_t * @var{bag}) -@var{bag}: A pointer to the type to be initialized +@var{bag}: The structure to be initialized This function will initialize a PKCS12 bag structure. PKCS12 Bags usually contain private keys, lists of X.509 Certificates and X.509 diff --git a/doc/functions/gnutls_pkcs12_bag_set_privkey b/doc/functions/gnutls_pkcs12_bag_set_privkey deleted file mode 100644 index 22bfd73..0000000 --- a/doc/functions/gnutls_pkcs12_bag_set_privkey +++ /dev/null @@ -1,19 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs12_bag_set_privkey} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_privkey_t @var{privkey}, const char * @var{password}, unsigned @var{flags}) -@var{bag}: The bag - -@var{privkey}: the private key to be copied. - -@var{password}: the password to protect the key with (may be @code{NULL} ) - -@var{flags}: should be one of @code{gnutls_pkcs_encrypt_flags_t} elements bitwise or'd - -This function will insert the given private key into the -bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()} . - -@strong{Returns:} the index of the added bag on success, or a negative -value on failure. -@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_set_privkey.short b/doc/functions/gnutls_pkcs12_bag_set_privkey.short deleted file mode 100644 index 0d2f86a..0000000 --- a/doc/functions/gnutls_pkcs12_bag_set_privkey.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs12_bag_set_privkey} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_privkey_t @var{privkey}, const char * @var{password}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs12_deinit b/doc/functions/gnutls_pkcs12_deinit index 6965a01..52bb27c 100644 --- a/doc/functions/gnutls_pkcs12_deinit +++ b/doc/functions/gnutls_pkcs12_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_pkcs12_deinit} (gnutls_pkcs12_t @var{pkcs12}) -@var{pkcs12}: The type to be initialized +@var{pkcs12}: The structure to be initialized -This function will deinitialize a PKCS12 type. +This function will deinitialize a PKCS12 structure. @end deftypefun diff --git a/doc/functions/gnutls_pkcs12_export b/doc/functions/gnutls_pkcs12_export index a05d3fb..a10ab69 100644 --- a/doc/functions/gnutls_pkcs12_export +++ b/doc/functions/gnutls_pkcs12_export @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs12_export} (gnutls_pkcs12_t @var{pkcs12}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) -@var{pkcs12}: A pkcs12 type +@var{pkcs12}: Holds the pkcs12 structure @var{format}: the format of output params. One of PEM or DER. diff --git a/doc/functions/gnutls_pkcs12_export2 b/doc/functions/gnutls_pkcs12_export2 index b711a29..ae84978 100644 --- a/doc/functions/gnutls_pkcs12_export2 +++ b/doc/functions/gnutls_pkcs12_export2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs12_export2} (gnutls_pkcs12_t @var{pkcs12}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) -@var{pkcs12}: A pkcs12 type +@var{pkcs12}: Holds the pkcs12 structure @var{format}: the format of output params. One of PEM or DER. diff --git a/doc/functions/gnutls_pkcs12_generate_mac b/doc/functions/gnutls_pkcs12_generate_mac index 6334e65..c1240c6 100644 --- a/doc/functions/gnutls_pkcs12_generate_mac +++ b/doc/functions/gnutls_pkcs12_generate_mac @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs12_generate_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass}) -@var{pkcs12}: A pkcs12 type +@var{pkcs12}: should contain a gnutls_pkcs12_t structure @var{pass}: The password for the MAC diff --git a/doc/functions/gnutls_pkcs12_generate_mac2 b/doc/functions/gnutls_pkcs12_generate_mac2 deleted file mode 100644 index de993d1..0000000 --- a/doc/functions/gnutls_pkcs12_generate_mac2 +++ /dev/null @@ -1,16 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs12_generate_mac2} (gnutls_pkcs12_t @var{pkcs12}, gnutls_mac_algorithm_t @var{mac}, const char * @var{pass}) -@var{pkcs12}: A pkcs12 type - -@var{mac}: the MAC algorithm to use - -@var{pass}: The password for the MAC - -This function will generate a MAC for the PKCS12 structure. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. -@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_generate_mac2.short b/doc/functions/gnutls_pkcs12_generate_mac2.short deleted file mode 100644 index c3d6542..0000000 --- a/doc/functions/gnutls_pkcs12_generate_mac2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs12_generate_mac2} (gnutls_pkcs12_t @var{pkcs12}, gnutls_mac_algorithm_t @var{mac}, const char * @var{pass}) diff --git a/doc/functions/gnutls_pkcs12_get_bag b/doc/functions/gnutls_pkcs12_get_bag index 555d157..874b30c 100644 --- a/doc/functions/gnutls_pkcs12_get_bag +++ b/doc/functions/gnutls_pkcs12_get_bag @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs12_get_bag} (gnutls_pkcs12_t @var{pkcs12}, int @var{indx}, gnutls_pkcs12_bag_t @var{bag}) -@var{pkcs12}: A pkcs12 type +@var{pkcs12}: should contain a gnutls_pkcs12_t structure @var{indx}: contains the index of the bag to extract diff --git a/doc/functions/gnutls_pkcs12_import b/doc/functions/gnutls_pkcs12_import index a1691f7..be23f64 100644 --- a/doc/functions/gnutls_pkcs12_import +++ b/doc/functions/gnutls_pkcs12_import @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs12_import} (gnutls_pkcs12_t @var{pkcs12}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) -@var{pkcs12}: The data to store the parsed PKCS12. +@var{pkcs12}: The structure to store the parsed PKCS12. @var{data}: The DER or PEM encoded PKCS12. diff --git a/doc/functions/gnutls_pkcs12_init b/doc/functions/gnutls_pkcs12_init index d870717..809d30c 100644 --- a/doc/functions/gnutls_pkcs12_init +++ b/doc/functions/gnutls_pkcs12_init @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_pkcs12_init} (gnutls_pkcs12_t * @var{pkcs12}) -@var{pkcs12}: A pointer to the type to be initialized +@var{pkcs12}: The structure to be initialized -This function will initialize a PKCS12 type. PKCS12 structures +This function will initialize a PKCS12 structure. PKCS12 structures usually contain lists of X.509 Certificates and X.509 Certificate revocation lists. diff --git a/doc/functions/gnutls_pkcs12_mac_info b/doc/functions/gnutls_pkcs12_mac_info deleted file mode 100644 index 79941b4..0000000 --- a/doc/functions/gnutls_pkcs12_mac_info +++ /dev/null @@ -1,28 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs12_mac_info} (gnutls_pkcs12_t @var{pkcs12}, unsigned int * @var{mac}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) -@var{pkcs12}: A pkcs12 type - -@var{mac}: the MAC algorithm used as @code{gnutls_mac_algorithm_t} - -@var{salt}: the salt used for string to key (if non-NULL then @code{salt_size} initially holds its size) - -@var{salt_size}: string to key salt size - -@var{iter_count}: string to key iteration count - -@var{oid}: if non-NULL it will contain an allocated null-terminated variable with the OID - -This function will provide information on the MAC algorithm used -in a PKCS @code{12} structure. If the structure algorithms -are unknown the code @code{GNUTLS_E_UNKNOWN_HASH_ALGORITHM} will be returned, -and only @code{oid} , will be set. That is, @code{oid} will be set on structures -with a MAC whether supported or not. It must be deinitialized using @code{gnutls_free()} . -The other variables are only set on supported structures. - -@strong{Returns:} @code{GNUTLS_E_INVALID_REQUEST} if the provided structure doesn't contain a MAC, -@code{GNUTLS_E_UNKNOWN_HASH_ALGORITHM} if the structure's MAC isn't supported, or -another negative error code in case of a failure. Zero on success. -@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_mac_info.short b/doc/functions/gnutls_pkcs12_mac_info.short deleted file mode 100644 index 10e34f1..0000000 --- a/doc/functions/gnutls_pkcs12_mac_info.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs12_mac_info} (gnutls_pkcs12_t @var{pkcs12}, unsigned int * @var{mac}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) diff --git a/doc/functions/gnutls_pkcs12_set_bag b/doc/functions/gnutls_pkcs12_set_bag index 1a54d36..f20eb20 100644 --- a/doc/functions/gnutls_pkcs12_set_bag +++ b/doc/functions/gnutls_pkcs12_set_bag @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs12_set_bag} (gnutls_pkcs12_t @var{pkcs12}, gnutls_pkcs12_bag_t @var{bag}) -@var{pkcs12}: should contain a gnutls_pkcs12_t type +@var{pkcs12}: should contain a gnutls_pkcs12_t structure @var{bag}: An initialized bag diff --git a/doc/functions/gnutls_pkcs12_simple_parse b/doc/functions/gnutls_pkcs12_simple_parse index eb037b6..c673098 100644 --- a/doc/functions/gnutls_pkcs12_simple_parse +++ b/doc/functions/gnutls_pkcs12_simple_parse @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_pkcs12_simple_parse} (gnutls_pkcs12_t @var{p12}, const char * @var{password}, gnutls_x509_privkey_t * @var{key}, gnutls_x509_crt_t ** @var{chain}, unsigned int * @var{chain_len}, gnutls_x509_crt_t ** @var{extra_certs}, unsigned int * @var{extra_certs_len}, gnutls_x509_crl_t * @var{crl}, unsigned int @var{flags}) -@var{p12}: A pkcs12 type +@var{p12}: the PKCS12 blob. -@var{password}: optional password used to decrypt the structure, bags and keys. +@var{password}: optional password used to decrypt PKCS12 blob, bags and keys. @var{key}: a structure to store the parsed private key. @@ -14,7 +14,7 @@ @var{chain_len}: will be updated with the number of additional (may be @code{NULL} ) @var{extra_certs}: optional pointer to receive an array of additional -certificates found in the PKCS12 structure (may be @code{NULL} ). +certificates found in the PKCS12 blob (may be @code{NULL} ). @var{extra_certs_len}: will be updated with the number of additional certs (may be @code{NULL} ). @@ -23,23 +23,27 @@ certs (may be @code{NULL} ). @var{flags}: should be zero or one of GNUTLS_PKCS12_SP_* -This function parses a PKCS12 structure in @code{pkcs12} and extracts the -private key, the corresponding certificate chain, any additional +This function parses a PKCS12 blob in @code{p12blob} and extracts the +private key, the corresponding certificate chain, and any additional certificates and a CRL. -The @code{extra_certs} and @code{extra_certs_len} parameters are optional +The @code{extra_certs_ret} and @code{extra_certs_len} parameters are optional and both may be set to @code{NULL} . If either is non-@code{NULL} , then both must -be set. The value for @code{extra_certs} is allocated -using @code{gnutls_malloc()} . +be set. -Encrypted PKCS12 bags and PKCS8 private keys are supported, but -only with password based security and the same password for all -operations. +Encrypted PKCS12 bags and PKCS8 private keys are supported. However, +only password based security, and the same password for all +operations, are supported. -Note that a PKCS12 structure may contain many keys and/or certificates, -and there is no way to identify which key/certificate pair you want. -For this reason this function is useful for PKCS12 files that contain -only one key/certificate pair and/or one CRL. +A PKCS12 file may contain many keys and/or certificates, and there +is no way to identify which key/certificate pair you want. You +should make sure the PKCS12 file only contain one key/certificate +pair and/or one CRL. + +It is believed that the limitations of this function are acceptable +for common usage, and that any more flexibility would introduce +complexity that would make it harder to use this functionality at +all. If the provided structure has encrypted fields but no password is provided then this function returns @code{GNUTLS_E_DECRYPTION_FAILED} . @@ -49,11 +53,8 @@ certificates, to comply with TLS' requirements. If, however, the flag @code{GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED} is specified then self signed certificates will be included in the chain. -Prior to using this function the PKCS @code{12} structure integrity must -be verified using @code{gnutls_pkcs12_verify_mac()} . - @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. -@strong{Since:} 3.1.0 +@strong{Since:} 3.1 @end deftypefun diff --git a/doc/functions/gnutls_pkcs12_verify_mac b/doc/functions/gnutls_pkcs12_verify_mac index ad92cce..5c61e59 100644 --- a/doc/functions/gnutls_pkcs12_verify_mac +++ b/doc/functions/gnutls_pkcs12_verify_mac @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs12_verify_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass}) -@var{pkcs12}: should contain a gnutls_pkcs12_t type +@var{pkcs12}: should contain a gnutls_pkcs12_t structure @var{pass}: The password for the MAC diff --git a/doc/functions/gnutls_pkcs7_add_attr b/doc/functions/gnutls_pkcs7_add_attr deleted file mode 100644 index f79d79d..0000000 --- a/doc/functions/gnutls_pkcs7_add_attr +++ /dev/null @@ -1,22 +0,0 @@ - - - -@deftypefun {int} {gnutls_pkcs7_add_attr} (gnutls_pkcs7_attrs_t * @var{list}, const char * @var{oid}, gnutls_datum_t * @var{data}, unsigned @var{flags}) -@var{list}: A list of existing attributes or pointer to @code{NULL} for the first one - -@var{oid}: the OID of the attribute to be set - -@var{data}: the raw (DER-encoded) data of the attribute to be set - -@var{flags}: zero or @code{GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING} - -This function will set a PKCS @code{7} attribute in the provided list. -If this function fails, the previous list would be deallocated. - -Note that any attributes set with this function must either be -DER or BER encoded, unless a special flag is present. - -@strong{Returns:} On success, the new list head, otherwise @code{NULL} . - -@strong{Since:} 3.4.2 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_add_attr.short b/doc/functions/gnutls_pkcs7_add_attr.short deleted file mode 100644 index 72bd866..0000000 --- a/doc/functions/gnutls_pkcs7_add_attr.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs7_add_attr} (gnutls_pkcs7_attrs_t * @var{list}, const char * @var{oid}, gnutls_datum_t * @var{data}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs7_attrs_deinit b/doc/functions/gnutls_pkcs7_attrs_deinit deleted file mode 100644 index 42420da..0000000 --- a/doc/functions/gnutls_pkcs7_attrs_deinit +++ /dev/null @@ -1,11 +0,0 @@ - - - - -@deftypefun {void} {gnutls_pkcs7_attrs_deinit} (gnutls_pkcs7_attrs_t @var{list}) -@var{list}: A list of existing attributes - -This function will clear a PKCS @code{7} attribute list. - -@strong{Since:} 3.4.2 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_attrs_deinit.short b/doc/functions/gnutls_pkcs7_attrs_deinit.short deleted file mode 100644 index 81b9798..0000000 --- a/doc/functions/gnutls_pkcs7_attrs_deinit.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_pkcs7_attrs_deinit} (gnutls_pkcs7_attrs_t @var{list}) diff --git a/doc/functions/gnutls_pkcs7_deinit b/doc/functions/gnutls_pkcs7_deinit index f379946..1c3fdb4 100644 --- a/doc/functions/gnutls_pkcs7_deinit +++ b/doc/functions/gnutls_pkcs7_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_pkcs7_deinit} (gnutls_pkcs7_t @var{pkcs7}) -@var{pkcs7}: the type to be deinitialized +@var{pkcs7}: The structure to be initialized -This function will deinitialize a PKCS7 type. +This function will deinitialize a PKCS7 structure. @end deftypefun diff --git a/doc/functions/gnutls_pkcs7_delete_crl b/doc/functions/gnutls_pkcs7_delete_crl index 06cd484..5cdbc29 100644 --- a/doc/functions/gnutls_pkcs7_delete_crl +++ b/doc/functions/gnutls_pkcs7_delete_crl @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs7_delete_crl} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}) -@var{pkcs7}: The pkcs7 type +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure @var{indx}: the index of the crl to delete diff --git a/doc/functions/gnutls_pkcs7_delete_crt b/doc/functions/gnutls_pkcs7_delete_crt index 943cbe2..02a28df 100644 --- a/doc/functions/gnutls_pkcs7_delete_crt +++ b/doc/functions/gnutls_pkcs7_delete_crt @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs7_delete_crt} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}) -@var{pkcs7}: The pkcs7 type +@var{pkcs7}: should contain a gnutls_pkcs7_t structure @var{indx}: the index of the certificate to delete diff --git a/doc/functions/gnutls_pkcs7_export b/doc/functions/gnutls_pkcs7_export index ea35ba7..c190eec 100644 --- a/doc/functions/gnutls_pkcs7_export +++ b/doc/functions/gnutls_pkcs7_export @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs7_export} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) -@var{pkcs7}: The pkcs7 type +@var{pkcs7}: Holds the pkcs7 structure @var{format}: the format of output params. One of PEM or DER. diff --git a/doc/functions/gnutls_pkcs7_export2 b/doc/functions/gnutls_pkcs7_export2 index 54dc6d2..5e90a61 100644 --- a/doc/functions/gnutls_pkcs7_export2 +++ b/doc/functions/gnutls_pkcs7_export2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs7_export2} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) -@var{pkcs7}: The pkcs7 type +@var{pkcs7}: Holds the pkcs7 structure @var{format}: the format of output params. One of PEM or DER. diff --git a/doc/functions/gnutls_pkcs7_get_attr b/doc/functions/gnutls_pkcs7_get_attr deleted file mode 100644 index 0b7d0be..0000000 --- a/doc/functions/gnutls_pkcs7_get_attr +++ /dev/null @@ -1,25 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs7_get_attr} (gnutls_pkcs7_attrs_t @var{list}, unsigned @var{idx}, char ** @var{oid}, gnutls_datum_t * @var{data}, unsigned @var{flags}) -@var{list}: A list of existing attributes or @code{NULL} for the first one - -@var{idx}: the index of the attribute to get - -@var{oid}: the OID of the attribute (read-only) - -@var{data}: the raw data of the attribute - -@var{flags}: zero or @code{GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING} - -This function will get a PKCS @code{7} attribute from the provided list. -The OID is a constant string, but data will be allocated and must be -deinitialized by the caller. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned -if there are no data in the current index. - -@strong{Since:} 3.4.2 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_attr.short b/doc/functions/gnutls_pkcs7_get_attr.short deleted file mode 100644 index c946685..0000000 --- a/doc/functions/gnutls_pkcs7_get_attr.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs7_get_attr} (gnutls_pkcs7_attrs_t @var{list}, unsigned @var{idx}, char ** @var{oid}, gnutls_datum_t * @var{data}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs7_get_crl_count b/doc/functions/gnutls_pkcs7_get_crl_count index 186c233..ad1f5a0 100644 --- a/doc/functions/gnutls_pkcs7_get_crl_count +++ b/doc/functions/gnutls_pkcs7_get_crl_count @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_pkcs7_get_crl_count} (gnutls_pkcs7_t @var{pkcs7}) -@var{pkcs7}: The pkcs7 type +@var{pkcs7}: should contain a gnutls_pkcs7_t structure -This function will return the number of certificates in the PKCS7 +This function will return the number of certifcates in the PKCS7 or RFC2630 crl set. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a diff --git a/doc/functions/gnutls_pkcs7_get_crl_raw b/doc/functions/gnutls_pkcs7_get_crl_raw index a6ade4a..e9fbc7d 100644 --- a/doc/functions/gnutls_pkcs7_get_crl_raw +++ b/doc/functions/gnutls_pkcs7_get_crl_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs7_get_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, void * @var{crl}, size_t * @var{crl_size}) -@var{pkcs7}: The pkcs7 type +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure @var{indx}: contains the index of the crl to extract diff --git a/doc/functions/gnutls_pkcs7_get_crl_raw2 b/doc/functions/gnutls_pkcs7_get_crl_raw2 deleted file mode 100644 index 90e52f4..0000000 --- a/doc/functions/gnutls_pkcs7_get_crl_raw2 +++ /dev/null @@ -1,19 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs7_get_crl_raw2} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, gnutls_datum_t * @var{crl}) -@var{pkcs7}: The pkcs7 type - -@var{indx}: contains the index of the crl to extract - -@var{crl}: will contain the contents of the CRL in an allocated buffer - -This function will return a DER encoded CRL of the PKCS7 or RFC2630 crl set. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. After the last crl has been read -@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. - -@strong{Since:} 3.4.2 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crl_raw2.short b/doc/functions/gnutls_pkcs7_get_crl_raw2.short deleted file mode 100644 index 62ab5cc..0000000 --- a/doc/functions/gnutls_pkcs7_get_crl_raw2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs7_get_crl_raw2} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, gnutls_datum_t * @var{crl}) diff --git a/doc/functions/gnutls_pkcs7_get_crt_count b/doc/functions/gnutls_pkcs7_get_crt_count index 7124d95..3b0085f 100644 --- a/doc/functions/gnutls_pkcs7_get_crt_count +++ b/doc/functions/gnutls_pkcs7_get_crt_count @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_pkcs7_get_crt_count} (gnutls_pkcs7_t @var{pkcs7}) -@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure -This function will return the number of certificates in the PKCS7 +This function will return the number of certifcates in the PKCS7 or RFC2630 certificate set. -@strong{Returns:} On success, a positive number is returned, otherwise a +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crt_raw b/doc/functions/gnutls_pkcs7_get_crt_raw index 05a2d01..cceae5a 100644 --- a/doc/functions/gnutls_pkcs7_get_crt_raw +++ b/doc/functions/gnutls_pkcs7_get_crt_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs7_get_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, void * @var{certificate}, size_t * @var{certificate_size}) -@var{pkcs7}: should contain a gnutls_pkcs7_t type +@var{pkcs7}: should contain a gnutls_pkcs7_t structure @var{indx}: contains the index of the certificate to extract diff --git a/doc/functions/gnutls_pkcs7_get_crt_raw2 b/doc/functions/gnutls_pkcs7_get_crt_raw2 deleted file mode 100644 index 9b783e0..0000000 --- a/doc/functions/gnutls_pkcs7_get_crt_raw2 +++ /dev/null @@ -1,24 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs7_get_crt_raw2} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, gnutls_datum_t * @var{cert}) -@var{pkcs7}: should contain a gnutls_pkcs7_t type - -@var{indx}: contains the index of the certificate to extract - -@var{cert}: will hold the contents of the certificate; must be deallocated with @code{gnutls_free()} - -This function will return a certificate of the PKCS7 or RFC2630 -certificate set. - -After the last certificate has been read -@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. If the provided buffer is not long enough, -then @code{certificate_size} is updated and -@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned. - -@strong{Since:} 3.4.2 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crt_raw2.short b/doc/functions/gnutls_pkcs7_get_crt_raw2.short deleted file mode 100644 index b8a6c56..0000000 --- a/doc/functions/gnutls_pkcs7_get_crt_raw2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs7_get_crt_raw2} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, gnutls_datum_t * @var{cert}) diff --git a/doc/functions/gnutls_pkcs7_get_embedded_data b/doc/functions/gnutls_pkcs7_get_embedded_data deleted file mode 100644 index 0f3a574..0000000 --- a/doc/functions/gnutls_pkcs7_get_embedded_data +++ /dev/null @@ -1,24 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs7_get_embedded_data} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{idx}, gnutls_datum_t * @var{data}) -@var{pkcs7}: should contain a gnutls_pkcs7_t type - -@var{idx}: the index of the signature info to get the data from - -@var{data}: will hold the embedded data in the provided structure - -This function will return the data embedded in the signature of -the PKCS7 structure. If no data are available then -@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. - -Note, that since a PKCS@code{7} structure may contain embedded data -for each attached signature, this function accepts and index which -corresponds to the signature index to get the data from. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.8 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_embedded_data.short b/doc/functions/gnutls_pkcs7_get_embedded_data.short deleted file mode 100644 index dde8d05..0000000 --- a/doc/functions/gnutls_pkcs7_get_embedded_data.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs7_get_embedded_data} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{idx}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_pkcs7_get_signature_count b/doc/functions/gnutls_pkcs7_get_signature_count deleted file mode 100644 index 8f54cd4..0000000 --- a/doc/functions/gnutls_pkcs7_get_signature_count +++ /dev/null @@ -1,15 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs7_get_signature_count} (gnutls_pkcs7_t @var{pkcs7}) -@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type - -This function will return the number of signatures in the PKCS7 -structure. - -@strong{Returns:} On success, a positive number is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.3 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_signature_count.short b/doc/functions/gnutls_pkcs7_get_signature_count.short deleted file mode 100644 index bbe90d3..0000000 --- a/doc/functions/gnutls_pkcs7_get_signature_count.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs7_get_signature_count} (gnutls_pkcs7_t @var{pkcs7}) diff --git a/doc/functions/gnutls_pkcs7_get_signature_info b/doc/functions/gnutls_pkcs7_get_signature_info deleted file mode 100644 index db8a4a7..0000000 --- a/doc/functions/gnutls_pkcs7_get_signature_info +++ /dev/null @@ -1,20 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs7_get_signature_info} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{idx}, gnutls_pkcs7_signature_info_st * @var{info}) -@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type - -@var{idx}: the index of the signature info to check - -@var{info}: will contain the output signature - -This function will return information about the signature identified -by idx in the provided PKCS @code{7} structure. The information should be -deinitialized using @code{gnutls_pkcs7_signature_info_deinit()} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.2 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_signature_info.short b/doc/functions/gnutls_pkcs7_get_signature_info.short deleted file mode 100644 index 63d18a3..0000000 --- a/doc/functions/gnutls_pkcs7_get_signature_info.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs7_get_signature_info} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{idx}, gnutls_pkcs7_signature_info_st * @var{info}) diff --git a/doc/functions/gnutls_pkcs7_import b/doc/functions/gnutls_pkcs7_import index 0e4afd3..46e2400 100644 --- a/doc/functions/gnutls_pkcs7_import +++ b/doc/functions/gnutls_pkcs7_import @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs7_import} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) -@var{pkcs7}: The data to store the parsed PKCS7. +@var{pkcs7}: The structure to store the parsed PKCS7. @var{data}: The DER or PEM encoded PKCS7. diff --git a/doc/functions/gnutls_pkcs7_init b/doc/functions/gnutls_pkcs7_init index 4120d5e..d3ecf5c 100644 --- a/doc/functions/gnutls_pkcs7_init +++ b/doc/functions/gnutls_pkcs7_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs7_init} (gnutls_pkcs7_t * @var{pkcs7}) -@var{pkcs7}: A pointer to the type to be initialized +@var{pkcs7}: The structure to be initialized This function will initialize a PKCS7 structure. PKCS7 structures usually contain lists of X.509 Certificates and X.509 Certificate diff --git a/doc/functions/gnutls_pkcs7_print b/doc/functions/gnutls_pkcs7_print deleted file mode 100644 index 1c3b241..0000000 --- a/doc/functions/gnutls_pkcs7_print +++ /dev/null @@ -1,22 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs7_print} (gnutls_pkcs7_t @var{pkcs7}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) -@var{pkcs7}: The PKCS7 struct to be printed - -@var{format}: Indicate the format to use - -@var{out}: Newly allocated datum with null terminated string. - -This function will pretty print a signed PKCS @code{7} structure, suitable for -display to a human. - -Currently the supported formats are @code{GNUTLS_CRT_PRINT_FULL} and -@code{GNUTLS_CRT_PRINT_COMPACT} . - -The output @code{out} needs to be deallocated using @code{gnutls_free()} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. -@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_print.short b/doc/functions/gnutls_pkcs7_print.short deleted file mode 100644 index fbb9943..0000000 --- a/doc/functions/gnutls_pkcs7_print.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs7_print} (gnutls_pkcs7_t @var{pkcs7}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pkcs7_set_crl b/doc/functions/gnutls_pkcs7_set_crl index f97ff99..5cfe110 100644 --- a/doc/functions/gnutls_pkcs7_set_crl +++ b/doc/functions/gnutls_pkcs7_set_crl @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs7_set_crl} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crl_t @var{crl}) -@var{pkcs7}: The pkcs7 type +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure @var{crl}: the DER encoded crl to be added diff --git a/doc/functions/gnutls_pkcs7_set_crl_raw b/doc/functions/gnutls_pkcs7_set_crl_raw index fed6094..ff2f68f 100644 --- a/doc/functions/gnutls_pkcs7_set_crl_raw +++ b/doc/functions/gnutls_pkcs7_set_crl_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs7_set_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crl}) -@var{pkcs7}: The pkcs7 type +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure @var{crl}: the DER encoded crl to be added diff --git a/doc/functions/gnutls_pkcs7_set_crt b/doc/functions/gnutls_pkcs7_set_crt index bd42dc2..b830afa 100644 --- a/doc/functions/gnutls_pkcs7_set_crt +++ b/doc/functions/gnutls_pkcs7_set_crt @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs7_set_crt} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{crt}) -@var{pkcs7}: The pkcs7 type +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure @var{crt}: the certificate to be copied. diff --git a/doc/functions/gnutls_pkcs7_set_crt_raw b/doc/functions/gnutls_pkcs7_set_crt_raw index eaab3de..30d79ba 100644 --- a/doc/functions/gnutls_pkcs7_set_crt_raw +++ b/doc/functions/gnutls_pkcs7_set_crt_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pkcs7_set_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crt}) -@var{pkcs7}: The pkcs7 type +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure @var{crt}: the DER encoded certificate to be added diff --git a/doc/functions/gnutls_pkcs7_sign b/doc/functions/gnutls_pkcs7_sign deleted file mode 100644 index 1108f43..0000000 --- a/doc/functions/gnutls_pkcs7_sign +++ /dev/null @@ -1,35 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs7_sign} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, gnutls_privkey_t @var{signer_key}, const gnutls_datum_t * @var{data}, gnutls_pkcs7_attrs_t @var{signed_attrs}, gnutls_pkcs7_attrs_t @var{unsigned_attrs}, gnutls_digest_algorithm_t @var{dig}, unsigned @var{flags}) -@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type - -@var{signer}: the certificate to sign the structure - -@var{signer_key}: the key to sign the structure - -@var{data}: The data to be signed or @code{NULL} if the data are already embedded - -@var{signed_attrs}: Any additional attributes to be included in the signed ones (or @code{NULL} ) - -@var{unsigned_attrs}: Any additional attributes to be included in the unsigned ones (or @code{NULL} ) - -@var{dig}: The digest algorithm to use for signing - -@var{flags}: Should be zero or one of @code{GNUTLS_PKCS7} flags - -This function will add a signature in the provided PKCS @code{7} structure -for the provided data. Multiple signatures can be made with different -signers. - -The available flags are: -@code{GNUTLS_PKCS7_EMBED_DATA} , @code{GNUTLS_PKCS7_INCLUDE_TIME} , @code{GNUTLS_PKCS7_INCLUDE_CERT} , -and @code{GNUTLS_PKCS7_WRITE_SPKI} . They are explained in the @code{gnutls_pkcs7_sign_flags} -definition. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.2 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_sign.short b/doc/functions/gnutls_pkcs7_sign.short deleted file mode 100644 index 714f563..0000000 --- a/doc/functions/gnutls_pkcs7_sign.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs7_sign} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, gnutls_privkey_t @var{signer_key}, const gnutls_datum_t * @var{data}, gnutls_pkcs7_attrs_t @var{signed_attrs}, gnutls_pkcs7_attrs_t @var{unsigned_attrs}, gnutls_digest_algorithm_t @var{dig}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs7_signature_info_deinit b/doc/functions/gnutls_pkcs7_signature_info_deinit deleted file mode 100644 index 6df9c95..0000000 --- a/doc/functions/gnutls_pkcs7_signature_info_deinit +++ /dev/null @@ -1,12 +0,0 @@ - - - - -@deftypefun {void} {gnutls_pkcs7_signature_info_deinit} (gnutls_pkcs7_signature_info_st * @var{info}) -@var{info}: should point to a @code{gnutls_pkcs7_signature_info_st} structure - -This function will deinitialize any allocated value in the -provided @code{gnutls_pkcs7_signature_info_st} . - -@strong{Since:} 3.4.2 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_signature_info_deinit.short b/doc/functions/gnutls_pkcs7_signature_info_deinit.short deleted file mode 100644 index 34be387..0000000 --- a/doc/functions/gnutls_pkcs7_signature_info_deinit.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_pkcs7_signature_info_deinit} (gnutls_pkcs7_signature_info_st * @var{info}) diff --git a/doc/functions/gnutls_pkcs7_verify b/doc/functions/gnutls_pkcs7_verify deleted file mode 100644 index 9b9ba91..0000000 --- a/doc/functions/gnutls_pkcs7_verify +++ /dev/null @@ -1,31 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs7_verify} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_trust_list_t @var{tl}, gnutls_typed_vdata_st * @var{vdata}, unsigned int @var{vdata_size}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags}) -@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type - -@var{tl}: A list of trusted certificates - -@var{vdata}: an array of typed data - -@var{vdata_size}: the number of data elements - -@var{idx}: the index of the signature info to check - -@var{data}: The data to be verified or @code{NULL} - -@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} - -This function will verify the provided data against the signature -present in the SignedData of the PKCS @code{7} structure. If the data -provided are NULL then the data in the encapsulatedContent field -will be used instead. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. A verification error results to a -@code{GNUTLS_E_PK_SIG_VERIFY_FAILED} and the lack of encapsulated data -to verify to a @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . - -@strong{Since:} 3.4.2 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_verify.short b/doc/functions/gnutls_pkcs7_verify.short deleted file mode 100644 index be9f712..0000000 --- a/doc/functions/gnutls_pkcs7_verify.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs7_verify} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_trust_list_t @var{tl}, gnutls_typed_vdata_st * @var{vdata}, unsigned int @var{vdata_size}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs7_verify_direct b/doc/functions/gnutls_pkcs7_verify_direct deleted file mode 100644 index 59a2235..0000000 --- a/doc/functions/gnutls_pkcs7_verify_direct +++ /dev/null @@ -1,27 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs7_verify_direct} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags}) -@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type - -@var{signer}: the certificate believed to have signed the structure - -@var{idx}: the index of the signature info to check - -@var{data}: The data to be verified or @code{NULL} - -@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} - -This function will verify the provided data against the signature -present in the SignedData of the PKCS @code{7} structure. If the data -provided are NULL then the data in the encapsulatedContent field -will be used instead. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. A verification error results to a -@code{GNUTLS_E_PK_SIG_VERIFY_FAILED} and the lack of encapsulated data -to verify to a @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . - -@strong{Since:} 3.4.2 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_verify_direct.short b/doc/functions/gnutls_pkcs7_verify_direct.short deleted file mode 100644 index 986c8cb..0000000 --- a/doc/functions/gnutls_pkcs7_verify_direct.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs7_verify_direct} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs8_info b/doc/functions/gnutls_pkcs8_info deleted file mode 100644 index 84d5483..0000000 --- a/doc/functions/gnutls_pkcs8_info +++ /dev/null @@ -1,32 +0,0 @@ - - - - -@deftypefun {int} {gnutls_pkcs8_info} (const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int * @var{schema}, unsigned int * @var{cipher}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) -@var{data}: Holds the PKCS @code{8} data - -@var{format}: the format of the PKCS @code{8} data - -@var{schema}: indicate the schema as one of @code{gnutls_pkcs_encrypt_flags_t} - -@var{cipher}: the cipher used as @code{gnutls_cipher_algorithm_t} - -@var{salt}: PBKDF2 salt (if non-NULL then @code{salt_size} initially holds its size) - -@var{salt_size}: PBKDF2 salt size - -@var{iter_count}: PBKDF2 iteration count - -@var{oid}: if non-NULL it will contain an allocated null-terminated variable with the OID - -This function will provide information on the algorithms used -in a particular PKCS @code{8} structure. If the structure algorithms -are unknown the code @code{GNUTLS_E_UNKNOWN_CIPHER_TYPE} will be returned, -and only @code{oid} , will be set. That is, @code{oid} will be set on encrypted PKCS @code{8} -structures whether supported or not. It must be deinitialized using @code{gnutls_free()} . -The other variables are only set on supported structures. - -@strong{Returns:} @code{GNUTLS_E_INVALID_REQUEST} if the provided structure isn't encrypted, -@code{GNUTLS_E_UNKNOWN_CIPHER_TYPE} if the structure's encryption isn't supported, or -another negative error code in case of a failure. Zero on success. -@end deftypefun diff --git a/doc/functions/gnutls_pkcs8_info.short b/doc/functions/gnutls_pkcs8_info.short deleted file mode 100644 index e6c1df5..0000000 --- a/doc/functions/gnutls_pkcs8_info.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_pkcs8_info} (const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int * @var{schema}, unsigned int * @var{cipher}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) diff --git a/doc/functions/gnutls_pkcs_schema_get_name b/doc/functions/gnutls_pkcs_schema_get_name deleted file mode 100644 index c86029a..0000000 --- a/doc/functions/gnutls_pkcs_schema_get_name +++ /dev/null @@ -1,14 +0,0 @@ - - - - -@deftypefun {const char *} {gnutls_pkcs_schema_get_name} (unsigned int @var{schema}) -@var{schema}: Holds the PKCS @code{12} or PBES2 schema (@code{gnutls_pkcs_encrypt_flags_t} ) - -This function will return a human readable description of the -PKCS12 or PBES2 schema. - -@strong{Returns:} a constrant string or @code{NULL} on error. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs_schema_get_name.short b/doc/functions/gnutls_pkcs_schema_get_name.short deleted file mode 100644 index b46b2d6..0000000 --- a/doc/functions/gnutls_pkcs_schema_get_name.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{const char *} @ref{gnutls_pkcs_schema_get_name} (unsigned int @var{schema}) diff --git a/doc/functions/gnutls_pkcs_schema_get_oid b/doc/functions/gnutls_pkcs_schema_get_oid deleted file mode 100644 index eb4f96b..0000000 --- a/doc/functions/gnutls_pkcs_schema_get_oid +++ /dev/null @@ -1,14 +0,0 @@ - - - - -@deftypefun {const char *} {gnutls_pkcs_schema_get_oid} (unsigned int @var{schema}) -@var{schema}: Holds the PKCS @code{12} or PBES2 schema (@code{gnutls_pkcs_encrypt_flags_t} ) - -This function will return the object identifier of the -PKCS12 or PBES2 schema. - -@strong{Returns:} a constrant string or @code{NULL} on error. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_pkcs_schema_get_oid.short b/doc/functions/gnutls_pkcs_schema_get_oid.short deleted file mode 100644 index 65df7f5..0000000 --- a/doc/functions/gnutls_pkcs_schema_get_oid.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{const char *} @ref{gnutls_pkcs_schema_get_oid} (unsigned int @var{schema}) diff --git a/doc/functions/gnutls_prf b/doc/functions/gnutls_prf index 574b7b4..6cd1d0b 100644 --- a/doc/functions/gnutls_prf +++ b/doc/functions/gnutls_prf @@ -3,13 +3,13 @@ @deftypefun {int} {gnutls_prf} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, int @var{server_random_first}, size_t @var{extra_size}, const char * @var{extra}, size_t @var{outsize}, char * @var{out}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{label_size}: length of the @code{label} variable. @var{label}: label used in PRF computation, typically a short string. -@var{server_random_first}: non-zero if server random field should be first in seed +@var{server_random_first}: non-0 if server random field should be first in seed @var{extra_size}: length of the @code{extra} variable. @@ -20,13 +20,13 @@ @var{out}: pre-allocated buffer to hold the generated data. Applies the TLS Pseudo-Random-Function (PRF) on the master secret -and the provided data, seeded with the client and server random fields. -For the key expansion specified in RFC5705 see @code{gnutls_prf_rfc5705()} . +and the provided data, seeded with the client and server random fields, +as specified in RFC5705. The @code{label} variable usually contains a string denoting the purpose for the generated data. The @code{server_random_first} indicates whether the client random field or the server random field should be first -in the seed. Non-zero indicates that the server random field is first, +in the seed. Non-0 indicates that the server random field is first, 0 that the client random field is first. The @code{extra} variable can be used to add more data to the seed, after diff --git a/doc/functions/gnutls_prf_raw b/doc/functions/gnutls_prf_raw index 4f4e996..1d2498d 100644 --- a/doc/functions/gnutls_prf_raw +++ b/doc/functions/gnutls_prf_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_prf_raw} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{seed_size}, const char * @var{seed}, size_t @var{outsize}, char * @var{out}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{label_size}: length of the @code{label} variable. diff --git a/doc/functions/gnutls_prf_rfc5705 b/doc/functions/gnutls_prf_rfc5705 deleted file mode 100644 index e4db128..0000000 --- a/doc/functions/gnutls_prf_rfc5705 +++ /dev/null @@ -1,43 +0,0 @@ - - - - -@deftypefun {int} {gnutls_prf_rfc5705} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{context_size}, const char * @var{context}, size_t @var{outsize}, char * @var{out}) -@var{session}: is a @code{gnutls_session_t} type. - -@var{label_size}: length of the @code{label} variable. - -@var{label}: label used in PRF computation, typically a short string. - -@var{context_size}: length of the @code{extra} variable. - -@var{context}: optional extra data to seed the PRF with. - -@var{outsize}: size of pre-allocated output buffer to hold the output. - -@var{out}: pre-allocated buffer to hold the generated data. - -Applies the TLS Pseudo-Random-Function (PRF) on the master secret -and the provided data, seeded with the client and server random fields, -as specified in RFC5705. - -The @code{label} variable usually contains a string denoting the purpose -for the generated data. The @code{server_random_first} indicates whether -the client random field or the server random field should be first -in the seed. Non-zero indicates that the server random field is first, -0 that the client random field is first. - -The @code{context} variable can be used to add more data to the seed, after -the random variables. It can be used to make sure the -generated output is strongly connected to some additional data -(e.g., a string used in user authentication). - -The output is placed in @code{out} , which must be pre-allocated. - -Note that, to provide the RFC5705 context, the @code{contect} variable -must be non-null. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. - -@strong{Since:} 3.4.4 -@end deftypefun diff --git a/doc/functions/gnutls_prf_rfc5705.short b/doc/functions/gnutls_prf_rfc5705.short deleted file mode 100644 index cf3d183..0000000 --- a/doc/functions/gnutls_prf_rfc5705.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_prf_rfc5705} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{context_size}, const char * @var{context}, size_t @var{outsize}, char * @var{out}) diff --git a/doc/functions/gnutls_priority_certificate_type_list b/doc/functions/gnutls_priority_certificate_type_list index 5641f31..168fae9 100644 --- a/doc/functions/gnutls_priority_certificate_type_list +++ b/doc/functions/gnutls_priority_certificate_type_list @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_priority_certificate_type_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list diff --git a/doc/functions/gnutls_priority_cipher_list b/doc/functions/gnutls_priority_cipher_list index 7a71aeb..952cf7c 100644 --- a/doc/functions/gnutls_priority_cipher_list +++ b/doc/functions/gnutls_priority_cipher_list @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_priority_cipher_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list diff --git a/doc/functions/gnutls_priority_compression_list b/doc/functions/gnutls_priority_compression_list index 0a1f5c4..58b5e15 100644 --- a/doc/functions/gnutls_priority_compression_list +++ b/doc/functions/gnutls_priority_compression_list @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_priority_compression_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list diff --git a/doc/functions/gnutls_priority_deinit b/doc/functions/gnutls_priority_deinit index aaed15b..b8abe94 100644 --- a/doc/functions/gnutls_priority_deinit +++ b/doc/functions/gnutls_priority_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_priority_deinit} (gnutls_priority_t @var{priority_cache}) -@var{priority_cache}: is a @code{gnutls_prioritity_t} type. +@var{priority_cache}: is a @code{gnutls_prioritity_t} structure. Deinitializes the priority cache. @end deftypefun diff --git a/doc/functions/gnutls_priority_ecc_curve_list b/doc/functions/gnutls_priority_ecc_curve_list index ea4e889..6ced656 100644 --- a/doc/functions/gnutls_priority_ecc_curve_list +++ b/doc/functions/gnutls_priority_ecc_curve_list @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_priority_ecc_curve_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list diff --git a/doc/functions/gnutls_priority_get_cipher_suite_index b/doc/functions/gnutls_priority_get_cipher_suite_index index b88b39d..37605bd 100644 --- a/doc/functions/gnutls_priority_get_cipher_suite_index +++ b/doc/functions/gnutls_priority_get_cipher_suite_index @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_priority_get_cipher_suite_index} (gnutls_priority_t @var{pcache}, unsigned int @var{idx}, unsigned int * @var{sidx}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{idx}: is an index number. @@ -18,6 +18,4 @@ Once the last available index is crossed then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. @strong{Returns:} On success it returns @code{GNUTLS_E_SUCCESS} (0), or a negative error value otherwise. - -@strong{Since:} 3.0.9 @end deftypefun diff --git a/doc/functions/gnutls_priority_init b/doc/functions/gnutls_priority_init index 17a48a5..afdfdce 100644 --- a/doc/functions/gnutls_priority_init +++ b/doc/functions/gnutls_priority_init @@ -3,15 +3,14 @@ @deftypefun {int} {gnutls_priority_init} (gnutls_priority_t * @var{priority_cache}, const char * @var{priorities}, const char ** @var{err_pos}) -@var{priority_cache}: is a @code{gnutls_prioritity_t} type. +@var{priority_cache}: is a @code{gnutls_prioritity_t} structure. -@var{priorities}: is a string describing priorities (may be @code{NULL} ) +@var{priorities}: is a string describing priorities -@var{err_pos}: In case of an error this will have the position in the string the error occurred +@var{err_pos}: In case of an error this will have the position in the string the error occured Sets priorities for the ciphers, key exchange methods, macs and -compression methods. The @code{priority_cache} should be deinitialized -using @code{gnutls_priority_deinit()} . +compression methods. The @code{priorities} option allows you to specify a colon separated list of the cipher priorities to enable. @@ -49,6 +48,9 @@ of 128. "SUITEB192" means all the NSA SuiteB ciphersuites with security level of 192. +"EXPORT" means all ciphersuites are enabled, including the +low-security 40 bit ciphers. + "NONE" means nothing is enabled. This disables even protocols and compression methods. @@ -57,7 +59,7 @@ will be expanded from a configuration-time provided file - default is: /etc/gnutls/default-priorities. Any keywords that follow it, will be appended to the expanded string. If there is no system string, then the function will fail. The system file should be formatted -as "KEYWORD=VALUE", e.g., "SYSTEM=NORMAL:+ARCFOUR-128". +as "KEYWORD=VALUE", e.g., "SYSTEM=NORMAL:-ARCFOUR-128". Special keywords are "!", "-" and "+". "!" or "-" appended with an algorithm will remove this algorithm. @@ -69,7 +71,7 @@ information. @strong{Examples:} "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL" -"NORMAL:+ARCFOUR-128" means normal ciphers plus ARCFOUR-128. +"NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128. "SECURE128:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are enabled, SSL3.0 is disabled, and libz compression enabled. @@ -82,9 +84,6 @@ enabled, SSL3.0 is disabled, and libz compression enabled. Note that "NORMAL:@code{COMPAT} " is the most compatible mode. -A @code{NULL} @code{priorities} string indicates the default priorities to be -used (this is available since GnuTLS 3.3.0). - @strong{Returns:} On syntax error @code{GNUTLS_E_INVALID_REQUEST} is returned, @code{GNUTLS_E_SUCCESS} on success, or an error code. @end deftypefun diff --git a/doc/functions/gnutls_priority_kx_list b/doc/functions/gnutls_priority_kx_list index 3d3dbdf..027035f 100644 --- a/doc/functions/gnutls_priority_kx_list +++ b/doc/functions/gnutls_priority_kx_list @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_priority_kx_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list diff --git a/doc/functions/gnutls_priority_mac_list b/doc/functions/gnutls_priority_mac_list index ef9a7bd..078d432 100644 --- a/doc/functions/gnutls_priority_mac_list +++ b/doc/functions/gnutls_priority_mac_list @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_priority_mac_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list diff --git a/doc/functions/gnutls_priority_protocol_list b/doc/functions/gnutls_priority_protocol_list index f83ad1f..a06f318 100644 --- a/doc/functions/gnutls_priority_protocol_list +++ b/doc/functions/gnutls_priority_protocol_list @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_priority_protocol_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list diff --git a/doc/functions/gnutls_priority_set b/doc/functions/gnutls_priority_set index 3ec9b06..9e855b4 100644 --- a/doc/functions/gnutls_priority_set +++ b/doc/functions/gnutls_priority_set @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_priority_set} (gnutls_session_t @var{session}, gnutls_priority_t @var{priority}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. -@var{priority}: is a @code{gnutls_priority_t} type. +@var{priority}: is a @code{gnutls_priority_t} structure. Sets the priorities to use on the ciphers, key exchange methods, macs and compression methods. diff --git a/doc/functions/gnutls_priority_set_direct b/doc/functions/gnutls_priority_set_direct index d017f8b..426b8c1 100644 --- a/doc/functions/gnutls_priority_set_direct +++ b/doc/functions/gnutls_priority_set_direct @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_priority_set_direct} (gnutls_session_t @var{session}, const char * @var{priorities}, const char ** @var{err_pos}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{priorities}: is a string describing priorities -@var{err_pos}: In case of an error this will have the position in the string the error occurred +@var{err_pos}: In case of an error this will have the position in the string the error occured Sets the priorities to use on the ciphers, key exchange methods, macs and compression methods. This function avoids keeping a diff --git a/doc/functions/gnutls_priority_sign_list b/doc/functions/gnutls_priority_sign_list index 26c9bf6..4cbe834 100644 --- a/doc/functions/gnutls_priority_sign_list +++ b/doc/functions/gnutls_priority_sign_list @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_priority_sign_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list diff --git a/doc/functions/gnutls_priority_string_list b/doc/functions/gnutls_priority_string_list deleted file mode 100644 index 8260f3c..0000000 --- a/doc/functions/gnutls_priority_string_list +++ /dev/null @@ -1,18 +0,0 @@ - - - - -@deftypefun {const char *} {gnutls_priority_string_list} (unsigned @var{iter}, unsigned int @var{flags}) -@var{iter}: an integer counter starting from zero - -@var{flags}: one of @code{GNUTLS_PRIORITY_LIST_INIT_KEYWORDS} , @code{GNUTLS_PRIORITY_LIST_SPECIAL} - -Can be used to iterate all available priority strings. -Due to internal implementation details, there are cases where this -function can return the empty string. In that case that string should be ignored. -When no strings are available it returns @code{NULL} . - -@strong{Returns:} a priority string - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_priority_string_list.short b/doc/functions/gnutls_priority_string_list.short deleted file mode 100644 index 45bc934..0000000 --- a/doc/functions/gnutls_priority_string_list.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{const char *} @ref{gnutls_priority_string_list} (unsigned @var{iter}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_deinit b/doc/functions/gnutls_privkey_deinit index 610a4e5..f44b012 100644 --- a/doc/functions/gnutls_privkey_deinit +++ b/doc/functions/gnutls_privkey_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_privkey_deinit} (gnutls_privkey_t @var{key}) -@var{key}: The key to be deinitialized +@var{key}: The structure to be deinitialized This function will deinitialize a private key structure. diff --git a/doc/functions/gnutls_privkey_export_openpgp b/doc/functions/gnutls_privkey_export_openpgp deleted file mode 100644 index f4c7fe3..0000000 --- a/doc/functions/gnutls_privkey_export_openpgp +++ /dev/null @@ -1,19 +0,0 @@ - - - - -@deftypefun {int} {gnutls_privkey_export_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t * @var{key}) -@var{pkey}: The private key - -@var{key}: Location for the key to be exported. - -Converts the given abstract private key to a @code{gnutls_openpgp_privkey_t} -type. The key must be of type @code{GNUTLS_PRIVKEY_OPENPGP} . The key -returned in @code{key} must be deinitialized with -@code{gnutls_openpgp_privkey_deinit()} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_openpgp.short b/doc/functions/gnutls_privkey_export_openpgp.short deleted file mode 100644 index 21da178..0000000 --- a/doc/functions/gnutls_privkey_export_openpgp.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_privkey_export_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_privkey_export_pkcs11 b/doc/functions/gnutls_privkey_export_pkcs11 deleted file mode 100644 index e94b154..0000000 --- a/doc/functions/gnutls_privkey_export_pkcs11 +++ /dev/null @@ -1,19 +0,0 @@ - - - - -@deftypefun {int} {gnutls_privkey_export_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t * @var{key}) -@var{pkey}: The private key - -@var{key}: Location for the key to be exported. - -Converts the given abstract private key to a @code{gnutls_pkcs11_privkey_t} -type. The key must be of type @code{GNUTLS_PRIVKEY_PKCS11} . The key -returned in @code{key} must be deinitialized with -@code{gnutls_pkcs11_privkey_deinit()} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_pkcs11.short b/doc/functions/gnutls_privkey_export_pkcs11.short deleted file mode 100644 index 60330dc..0000000 --- a/doc/functions/gnutls_privkey_export_pkcs11.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_privkey_export_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_privkey_export_x509 b/doc/functions/gnutls_privkey_export_x509 deleted file mode 100644 index 04409a9..0000000 --- a/doc/functions/gnutls_privkey_export_x509 +++ /dev/null @@ -1,18 +0,0 @@ - - - - -@deftypefun {int} {gnutls_privkey_export_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t * @var{key}) -@var{pkey}: The private key - -@var{key}: Location for the key to be exported. - -Converts the given abstract private key to a @code{gnutls_x509_privkey_t} -type. The key must be of type @code{GNUTLS_PRIVKEY_X509} . The key returned -in @code{key} must be deinitialized with @code{gnutls_x509_privkey_deinit()} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_x509.short b/doc/functions/gnutls_privkey_export_x509.short deleted file mode 100644 index 27036ad..0000000 --- a/doc/functions/gnutls_privkey_export_x509.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_privkey_export_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_privkey_get_pk_algorithm b/doc/functions/gnutls_privkey_get_pk_algorithm index e1fd579..20e63ed 100644 --- a/doc/functions/gnutls_privkey_get_pk_algorithm +++ b/doc/functions/gnutls_privkey_get_pk_algorithm @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_privkey_get_pk_algorithm} (gnutls_privkey_t @var{key}, unsigned int * @var{bits}) -@var{key}: should contain a @code{gnutls_privkey_t} type +@var{key}: should contain a @code{gnutls_privkey_t} structure @var{bits}: If set will return the number of bits of the parameters (may be NULL) diff --git a/doc/functions/gnutls_privkey_get_type b/doc/functions/gnutls_privkey_get_type index 97738ef..708ddd9 100644 --- a/doc/functions/gnutls_privkey_get_type +++ b/doc/functions/gnutls_privkey_get_type @@ -3,7 +3,7 @@ @deftypefun {gnutls_privkey_type_t} {gnutls_privkey_get_type} (gnutls_privkey_t @var{key}) -@var{key}: should contain a @code{gnutls_privkey_t} type +@var{key}: should contain a @code{gnutls_privkey_t} structure This function will return the type of the private key. This is actually the type of the subsystem used to set this private key. diff --git a/doc/functions/gnutls_privkey_import_ecc_raw b/doc/functions/gnutls_privkey_import_ecc_raw index c6452f5..bfa1f44 100644 --- a/doc/functions/gnutls_privkey_import_ecc_raw +++ b/doc/functions/gnutls_privkey_import_ecc_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_privkey_import_ecc_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) -@var{key}: The key +@var{key}: The structure to store the parsed key @var{curve}: holds the curve diff --git a/doc/functions/gnutls_privkey_import_ext b/doc/functions/gnutls_privkey_import_ext index 99dbf61..2b1d351 100644 --- a/doc/functions/gnutls_privkey_import_ext +++ b/doc/functions/gnutls_privkey_import_ext @@ -16,10 +16,10 @@ @var{flags}: Flags for the import This function will associate the given callbacks with the -@code{gnutls_privkey_t} type. At least one of the two callbacks +@code{gnutls_privkey_t} structure. At least one of the two callbacks must be non-null. -See also @code{gnutls_privkey_import_ext3()} . +See also @code{gnutls_privkey_import_ext2()} . @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_privkey_import_ext2 b/doc/functions/gnutls_privkey_import_ext2 index 6796e35..9ad3816 100644 --- a/doc/functions/gnutls_privkey_import_ext2 +++ b/doc/functions/gnutls_privkey_import_ext2 @@ -2,23 +2,23 @@ -@deftypefun {int} {gnutls_privkey_import_ext2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, unsigned int @var{flags}) +@deftypefun {int} {gnutls_privkey_import_ext2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_func}, gnutls_privkey_decrypt_func @var{decrypt_func}, gnutls_privkey_deinit_func @var{deinit_func}, unsigned int @var{flags}) @var{pkey}: The private key @var{pk}: The public key algorithm @var{userdata}: private data to be provided to the callbacks -@var{sign_fn}: callback for signature operations +@var{sign_func}: callback for signature operations -@var{decrypt_fn}: callback for decryption operations +@var{decrypt_func}: callback for decryption operations -@var{deinit_fn}: a deinitialization function +@var{deinit_func}: a deinitialization function @var{flags}: Flags for the import This function will associate the given callbacks with the -@code{gnutls_privkey_t} type. At least one of the two callbacks +@code{gnutls_privkey_t} structure. At least one of the two callbacks must be non-null. If a deinitialization function is provided then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} . @@ -27,8 +27,6 @@ without any hashing or preprocessing. In case of RSA the DigestInfo will be provided, and the signing function is expected to do the PKCS @code{1} 1.5 padding and the exponentiation. -See also @code{gnutls_privkey_import_ext3()} . - @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_privkey_import_ext2.short b/doc/functions/gnutls_privkey_import_ext2.short index aeadacc..59eee64 100644 --- a/doc/functions/gnutls_privkey_import_ext2.short +++ b/doc/functions/gnutls_privkey_import_ext2.short @@ -1 +1 @@ -@item @var{int} @ref{gnutls_privkey_import_ext2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, unsigned int @var{flags}) +@item @var{int} @ref{gnutls_privkey_import_ext2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_func}, gnutls_privkey_decrypt_func @var{decrypt_func}, gnutls_privkey_deinit_func @var{deinit_func}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_ext3 b/doc/functions/gnutls_privkey_import_ext3 deleted file mode 100644 index e2a9e34..0000000 --- a/doc/functions/gnutls_privkey_import_ext3 +++ /dev/null @@ -1,38 +0,0 @@ - - - - -@deftypefun {int} {gnutls_privkey_import_ext3} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags}) -@var{pkey}: The private key - -@var{userdata}: private data to be provided to the callbacks - -@var{sign_fn}: callback for signature operations - -@var{decrypt_fn}: callback for decryption operations - -@var{deinit_fn}: a deinitialization function - -@var{info_fn}: returns info about the public key algorithm (should not be @code{NULL} ) - -@var{flags}: Flags for the import - -This function will associate the given callbacks with the -@code{gnutls_privkey_t} type. At least one of the two callbacks -must be non-null. If a deinitialization function is provided -then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} . - -Note that the signing function is supposed to "raw" sign data, i.e., -without any hashing or preprocessing. In case of RSA the DigestInfo -will be provided, and the signing function is expected to do the PKCS @code{1} -1.5 padding and the exponentiation. - -The @code{info_fn} must provide information on the algorithms supported by -this private key, and should support the flags @code{GNUTLS_PRIVKEY_INFO_PK_ALGO} and -@code{GNUTLS_PRIVKEY_INFO_SIGN_ALGO} . It must return -1 on unknown flags. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_ext3.short b/doc/functions/gnutls_privkey_import_ext3.short deleted file mode 100644 index 2579b96..0000000 --- a/doc/functions/gnutls_privkey_import_ext3.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_privkey_import_ext3} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_openpgp b/doc/functions/gnutls_privkey_import_openpgp index 08a0a1b..747b5e9 100644 --- a/doc/functions/gnutls_privkey_import_openpgp +++ b/doc/functions/gnutls_privkey_import_openpgp @@ -10,7 +10,7 @@ @var{flags}: Flags for the import This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. The @code{gnutls_openpgp_privkey_t} object must not be deallocated during the lifetime of this structure. The subkey set as diff --git a/doc/functions/gnutls_privkey_import_openpgp_raw b/doc/functions/gnutls_privkey_import_openpgp_raw index 2755191..e6d19e3 100644 --- a/doc/functions/gnutls_privkey_import_openpgp_raw +++ b/doc/functions/gnutls_privkey_import_openpgp_raw @@ -14,7 +14,7 @@ @var{password}: A password (optional) This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_privkey_import_pkcs11 b/doc/functions/gnutls_privkey_import_pkcs11 index 5982246..cabceeb 100644 --- a/doc/functions/gnutls_privkey_import_pkcs11 +++ b/doc/functions/gnutls_privkey_import_pkcs11 @@ -10,7 +10,7 @@ @var{flags}: Flags for the import This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. The @code{gnutls_pkcs11_privkey_t} object must not be deallocated during the lifetime of this structure. diff --git a/doc/functions/gnutls_privkey_import_pkcs11_url b/doc/functions/gnutls_privkey_import_pkcs11_url index d53a9fd..794d98a 100644 --- a/doc/functions/gnutls_privkey_import_pkcs11_url +++ b/doc/functions/gnutls_privkey_import_pkcs11_url @@ -8,7 +8,7 @@ @var{url}: A PKCS 11 url This function will import a PKCS 11 private key to a @code{gnutls_private_key_t} -type. +structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_privkey_import_tpm_raw b/doc/functions/gnutls_privkey_import_tpm_raw index f415e7a..1f6e975 100644 --- a/doc/functions/gnutls_privkey_import_tpm_raw +++ b/doc/functions/gnutls_privkey_import_tpm_raw @@ -16,7 +16,7 @@ @var{flags}: should be zero This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. With respect to passwords the same as in @code{gnutls_privkey_import_tpm_url()} apply. diff --git a/doc/functions/gnutls_privkey_import_tpm_url b/doc/functions/gnutls_privkey_import_tpm_url index d60db49..b61bcc6 100644 --- a/doc/functions/gnutls_privkey_import_tpm_url +++ b/doc/functions/gnutls_privkey_import_tpm_url @@ -14,7 +14,7 @@ @var{flags}: One of the GNUTLS_PRIVKEY_* flags This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. Note that unless @code{GNUTLS_PRIVKEY_DISABLE_CALLBACKS} is specified, if incorrect (or NULL) passwords are given diff --git a/doc/functions/gnutls_privkey_import_x509 b/doc/functions/gnutls_privkey_import_x509 index 402334d..d93ba9c 100644 --- a/doc/functions/gnutls_privkey_import_x509 +++ b/doc/functions/gnutls_privkey_import_x509 @@ -10,7 +10,7 @@ @var{flags}: Flags for the import This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. The @code{gnutls_x509_privkey_t} object must not be deallocated during the lifetime of this structure. diff --git a/doc/functions/gnutls_privkey_import_x509_raw b/doc/functions/gnutls_privkey_import_x509_raw index 7919985..642ce41 100644 --- a/doc/functions/gnutls_privkey_import_x509_raw +++ b/doc/functions/gnutls_privkey_import_x509_raw @@ -14,7 +14,7 @@ @var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. The supported formats are basic unencrypted key, PKCS8, PKCS12, and the openssl format. diff --git a/doc/functions/gnutls_privkey_init b/doc/functions/gnutls_privkey_init index 9e63c61..166f8ac 100644 --- a/doc/functions/gnutls_privkey_init +++ b/doc/functions/gnutls_privkey_init @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_privkey_init} (gnutls_privkey_t * @var{key}) -@var{key}: A pointer to the type to be initialized +@var{key}: The structure to be initialized -This function will initialize a private key. +This function will initialize an private key structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_privkey_sign_data b/doc/functions/gnutls_privkey_sign_data index 747e53d..429733a 100644 --- a/doc/functions/gnutls_privkey_sign_data +++ b/doc/functions/gnutls_privkey_sign_data @@ -11,7 +11,7 @@ @var{data}: holds the data to be signed -@var{signature}: will contain the signature allocated with @code{gnutls_malloc()} +@var{signature}: will contain the signature allocate with @code{gnutls_malloc()} This function will sign the given data using a signature algorithm supported by the private key. Signature algorithms are always used diff --git a/doc/functions/gnutls_privkey_sign_raw_data b/doc/functions/gnutls_privkey_sign_raw_data new file mode 100644 index 0000000..6c5c146 --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_raw_data @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_privkey_sign_raw_data} (gnutls_privkey_t @var{key}, unsigned @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature}) +@var{key}: Holds the key + +@var{flags}: should be zero + +@var{data}: holds the data to be signed + +@var{signature}: will contain the signature allocate with @code{gnutls_malloc()} + +This function will sign the given data using a signature algorithm +supported by the private key. Note that this is a low-level function +and does not apply any preprocessing or hash on the signed data. +For example on an RSA key the input @code{data} should be of the DigestInfo +PKCS @code{1} 1.5 format. Use it only if you know what are you doing. + +Note this function is equivalent to using the @code{GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA} +flag with @code{gnutls_privkey_sign_hash()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_sign_raw_data.short b/doc/functions/gnutls_privkey_sign_raw_data.short new file mode 100644 index 0000000..95df411 --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_raw_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_sign_raw_data} (gnutls_privkey_t @var{key}, unsigned @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_privkey_verify_params b/doc/functions/gnutls_privkey_verify_params index 174184a..21d6161 100644 --- a/doc/functions/gnutls_privkey_verify_params +++ b/doc/functions/gnutls_privkey_verify_params @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_privkey_verify_params} (gnutls_privkey_t @var{key}) -@var{key}: should contain a @code{gnutls_privkey_t} type +@var{key}: should contain a @code{gnutls_privkey_t} structure This function will verify the private key parameters. diff --git a/doc/functions/gnutls_protocol_get_version b/doc/functions/gnutls_protocol_get_version index 3f3f776..0fe0a69 100644 --- a/doc/functions/gnutls_protocol_get_version +++ b/doc/functions/gnutls_protocol_get_version @@ -3,7 +3,7 @@ @deftypefun {gnutls_protocol_t} {gnutls_protocol_get_version} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get TLS version, a @code{gnutls_protocol_t} value. diff --git a/doc/functions/gnutls_protocol_set_priority b/doc/functions/gnutls_protocol_set_priority new file mode 100644 index 0000000..02f1bdf --- /dev/null +++ b/doc/functions/gnutls_protocol_set_priority @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_protocol_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) +@var{session}: is a @code{gnutls_session_t} structure. + +@var{list}: is a 0 terminated list of gnutls_protocol_t elements. + +Sets the priority on the protocol versions supported by gnutls. +This function actually enables or disables protocols. Newer protocol +versions always have highest priority. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_protocol_set_priority.short b/doc/functions/gnutls_protocol_set_priority.short new file mode 100644 index 0000000..f96b95c --- /dev/null +++ b/doc/functions/gnutls_protocol_set_priority.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_protocol_set_priority} (gnutls_session_t @var{session}, const int * @var{list}) diff --git a/doc/functions/gnutls_psk_allocate_client_credentials b/doc/functions/gnutls_psk_allocate_client_credentials index ecf516f..f4eaf23 100644 --- a/doc/functions/gnutls_psk_allocate_client_credentials +++ b/doc/functions/gnutls_psk_allocate_client_credentials @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_psk_allocate_client_credentials} (gnutls_psk_client_credentials_t * @var{sc}) -@var{sc}: is a pointer to a @code{gnutls_psk_server_credentials_t} type. +@var{sc}: is a pointer to a @code{gnutls_psk_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to allocate it. diff --git a/doc/functions/gnutls_psk_allocate_server_credentials b/doc/functions/gnutls_psk_allocate_server_credentials index 2491171..851e58e 100644 --- a/doc/functions/gnutls_psk_allocate_server_credentials +++ b/doc/functions/gnutls_psk_allocate_server_credentials @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_psk_allocate_server_credentials} (gnutls_psk_server_credentials_t * @var{sc}) -@var{sc}: is a pointer to a @code{gnutls_psk_server_credentials_t} type. +@var{sc}: is a pointer to a @code{gnutls_psk_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to allocate it. diff --git a/doc/functions/gnutls_psk_free_client_credentials b/doc/functions/gnutls_psk_free_client_credentials index ea0baa3..ee36f3e 100644 --- a/doc/functions/gnutls_psk_free_client_credentials +++ b/doc/functions/gnutls_psk_free_client_credentials @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_psk_free_client_credentials} (gnutls_psk_client_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_psk_client_credentials_t} type. +@var{sc}: is a @code{gnutls_psk_client_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to free (deallocate) it. diff --git a/doc/functions/gnutls_psk_free_server_credentials b/doc/functions/gnutls_psk_free_server_credentials index 7eba23a..75b0bc3 100644 --- a/doc/functions/gnutls_psk_free_server_credentials +++ b/doc/functions/gnutls_psk_free_server_credentials @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_psk_free_server_credentials} (gnutls_psk_server_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_psk_server_credentials_t} type. +@var{sc}: is a @code{gnutls_psk_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to free (deallocate) it. diff --git a/doc/functions/gnutls_psk_set_client_credentials b/doc/functions/gnutls_psk_set_client_credentials index ff6c40a..018723e 100644 --- a/doc/functions/gnutls_psk_set_client_credentials +++ b/doc/functions/gnutls_psk_set_client_credentials @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_psk_set_client_credentials} (gnutls_psk_client_credentials_t @var{res}, const char * @var{username}, const gnutls_datum_t * @var{key}, gnutls_psk_key_flags @var{flags}) -@var{res}: is a @code{gnutls_psk_client_credentials_t} type. +@var{res}: is a @code{gnutls_psk_client_credentials_t} structure. @var{username}: is the user's zero-terminated userid @@ -13,7 +13,7 @@ @code{GNUTLS_PSK_KEY_RAW} or @code{GNUTLS_PSK_KEY_HEX} . This function sets the username and password, in a -gnutls_psk_client_credentials_t type. Those will be used in +gnutls_psk_client_credentials_t structure. Those will be used in PSK authentication. @code{username} should be an ASCII string or UTF-8 strings prepared using the "SASLprep" profile of "stringprep". The key can be either in raw byte format or in Hex format (without the diff --git a/doc/functions/gnutls_psk_set_client_credentials_function b/doc/functions/gnutls_psk_set_client_credentials_function index dd690e5..6e86495 100644 --- a/doc/functions/gnutls_psk_set_client_credentials_function +++ b/doc/functions/gnutls_psk_set_client_credentials_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_psk_set_client_credentials_function} (gnutls_psk_client_credentials_t @var{cred}, gnutls_psk_client_credentials_function * @var{func}) -@var{cred}: is a @code{gnutls_psk_server_credentials_t} type. +@var{cred}: is a @code{gnutls_psk_server_credentials_t} structure. @var{func}: is the callback function diff --git a/doc/functions/gnutls_psk_set_params_function b/doc/functions/gnutls_psk_set_params_function index 9432b44..e87cda1 100644 --- a/doc/functions/gnutls_psk_set_params_function +++ b/doc/functions/gnutls_psk_set_params_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_psk_set_params_function} (gnutls_psk_server_credentials_t @var{res}, gnutls_params_function * @var{func}) -@var{res}: is a gnutls_psk_server_credentials_t type +@var{res}: is a gnutls_psk_server_credentials_t structure @var{func}: is the function to be called diff --git a/doc/functions/gnutls_psk_set_server_credentials_file b/doc/functions/gnutls_psk_set_server_credentials_file index fe50a0f..11c86d2 100644 --- a/doc/functions/gnutls_psk_set_server_credentials_file +++ b/doc/functions/gnutls_psk_set_server_credentials_file @@ -3,12 +3,12 @@ @deftypefun {int} {gnutls_psk_set_server_credentials_file} (gnutls_psk_server_credentials_t @var{res}, const char * @var{password_file}) -@var{res}: is a @code{gnutls_psk_server_credentials_t} type. +@var{res}: is a @code{gnutls_psk_server_credentials_t} structure. @var{password_file}: is the PSK password file (passwd.psk) This function sets the password file, in a -@code{gnutls_psk_server_credentials_t} type. This password file +@code{gnutls_psk_server_credentials_t} structure. This password file holds usernames and keys and will be used for PSK authentication. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise diff --git a/doc/functions/gnutls_psk_set_server_credentials_function b/doc/functions/gnutls_psk_set_server_credentials_function index d943383..c422b39 100644 --- a/doc/functions/gnutls_psk_set_server_credentials_function +++ b/doc/functions/gnutls_psk_set_server_credentials_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_psk_set_server_credentials_function} (gnutls_psk_server_credentials_t @var{cred}, gnutls_psk_server_credentials_function * @var{func}) -@var{cred}: is a @code{gnutls_psk_server_credentials_t} type. +@var{cred}: is a @code{gnutls_psk_server_credentials_t} structure. @var{func}: is the callback function diff --git a/doc/functions/gnutls_psk_set_server_credentials_hint b/doc/functions/gnutls_psk_set_server_credentials_hint index 226d959..2fd2e5b 100644 --- a/doc/functions/gnutls_psk_set_server_credentials_hint +++ b/doc/functions/gnutls_psk_set_server_credentials_hint @@ -3,12 +3,12 @@ @deftypefun {int} {gnutls_psk_set_server_credentials_hint} (gnutls_psk_server_credentials_t @var{res}, const char * @var{hint}) -@var{res}: is a @code{gnutls_psk_server_credentials_t} type. +@var{res}: is a @code{gnutls_psk_server_credentials_t} structure. @var{hint}: is the PSK identity hint string This function sets the identity hint, in a -@code{gnutls_psk_server_credentials_t} type. This hint is sent to +@code{gnutls_psk_server_credentials_t} structure. This hint is sent to the client to help it chose a good PSK credential (i.e., username and password). diff --git a/doc/functions/gnutls_psk_set_server_dh_params b/doc/functions/gnutls_psk_set_server_dh_params index 44e677c..3b3aee6 100644 --- a/doc/functions/gnutls_psk_set_server_dh_params +++ b/doc/functions/gnutls_psk_set_server_dh_params @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_psk_set_server_dh_params} (gnutls_psk_server_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) -@var{res}: is a gnutls_psk_server_credentials_t type +@var{res}: is a gnutls_psk_server_credentials_t structure @var{dh_params}: is a structure that holds Diffie-Hellman parameters. diff --git a/doc/functions/gnutls_psk_set_server_params_function b/doc/functions/gnutls_psk_set_server_params_function index ee8f2d5..6e368c6 100644 --- a/doc/functions/gnutls_psk_set_server_params_function +++ b/doc/functions/gnutls_psk_set_server_params_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_psk_set_server_params_function} (gnutls_psk_server_credentials_t @var{res}, gnutls_params_function * @var{func}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type +@var{res}: is a @code{gnutls_certificate_credentials_t} structure @var{func}: is the function to be called diff --git a/doc/functions/gnutls_pubkey_deinit b/doc/functions/gnutls_pubkey_deinit index 003afe8..116cafc 100644 --- a/doc/functions/gnutls_pubkey_deinit +++ b/doc/functions/gnutls_pubkey_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_pubkey_deinit} (gnutls_pubkey_t @var{key}) -@var{key}: The key to be deinitialized +@var{key}: The structure to be deinitialized This function will deinitialize a public key structure. diff --git a/doc/functions/gnutls_pubkey_encrypt_data b/doc/functions/gnutls_pubkey_encrypt_data index 74e2bf4..78e8661 100644 --- a/doc/functions/gnutls_pubkey_encrypt_data +++ b/doc/functions/gnutls_pubkey_encrypt_data @@ -12,7 +12,7 @@ @var{ciphertext}: contains the encrypted data This function will encrypt the given data, using the public -key. On success the @code{ciphertext} will be allocated using @code{gnutls_malloc()} . +key. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_pubkey_export_dsa_raw b/doc/functions/gnutls_pubkey_export_dsa_raw index 847d5af..c9815c9 100644 --- a/doc/functions/gnutls_pubkey_export_dsa_raw +++ b/doc/functions/gnutls_pubkey_export_dsa_raw @@ -5,20 +5,18 @@ @deftypefun {int} {gnutls_pubkey_export_dsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}) @var{key}: Holds the public key -@var{p}: will hold the p (may be @code{NULL} ) +@var{p}: will hold the p -@var{q}: will hold the q (may be @code{NULL} ) +@var{q}: will hold the q -@var{g}: will hold the g (may be @code{NULL} ) +@var{g}: will hold the g -@var{y}: will hold the y (may be @code{NULL} ) +@var{y}: will hold the y This function will export the DSA public key's parameters found in the given certificate. The new parameters will be allocated using @code{gnutls_malloc()} and will be stored in the appropriate datum. -This function allows for @code{NULL} parameters since 3.4.1. - @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. @strong{Since:} 3.3.0 diff --git a/doc/functions/gnutls_pubkey_export_ecc_raw b/doc/functions/gnutls_pubkey_export_ecc_raw index 7b7a696..21208d3 100644 --- a/doc/functions/gnutls_pubkey_export_ecc_raw +++ b/doc/functions/gnutls_pubkey_export_ecc_raw @@ -5,18 +5,16 @@ @deftypefun {int} {gnutls_pubkey_export_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) @var{key}: Holds the public key -@var{curve}: will hold the curve (may be @code{NULL} ) +@var{curve}: will hold the curve -@var{x}: will hold x (may be @code{NULL} ) +@var{x}: will hold x -@var{y}: will hold y (may be @code{NULL} ) +@var{y}: will hold y This function will export the ECC public key's parameters found in -the given key. The new parameters will be allocated using +the given certificate. The new parameters will be allocated using @code{gnutls_malloc()} and will be stored in the appropriate datum. -This function allows for @code{NULL} parameters since 3.4.1. - @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. @strong{Since:} 3.0 diff --git a/doc/functions/gnutls_pubkey_export_rsa_raw b/doc/functions/gnutls_pubkey_export_rsa_raw index 3ae6bf0..3f55a97 100644 --- a/doc/functions/gnutls_pubkey_export_rsa_raw +++ b/doc/functions/gnutls_pubkey_export_rsa_raw @@ -5,16 +5,14 @@ @deftypefun {int} {gnutls_pubkey_export_rsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) @var{key}: Holds the certificate -@var{m}: will hold the modulus (may be @code{NULL} ) +@var{m}: will hold the modulus -@var{e}: will hold the public exponent (may be @code{NULL} ) +@var{e}: will hold the public exponent This function will export the RSA public key's parameters found in the given structure. The new parameters will be allocated using @code{gnutls_malloc()} and will be stored in the appropriate datum. -This function allows for @code{NULL} parameters since 3.4.1. - @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. @strong{Since:} 3.3.0 diff --git a/doc/functions/gnutls_pubkey_get_key_id b/doc/functions/gnutls_pubkey_get_key_id index 4d3e13d..a7c4c1e 100644 --- a/doc/functions/gnutls_pubkey_get_key_id +++ b/doc/functions/gnutls_pubkey_get_key_id @@ -5,7 +5,7 @@ @deftypefun {int} {gnutls_pubkey_get_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) @var{key}: Holds the public key -@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} +@var{flags}: should be 0 for now @var{output_data}: will contain the key ID diff --git a/doc/functions/gnutls_pubkey_get_key_usage b/doc/functions/gnutls_pubkey_get_key_usage index faa4d5d..b979d2c 100644 --- a/doc/functions/gnutls_pubkey_get_key_usage +++ b/doc/functions/gnutls_pubkey_get_key_usage @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pubkey_get_key_usage} (gnutls_pubkey_t @var{key}, unsigned int * @var{usage}) -@var{key}: should contain a @code{gnutls_pubkey_t} type +@var{key}: should contain a @code{gnutls_pubkey_t} structure @var{usage}: If set will return the number of bits of the parameters (may be NULL) diff --git a/doc/functions/gnutls_pubkey_get_pk_algorithm b/doc/functions/gnutls_pubkey_get_pk_algorithm index 86e6ec7..ed1b86f 100644 --- a/doc/functions/gnutls_pubkey_get_pk_algorithm +++ b/doc/functions/gnutls_pubkey_get_pk_algorithm @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pubkey_get_pk_algorithm} (gnutls_pubkey_t @var{key}, unsigned int * @var{bits}) -@var{key}: should contain a @code{gnutls_pubkey_t} type +@var{key}: should contain a @code{gnutls_pubkey_t} structure @var{bits}: If set will return the number of bits of the parameters (may be NULL) diff --git a/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm b/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm index 491ba9b..792cd9c 100644 --- a/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm +++ b/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm @@ -9,7 +9,7 @@ @var{mand}: If non zero it means that the algorithm MUST use this hash. May be NULL. -This function will read the certificate and return the appropriate digest +This function will read the certifcate and return the appropriate digest algorithm to use for signing with this certificate. Some certificates (i.e. DSA might not be able to sign without the preferred algorithm). diff --git a/doc/functions/gnutls_pubkey_get_verify_algorithm b/doc/functions/gnutls_pubkey_get_verify_algorithm new file mode 100644 index 0000000..04fc148 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_verify_algorithm @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_get_verify_algorithm} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{signature}, gnutls_digest_algorithm_t * @var{hash}) +@var{key}: Holds the certificate + +@var{signature}: contains the signature + +@var{hash}: The result of the call with the hash algorithm used for signature + +This function will read the certifcate and the signed data to +determine the hash algorithm used to generate the signature. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_get_verify_algorithm.short b/doc/functions/gnutls_pubkey_get_verify_algorithm.short new file mode 100644 index 0000000..2f0cb2a --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_verify_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_get_verify_algorithm} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{signature}, gnutls_digest_algorithm_t * @var{hash}) diff --git a/doc/functions/gnutls_pubkey_import b/doc/functions/gnutls_pubkey_import index f9f6196..c5aa431 100644 --- a/doc/functions/gnutls_pubkey_import +++ b/doc/functions/gnutls_pubkey_import @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pubkey_import} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) -@var{key}: The public key. +@var{key}: The structure to store the parsed public key. @var{data}: The DER or PEM encoded certificate. @@ -11,7 +11,7 @@ This function will import the provided public key in a SubjectPublicKeyInfo X.509 structure to a native -@code{gnutls_pubkey_t} type. The output will be stored +@code{gnutls_pubkey_t} structure. The output will be stored in @code{key} . If the public key is PEM encoded it should have a header of "PUBLIC KEY". diff --git a/doc/functions/gnutls_pubkey_import_openpgp b/doc/functions/gnutls_pubkey_import_openpgp index a0dac16..e495e43 100644 --- a/doc/functions/gnutls_pubkey_import_openpgp +++ b/doc/functions/gnutls_pubkey_import_openpgp @@ -11,7 +11,7 @@ Imports a public key from an openpgp key. This function will import the given public key to the abstract @code{gnutls_pubkey_t} -type. The subkey set as preferred will be imported or the +structure. The subkey set as preferred will be imported or the master key otherwise. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a diff --git a/doc/functions/gnutls_pubkey_import_openpgp_raw b/doc/functions/gnutls_pubkey_import_openpgp_raw index 4e22567..a72d307 100644 --- a/doc/functions/gnutls_pubkey_import_openpgp_raw +++ b/doc/functions/gnutls_pubkey_import_openpgp_raw @@ -14,7 +14,7 @@ @var{flags}: Should be zero This function will import the given public key to the abstract -@code{gnutls_pubkey_t} type. +@code{gnutls_pubkey_t} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_pubkey_import_pkcs11 b/doc/functions/gnutls_pubkey_import_pkcs11 index 26a717c..fa0112c 100644 --- a/doc/functions/gnutls_pubkey_import_pkcs11 +++ b/doc/functions/gnutls_pubkey_import_pkcs11 @@ -10,7 +10,7 @@ @var{flags}: should be zero Imports a public key from a pkcs11 key. This function will import -the given public key to the abstract @code{gnutls_pubkey_t} type. +the given public key to the abstract @code{gnutls_pubkey_t} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_pubkey_import_pkcs11_url b/doc/functions/gnutls_pubkey_import_pkcs11_url new file mode 100644 index 0000000..be7b78c --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_pkcs11_url @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_pkcs11_url} (gnutls_pubkey_t @var{key}, const char * @var{url}, unsigned int @var{flags}) +@var{key}: A key of type @code{gnutls_pubkey_t} + +@var{url}: A PKCS 11 url + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags + +This function will import a PKCS 11 certificate to a @code{gnutls_pubkey_t} +structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_pkcs11_url.short b/doc/functions/gnutls_pubkey_import_pkcs11_url.short new file mode 100644 index 0000000..4d51a88 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_pkcs11_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_pkcs11_url} (gnutls_pubkey_t @var{key}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_privkey b/doc/functions/gnutls_pubkey_import_privkey index b26a909..fc83109 100644 --- a/doc/functions/gnutls_pubkey_import_privkey +++ b/doc/functions/gnutls_pubkey_import_privkey @@ -12,7 +12,7 @@ @var{flags}: should be zero Imports the public key from a private. This function will import -the given public key to the abstract @code{gnutls_pubkey_t} type. +the given public key to the abstract @code{gnutls_pubkey_t} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_pubkey_import_rsa_raw b/doc/functions/gnutls_pubkey_import_rsa_raw index 30df623..92fc5ad 100644 --- a/doc/functions/gnutls_pubkey_import_rsa_raw +++ b/doc/functions/gnutls_pubkey_import_rsa_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pubkey_import_rsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}) -@var{key}: The key +@var{key}: Is a structure will hold the parameters @var{m}: holds the modulus diff --git a/doc/functions/gnutls_pubkey_import_tpm_url b/doc/functions/gnutls_pubkey_import_tpm_url index 3a6cc34..e4a5baf 100644 --- a/doc/functions/gnutls_pubkey_import_tpm_url +++ b/doc/functions/gnutls_pubkey_import_tpm_url @@ -12,7 +12,7 @@ @var{flags}: should be zero This function will import the given private key to the abstract -@code{gnutls_privkey_t} type. +@code{gnutls_privkey_t} structure. Note that unless @code{GNUTLS_PUBKEY_DISABLE_CALLBACKS} is specified, if incorrect (or NULL) passwords are given diff --git a/doc/functions/gnutls_pubkey_import_url b/doc/functions/gnutls_pubkey_import_url index 57fbb72..8d020e8 100644 --- a/doc/functions/gnutls_pubkey_import_url +++ b/doc/functions/gnutls_pubkey_import_url @@ -9,7 +9,8 @@ @var{flags}: One of GNUTLS_PKCS11_OBJ_* flags -This function will import a public key from the provided URL. +This function will import a PKCS11 certificate or a TPM key +as a public key. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_pubkey_import_x509 b/doc/functions/gnutls_pubkey_import_x509 index 3302270..9b0a6f8 100644 --- a/doc/functions/gnutls_pubkey_import_x509 +++ b/doc/functions/gnutls_pubkey_import_x509 @@ -10,7 +10,7 @@ @var{flags}: should be zero This function will import the given public key to the abstract -@code{gnutls_pubkey_t} type. +@code{gnutls_pubkey_t} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_pubkey_import_x509_crq b/doc/functions/gnutls_pubkey_import_x509_crq index 8c95cf5..b09c13e 100644 --- a/doc/functions/gnutls_pubkey_import_x509_crq +++ b/doc/functions/gnutls_pubkey_import_x509_crq @@ -10,7 +10,7 @@ @var{flags}: should be zero This function will import the given public key to the abstract -@code{gnutls_pubkey_t} type. +@code{gnutls_pubkey_t} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_pubkey_import_x509_raw b/doc/functions/gnutls_pubkey_import_x509_raw index 7f5b6ff..6bcce5a 100644 --- a/doc/functions/gnutls_pubkey_import_x509_raw +++ b/doc/functions/gnutls_pubkey_import_x509_raw @@ -12,7 +12,7 @@ @var{flags}: should be zero This function will import the given public key to the abstract -@code{gnutls_pubkey_t} type. +@code{gnutls_pubkey_t} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_pubkey_init b/doc/functions/gnutls_pubkey_init index 6fbf3e3..b0cb59b 100644 --- a/doc/functions/gnutls_pubkey_init +++ b/doc/functions/gnutls_pubkey_init @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_pubkey_init} (gnutls_pubkey_t * @var{key}) -@var{key}: A pointer to the type to be initialized +@var{key}: The structure to be initialized -This function will initialize a public key. +This function will initialize an public key structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_pubkey_print b/doc/functions/gnutls_pubkey_print index 7f6e1f6..9c09ed2 100644 --- a/doc/functions/gnutls_pubkey_print +++ b/doc/functions/gnutls_pubkey_print @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_pubkey_print} (gnutls_pubkey_t @var{pubkey}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) -@var{pubkey}: The data to be printed +@var{pubkey}: The structure to be printed @var{format}: Indicate the format to use -@var{out}: Newly allocated datum with null terminated string. +@var{out}: Newly allocated datum with (0) terminated string. This function will pretty print public key information, suitable for display to a human. diff --git a/doc/functions/gnutls_pubkey_verify_data b/doc/functions/gnutls_pubkey_verify_data new file mode 100644 index 0000000..77528f1 --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_data @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pubkey_verify_data} (gnutls_pubkey_t @var{pubkey}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) +@var{pubkey}: Holds the public key + +@var{flags}: Zero or one of @code{gnutls_pubkey_flags_t} + +@var{data}: holds the signed data + +@var{signature}: contains the signature + +This function will verify the given signed data, using the +parameters from the certificate. + +Deprecated. This function cannot be easily used securely. +Use @code{gnutls_pubkey_verify_data2()} instead. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_verify_data.short b/doc/functions/gnutls_pubkey_verify_data.short new file mode 100644 index 0000000..6d385c9 --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_verify_data} (gnutls_pubkey_t @var{pubkey}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_pubkey_verify_data2 b/doc/functions/gnutls_pubkey_verify_data2 index 030fb45..e368d89 100644 --- a/doc/functions/gnutls_pubkey_verify_data2 +++ b/doc/functions/gnutls_pubkey_verify_data2 @@ -7,7 +7,7 @@ @var{algo}: The signature algorithm used -@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} +@var{flags}: Zero or one of @code{gnutls_pubkey_flags_t} @var{data}: holds the signed data @@ -17,9 +17,7 @@ This function will verify the given signed data, using the parameters from the certificate. @strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} -is returned, and zero or positive code on success. For known to be insecure -signatures this function will return @code{GNUTLS_E_INSUFFICIENT_SECURITY} unless -the flag @code{GNUTLS_VERIFY_ALLOW_BROKEN} is specified. +is returned, and zero or positive code on success. @strong{Since:} 3.0 @end deftypefun diff --git a/doc/functions/gnutls_pubkey_verify_hash b/doc/functions/gnutls_pubkey_verify_hash new file mode 100644 index 0000000..0eaf2e7 --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_hash @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pubkey_verify_hash} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature}) +@var{key}: Holds the public key + +@var{flags}: Zero or one of @code{gnutls_pubkey_flags_t} + +@var{hash}: holds the hash digest to be verified + +@var{signature}: contains the signature + +This function will verify the given signed digest, using the +parameters from the public key. + +Deprecated. This function cannot be easily used securely. +Use @code{gnutls_pubkey_verify_hash2()} instead. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_verify_hash.short b/doc/functions/gnutls_pubkey_verify_hash.short new file mode 100644 index 0000000..36020bb --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_hash.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_verify_hash} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_pubkey_verify_hash2 b/doc/functions/gnutls_pubkey_verify_hash2 index bd7bf43..62b1f0d 100644 --- a/doc/functions/gnutls_pubkey_verify_hash2 +++ b/doc/functions/gnutls_pubkey_verify_hash2 @@ -7,7 +7,7 @@ @var{algo}: The signature algorithm used -@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} +@var{flags}: Zero or one of @code{gnutls_pubkey_flags_t} @var{hash}: holds the hash digest to be verified diff --git a/doc/functions/gnutls_pubkey_verify_params b/doc/functions/gnutls_pubkey_verify_params index c433d98..59ea324 100644 --- a/doc/functions/gnutls_pubkey_verify_params +++ b/doc/functions/gnutls_pubkey_verify_params @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_pubkey_verify_params} (gnutls_pubkey_t @var{key}) -@var{key}: should contain a @code{gnutls_pubkey_t} type +@var{key}: should contain a @code{gnutls_pubkey_t} structure This function will verify the private key parameters. diff --git a/doc/functions/gnutls_random_art b/doc/functions/gnutls_random_art index 15628b1..5a5c29a 100644 --- a/doc/functions/gnutls_random_art +++ b/doc/functions/gnutls_random_art @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_random_art} (gnutls_random_art_t @var{type}, const char * @var{key_type}, unsigned int @var{key_size}, void * @var{fpr}, size_t @var{fpr_size}, gnutls_datum_t * @var{art}) -@var{type}: The type of the random art (for now only @code{GNUTLS_RANDOM_ART_OPENSSH} is supported) +@var{type}: The type of the random art @var{key_type}: The type of the key (RSA, DSA etc.) @@ -16,7 +16,7 @@ @var{art}: The returned random art This function will convert a given fingerprint to an "artistic" -image. The returned image is allocated using @code{gnutls_malloc()} . +image. The returned image is allocated using @code{gnutls_malloc()} @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise an error code is returned. diff --git a/doc/functions/gnutls_range_split b/doc/functions/gnutls_range_split index 6f701a1..6c3ed14 100644 --- a/doc/functions/gnutls_range_split +++ b/doc/functions/gnutls_range_split @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_range_split} (gnutls_session_t @var{session}, const gnutls_range_st * @var{orig}, gnutls_range_st * @var{next}, gnutls_range_st * @var{remainder}) -@var{session}: is a @code{gnutls_session_t} type +@var{session}: is a @code{gnutls_session_t} structure @var{orig}: is the original range provided by the user diff --git a/doc/functions/gnutls_record_can_use_length_hiding b/doc/functions/gnutls_record_can_use_length_hiding index f88cf54..57a8d29 100644 --- a/doc/functions/gnutls_record_can_use_length_hiding +++ b/doc/functions/gnutls_record_can_use_length_hiding @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_record_can_use_length_hiding} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. If the session supports length-hiding padding, you can invoke @code{gnutls_range_send_message()} to send a message whose diff --git a/doc/functions/gnutls_record_check_corked b/doc/functions/gnutls_record_check_corked index cd9ca0a..23fc76d 100644 --- a/doc/functions/gnutls_record_check_corked +++ b/doc/functions/gnutls_record_check_corked @@ -3,10 +3,10 @@ @deftypefun {size_t} {gnutls_record_check_corked} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function checks if there pending corked -data in the gnutls buffers --see @code{gnutls_record_cork()} . +data in the gnutls buffers --see @code{gnutls_cork()} . @strong{Returns:} Returns the size of the corked data or zero. diff --git a/doc/functions/gnutls_record_check_pending b/doc/functions/gnutls_record_check_pending index 35c9e94..74529ea 100644 --- a/doc/functions/gnutls_record_check_pending +++ b/doc/functions/gnutls_record_check_pending @@ -3,7 +3,7 @@ @deftypefun {size_t} {gnutls_record_check_pending} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function checks if there are unread data in the gnutls buffers. If the return value is diff --git a/doc/functions/gnutls_record_cork b/doc/functions/gnutls_record_cork index e0c0ba0..3d39427 100644 --- a/doc/functions/gnutls_record_cork +++ b/doc/functions/gnutls_record_cork @@ -3,10 +3,11 @@ @deftypefun {void} {gnutls_record_cork} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. -If called, @code{gnutls_record_send()} will no longer send any records. -Any sent records will be cached until @code{gnutls_record_uncork()} is called. +If called @code{gnutls_record_send()} will no longer send partial records. +All queued records will be sent when @code{gnutls_uncork()} is called, or +when the maximum record size is reached. This function is safe to use with DTLS after GnuTLS 3.3.0. diff --git a/doc/functions/gnutls_record_disable_padding b/doc/functions/gnutls_record_disable_padding index 90c3afe..d4ca9be 100644 --- a/doc/functions/gnutls_record_disable_padding +++ b/doc/functions/gnutls_record_disable_padding @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_record_disable_padding} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Used to disabled padding in TLS 1.0 and above. Normally you do not need to use this function, but there are buggy clients that diff --git a/doc/functions/gnutls_record_discard_queued b/doc/functions/gnutls_record_discard_queued deleted file mode 100644 index 03911ce..0000000 --- a/doc/functions/gnutls_record_discard_queued +++ /dev/null @@ -1,14 +0,0 @@ - - - - -@deftypefun {size_t} {gnutls_record_discard_queued} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. - -This function discards all queued to be sent packets in a TLS or DTLS session. -These are the packets queued after an interrupted @code{gnutls_record_send()} . - -@strong{Returns:} The number of bytes discarded. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_record_discard_queued.short b/doc/functions/gnutls_record_discard_queued.short deleted file mode 100644 index e4a5c14..0000000 --- a/doc/functions/gnutls_record_discard_queued.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{size_t} @ref{gnutls_record_discard_queued} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_get_direction b/doc/functions/gnutls_record_get_direction index c3fe18f..9a1a99f 100644 --- a/doc/functions/gnutls_record_get_direction +++ b/doc/functions/gnutls_record_get_direction @@ -3,17 +3,18 @@ @deftypefun {int} {gnutls_record_get_direction} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function provides information about the internals of the -record protocol and is only useful if a prior gnutls function call, -e.g. @code{gnutls_handshake()} , was interrupted for some reason. That +record protocol and is only useful if a prior gnutls function call +(e.g. @code{gnutls_handshake()} ) was interrupted for some reason, that is, if a function returned @code{GNUTLS_E_INTERRUPTED} or -@code{GNUTLS_E_AGAIN} . In such a case, you might want to call @code{select()} -or @code{poll()} before restoring the interrupted gnutls function. +@code{GNUTLS_E_AGAIN} . In such a case, you might want to call @code{select()} +or @code{poll()} before calling the interrupted gnutls function again. To +tell you whether a file descriptor should be selected for either +reading or writing, @code{gnutls_record_get_direction()} returns 0 if the +interrupted function was trying to read data, and 1 if it was +trying to write data. -This function's output is unreliable if you are using the same - @code{session} in different threads, for sending and receiving. - -@strong{Returns:} 0 if interrupted while trying to read data, or 1 while trying to write data. +@strong{Returns:} 0 if trying to read data, 1 if trying to write data. @end deftypefun diff --git a/doc/functions/gnutls_record_get_discarded b/doc/functions/gnutls_record_get_discarded index 7a048c6..6066af5 100644 --- a/doc/functions/gnutls_record_get_discarded +++ b/doc/functions/gnutls_record_get_discarded @@ -3,7 +3,7 @@ @deftypefun {unsigned int} {gnutls_record_get_discarded} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Returns the number of discarded packets in a DTLS connection. diff --git a/doc/functions/gnutls_record_get_max_size b/doc/functions/gnutls_record_get_max_size index 89e4e6e..5b126ba 100644 --- a/doc/functions/gnutls_record_get_max_size +++ b/doc/functions/gnutls_record_get_max_size @@ -3,7 +3,7 @@ @deftypefun {size_t} {gnutls_record_get_max_size} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get the record size. The maximum record size is negotiated by the client after the first handshake message. diff --git a/doc/functions/gnutls_record_get_state b/doc/functions/gnutls_record_get_state deleted file mode 100644 index f76dcdf..0000000 --- a/doc/functions/gnutls_record_get_state +++ /dev/null @@ -1,27 +0,0 @@ - - - - -@deftypefun {int} {gnutls_record_get_state} (gnutls_session_t @var{session}, unsigned @var{read}, gnutls_datum_t * @var{mac_key}, gnutls_datum_t * @var{IV}, gnutls_datum_t * @var{cipher_key}, unsigned char @var{seq_number[8]}) -@var{session}: is a @code{gnutls_session_t} type - -@var{read}: if non-zero the read parameters are returned, otherwise the write - -@var{mac_key}: the key used for MAC (if a MAC is used) - -@var{IV}: the initialization vector or nonce used - -@var{cipher_key}: the cipher key - -@var{seq_number[8]}: -- undescribed -- - -This function will return the parameters of the current record state. -These are only useful to be provided to an external off-loading device -or subsystem. - -In that case, to sync the state you must call @code{gnutls_record_set_state()} . - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. - -Since 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_record_get_state.short b/doc/functions/gnutls_record_get_state.short deleted file mode 100644 index 176c8c3..0000000 --- a/doc/functions/gnutls_record_get_state.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_record_get_state} (gnutls_session_t @var{session}, unsigned @var{read}, gnutls_datum_t * @var{mac_key}, gnutls_datum_t * @var{IV}, gnutls_datum_t * @var{cipher_key}, unsigned char @var{seq_number[8]}) diff --git a/doc/functions/gnutls_record_recv b/doc/functions/gnutls_record_recv index 13a2420..924376e 100644 --- a/doc/functions/gnutls_record_recv +++ b/doc/functions/gnutls_record_recv @@ -3,7 +3,7 @@ @deftypefun {ssize_t} {gnutls_record_recv} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{data}: the buffer that the data will be read into @@ -12,18 +12,19 @@ This function has the similar semantics with @code{recv()} . The only difference is that it accepts a GnuTLS session, and uses different error codes. -In the special case that the peer requests a renegotiation, the -caller will receive an error code of @code{GNUTLS_E_REHANDSHAKE} . In case -of a client, this message may be simply ignored, replied with an alert +In the special case that a server requests a renegotiation, the +client may receive an error code of @code{GNUTLS_E_REHANDSHAKE} . This +message may be simply ignored, replied with an alert @code{GNUTLS_A_NO_RENEGOTIATION} , or replied with a new handshake, -depending on the client's will. A server receiving this error code -can only initiate a new handshake or terminate the session. - +depending on the client's will. If @code{EINTR} is returned by the internal push function (the default is @code{recv()} ) then @code{GNUTLS_E_INTERRUPTED} will be returned. If @code{GNUTLS_E_INTERRUPTED} or @code{GNUTLS_E_AGAIN} is returned, you must call this function again to get the data. See also @code{gnutls_record_get_direction()} . +A server may also receive @code{GNUTLS_E_REHANDSHAKE} when a client has +initiated a handshake. In that case the server can only initiate a +handshake or terminate the connection. @strong{Returns:} The number of bytes received and zero on EOF (for stream connections). A negative error code is returned in case of an error. diff --git a/doc/functions/gnutls_record_recv_packet b/doc/functions/gnutls_record_recv_packet index 31bb870..49ffc41 100644 --- a/doc/functions/gnutls_record_recv_packet +++ b/doc/functions/gnutls_record_recv_packet @@ -3,13 +3,13 @@ @deftypefun {ssize_t} {gnutls_record_recv_packet} (gnutls_session_t @var{session}, gnutls_packet_t * @var{packet}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{packet}: the structure that will hold the packet data -This is a lower-level function than @code{gnutls_record_recv()} and allows +This is a lower-level function thatn @code{gnutls_record_recv()} and allows to directly receive the whole decrypted packet. That avoids a -memory copy, and is intended to be used by applications seeking high +memory copy, and is mostly applicable to applications seeking high performance. The received packet is accessed using @code{gnutls_packet_get()} and diff --git a/doc/functions/gnutls_record_recv_seq b/doc/functions/gnutls_record_recv_seq index 8d11a02..a98d4ee 100644 --- a/doc/functions/gnutls_record_recv_seq +++ b/doc/functions/gnutls_record_recv_seq @@ -3,7 +3,7 @@ @deftypefun {ssize_t} {gnutls_record_recv_seq} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}, unsigned char * @var{seq}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{data}: the buffer that the data will be read into diff --git a/doc/functions/gnutls_record_send b/doc/functions/gnutls_record_send index 005f7a9..0c72ce8 100644 --- a/doc/functions/gnutls_record_send +++ b/doc/functions/gnutls_record_send @@ -3,7 +3,7 @@ @deftypefun {ssize_t} {gnutls_record_send} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{data}: contains the data to send diff --git a/doc/functions/gnutls_record_send_range b/doc/functions/gnutls_record_send_range index 226bb2c..cc74ecf 100644 --- a/doc/functions/gnutls_record_send_range +++ b/doc/functions/gnutls_record_send_range @@ -3,7 +3,7 @@ @deftypefun {ssize_t} {gnutls_record_send_range} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}, const gnutls_range_st * @var{range}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{data}: contains the data to send. diff --git a/doc/functions/gnutls_record_set_max_empty_records b/doc/functions/gnutls_record_set_max_empty_records new file mode 100644 index 0000000..730b2d5 --- /dev/null +++ b/doc/functions/gnutls_record_set_max_empty_records @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_record_set_max_empty_records} (gnutls_session_t @var{session}, const unsigned int @var{i}) +@var{session}: is a @code{gnutls_session_t} structure. + +@var{i}: is the desired value of maximum empty records that can be accepted in a row. + +Used to set the maximum number of empty fragments that can be accepted +in a row. Accepting many empty fragments is useful for receiving length-hidden +content, where empty fragments filled with pad are sent to hide the real +length of a message. However, a malicious peer could send empty fragments to +mount a DoS attack, so as a safety measure, a maximum number of empty fragments +is accepted by default. If you know your application must accept a given number +of empty fragments in a row, you can use this function to set the desired value. +@end deftypefun diff --git a/doc/functions/gnutls_record_set_max_empty_records.short b/doc/functions/gnutls_record_set_max_empty_records.short new file mode 100644 index 0000000..d93726c --- /dev/null +++ b/doc/functions/gnutls_record_set_max_empty_records.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_record_set_max_empty_records} (gnutls_session_t @var{session}, const unsigned int @var{i}) diff --git a/doc/functions/gnutls_record_set_max_size b/doc/functions/gnutls_record_set_max_size index 08fac80..bcea53b 100644 --- a/doc/functions/gnutls_record_set_max_size +++ b/doc/functions/gnutls_record_set_max_size @@ -3,7 +3,7 @@ @deftypefun {ssize_t} {gnutls_record_set_max_size} (gnutls_session_t @var{session}, size_t @var{size}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{size}: is the new size diff --git a/doc/functions/gnutls_record_set_state b/doc/functions/gnutls_record_set_state deleted file mode 100644 index cb719c1..0000000 --- a/doc/functions/gnutls_record_set_state +++ /dev/null @@ -1,19 +0,0 @@ - - - - -@deftypefun {int} {gnutls_record_set_state} (gnutls_session_t @var{session}, unsigned @var{read}, unsigned char @var{seq_number[8]}) -@var{session}: is a @code{gnutls_session_t} type - -@var{read}: if non-zero the read parameters are returned, otherwise the write - -@var{seq_number[8]}: -- undescribed -- - -This function will set the sequence number in the current record state. -This function is useful if sending and receiving are offloaded from -gnutls. That is, if @code{gnutls_record_get_state()} was used. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. - -Since 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_record_set_state.short b/doc/functions/gnutls_record_set_state.short deleted file mode 100644 index 5d7eae2..0000000 --- a/doc/functions/gnutls_record_set_state.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_record_set_state} (gnutls_session_t @var{session}, unsigned @var{read}, unsigned char @var{seq_number[8]}) diff --git a/doc/functions/gnutls_record_set_timeout b/doc/functions/gnutls_record_set_timeout index 574414f..70bf6f8 100644 --- a/doc/functions/gnutls_record_set_timeout +++ b/doc/functions/gnutls_record_set_timeout @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_record_set_timeout} (gnutls_session_t @var{session}, unsigned int @var{ms}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{ms}: is a timeout value in milliseconds @@ -11,8 +11,5 @@ This function sets the receive timeout for the record layer to the provided value. Use an @code{ms} value of zero to disable timeout (the default). -This function requires to set a pull timeout callback. See -@code{gnutls_transport_set_pull_timeout_function()} . - @strong{Since:} 3.1.7 @end deftypefun diff --git a/doc/functions/gnutls_record_uncork b/doc/functions/gnutls_record_uncork index 95caaa9..b0efbda 100644 --- a/doc/functions/gnutls_record_uncork +++ b/doc/functions/gnutls_record_uncork @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_record_uncork} (gnutls_session_t @var{session}, unsigned int @var{flags}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{flags}: Could be zero or @code{GNUTLS_RECORD_WAIT} -This resets the effect of @code{gnutls_record_cork()} , and flushes any pending +This resets the effect of @code{gnutls_cork()} , and flushes any pending data. If the @code{GNUTLS_RECORD_WAIT} flag is specified then this function will block until the data is sent or a fatal error occurs (i.e., the function will retry on @code{GNUTLS_E_AGAIN} and diff --git a/doc/functions/gnutls_register_custom_url b/doc/functions/gnutls_register_custom_url deleted file mode 100644 index e21c6b4..0000000 --- a/doc/functions/gnutls_register_custom_url +++ /dev/null @@ -1,23 +0,0 @@ - - - - -@deftypefun {int} {gnutls_register_custom_url} (const gnutls_custom_url_st * @var{st}) -@var{st}: A @code{gnutls_custom_url_st} structure - -Register a custom URL. This will affect the following functions: -@code{gnutls_url_is_supported()} , @code{gnutls_privkey_import_url()} , -gnutls_pubkey_import_url, @code{gnutls_x509_crt_import_url()} -and all functions that depend on -them, e.g., @code{gnutls_certificate_set_x509_key_file2()} . - -The provided structure and callback functions must be valid throughout -the lifetime of the process. The registration of an existing URL type -will fail with @code{GNUTLS_E_INVALID_REQUEST} . - -This function is not thread safe. - -@strong{Returns:} returns zero if the given structure was imported or a negative value otherwise. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_register_custom_url.short b/doc/functions/gnutls_register_custom_url.short deleted file mode 100644 index 27096ec..0000000 --- a/doc/functions/gnutls_register_custom_url.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_register_custom_url} (const gnutls_custom_url_st * @var{st}) diff --git a/doc/functions/gnutls_rehandshake b/doc/functions/gnutls_rehandshake index 989ee94..8ffcb05 100644 --- a/doc/functions/gnutls_rehandshake +++ b/doc/functions/gnutls_rehandshake @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_rehandshake} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function will renegotiate security parameters with the client. This should only be called in case of a server. @@ -18,8 +18,8 @@ parameters. Since TLS is full duplex some application data might have been sent during peer's processing of this message. In that case one should call @code{gnutls_record_recv()} until GNUTLS_E_REHANDSHAKE -is returned to clear any pending data. Care must be taken, if -rehandshake is mandatory, to terminate if it does not start after +is returned to clear any pending data. Care must be taken if +rehandshake is mandatory to terminate if it does not start after some threshold. If the client does not wish to renegotiate parameters he diff --git a/doc/functions/gnutls_rnd b/doc/functions/gnutls_rnd index 3d8ac3d..2f938dd 100644 --- a/doc/functions/gnutls_rnd +++ b/doc/functions/gnutls_rnd @@ -12,9 +12,7 @@ This function will generate random data and store it to output buffer. -This function is thread-safe and also fork-safe. - -@strong{Returns:} Zero on success, or a negative error code on error. +@strong{Returns:} Zero or a negative error code on error. @strong{Since:} 2.12.0 @end deftypefun diff --git a/doc/functions/gnutls_rnd_refresh b/doc/functions/gnutls_rnd_refresh index 7cf29c2..5665c25 100644 --- a/doc/functions/gnutls_rnd_refresh +++ b/doc/functions/gnutls_rnd_refresh @@ -2,7 +2,7 @@ -@deftypefun {void} {gnutls_rnd_refresh} ( @var{void}) +@deftypefun {void} {gnutls_rnd_refresh} () This function refreshes the random generator state. That is the current precise time, CPU usage, and diff --git a/doc/functions/gnutls_rnd_refresh.short b/doc/functions/gnutls_rnd_refresh.short index ef502b0..6921039 100644 --- a/doc/functions/gnutls_rnd_refresh.short +++ b/doc/functions/gnutls_rnd_refresh.short @@ -1 +1 @@ -@item @var{void} @ref{gnutls_rnd_refresh} ( @var{void}) +@item @var{void} @ref{gnutls_rnd_refresh} () diff --git a/doc/functions/gnutls_rsa_export_get_modulus_bits b/doc/functions/gnutls_rsa_export_get_modulus_bits new file mode 100644 index 0000000..af3f6ec --- /dev/null +++ b/doc/functions/gnutls_rsa_export_get_modulus_bits @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_rsa_export_get_modulus_bits} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +Get the export RSA parameter's modulus size. + +@strong{Returns:} The bits used in the last RSA-EXPORT key exchange with the +peer, or a negative error code in case of error. +@end deftypefun diff --git a/doc/functions/gnutls_rsa_export_get_modulus_bits.short b/doc/functions/gnutls_rsa_export_get_modulus_bits.short new file mode 100644 index 0000000..8d86155 --- /dev/null +++ b/doc/functions/gnutls_rsa_export_get_modulus_bits.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_rsa_export_get_modulus_bits} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_rsa_export_get_pubkey b/doc/functions/gnutls_rsa_export_get_pubkey new file mode 100644 index 0000000..8518369 --- /dev/null +++ b/doc/functions/gnutls_rsa_export_get_pubkey @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_rsa_export_get_pubkey} (gnutls_session_t @var{session}, gnutls_datum_t * @var{exponent}, gnutls_datum_t * @var{modulus}) +@var{session}: is a gnutls session + +@var{exponent}: will hold the exponent. + +@var{modulus}: will hold the modulus. + +This function will return the peer's public key exponent and +modulus used in the last RSA-EXPORT authentication. The output +parameters must be freed with @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_rsa_export_get_pubkey.short b/doc/functions/gnutls_rsa_export_get_pubkey.short new file mode 100644 index 0000000..bcd8068 --- /dev/null +++ b/doc/functions/gnutls_rsa_export_get_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_rsa_export_get_pubkey} (gnutls_session_t @var{session}, gnutls_datum_t * @var{exponent}, gnutls_datum_t * @var{modulus}) diff --git a/doc/functions/gnutls_rsa_params_cpy b/doc/functions/gnutls_rsa_params_cpy new file mode 100644 index 0000000..d1c7688 --- /dev/null +++ b/doc/functions/gnutls_rsa_params_cpy @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_rsa_params_cpy} (gnutls_rsa_params_t @var{dst}, gnutls_rsa_params_t @var{src}) +@var{dst}: Is the destination structure, which should be initialized. + +@var{src}: Is the source structure + +This function will copy the RSA parameters structure from source +to destination. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_rsa_params_cpy.short b/doc/functions/gnutls_rsa_params_cpy.short new file mode 100644 index 0000000..2e6f7f1 --- /dev/null +++ b/doc/functions/gnutls_rsa_params_cpy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_rsa_params_cpy} (gnutls_rsa_params_t @var{dst}, gnutls_rsa_params_t @var{src}) diff --git a/doc/functions/gnutls_rsa_params_deinit b/doc/functions/gnutls_rsa_params_deinit new file mode 100644 index 0000000..14bfe5f --- /dev/null +++ b/doc/functions/gnutls_rsa_params_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_rsa_params_deinit} (gnutls_rsa_params_t @var{rsa_params}) +@var{rsa_params}: Is a structure that holds the parameters + +This function will deinitialize the RSA parameters structure. +@end deftypefun diff --git a/doc/functions/gnutls_rsa_params_deinit.short b/doc/functions/gnutls_rsa_params_deinit.short new file mode 100644 index 0000000..dd8c659 --- /dev/null +++ b/doc/functions/gnutls_rsa_params_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_rsa_params_deinit} (gnutls_rsa_params_t @var{rsa_params}) diff --git a/doc/functions/gnutls_rsa_params_export_pkcs1 b/doc/functions/gnutls_rsa_params_export_pkcs1 new file mode 100644 index 0000000..0c6019a --- /dev/null +++ b/doc/functions/gnutls_rsa_params_export_pkcs1 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_rsa_params_export_pkcs1} (gnutls_rsa_params_t @var{params}, gnutls_x509_crt_fmt_t @var{format}, unsigned char * @var{params_data}, size_t * @var{params_data_size}) +@var{params}: Holds the RSA parameters + +@var{format}: the format of output params. One of PEM or DER. + +@var{params_data}: will contain a PKCS1 RSAPrivateKey structure PEM or DER encoded + +@var{params_data_size}: holds the size of params_data (and will be replaced by the actual size of parameters) + +This function will export the given RSA parameters to a PKCS1 +RSAPrivateKey structure. If the buffer provided is not long enough to +hold the output, then GNUTLS_E_SHORT_MEMORY_BUFFER will be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN RSA PRIVATE KEY". + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_rsa_params_export_pkcs1.short b/doc/functions/gnutls_rsa_params_export_pkcs1.short new file mode 100644 index 0000000..29a1ab5 --- /dev/null +++ b/doc/functions/gnutls_rsa_params_export_pkcs1.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_rsa_params_export_pkcs1} (gnutls_rsa_params_t @var{params}, gnutls_x509_crt_fmt_t @var{format}, unsigned char * @var{params_data}, size_t * @var{params_data_size}) diff --git a/doc/functions/gnutls_rsa_params_export_raw b/doc/functions/gnutls_rsa_params_export_raw new file mode 100644 index 0000000..bf9c510 --- /dev/null +++ b/doc/functions/gnutls_rsa_params_export_raw @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_rsa_params_export_raw} (gnutls_rsa_params_t @var{rsa}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, unsigned int * @var{bits}) +@var{rsa}: a structure that holds the rsa parameters + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +@var{d}: will hold the private exponent + +@var{p}: will hold the first prime (p) + +@var{q}: will hold the second prime (q) + +@var{u}: will hold the coefficient + +@var{bits}: if non null will hold the prime's number of bits + +This function will export the RSA parameters found in the given +structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_rsa_params_export_raw.short b/doc/functions/gnutls_rsa_params_export_raw.short new file mode 100644 index 0000000..da68328 --- /dev/null +++ b/doc/functions/gnutls_rsa_params_export_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_rsa_params_export_raw} (gnutls_rsa_params_t @var{rsa}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_rsa_params_generate2 b/doc/functions/gnutls_rsa_params_generate2 new file mode 100644 index 0000000..0d1b159 --- /dev/null +++ b/doc/functions/gnutls_rsa_params_generate2 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_rsa_params_generate2} (gnutls_rsa_params_t @var{params}, unsigned int @var{bits}) +@var{params}: The structure where the parameters will be stored + +@var{bits}: is the prime's number of bits + +This function will generate new temporary RSA parameters for use in +RSA-EXPORT ciphersuites. This function is normally slow. + +Note that if the parameters are to be used in export cipher suites the +bits value should be 512 or less. +Also note that the generation of new RSA parameters is only useful +to servers. Clients use the parameters sent by the server, thus it's +no use calling this in client side. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_rsa_params_generate2.short b/doc/functions/gnutls_rsa_params_generate2.short new file mode 100644 index 0000000..a680bc9 --- /dev/null +++ b/doc/functions/gnutls_rsa_params_generate2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_rsa_params_generate2} (gnutls_rsa_params_t @var{params}, unsigned int @var{bits}) diff --git a/doc/functions/gnutls_rsa_params_import_pkcs1 b/doc/functions/gnutls_rsa_params_import_pkcs1 new file mode 100644 index 0000000..4c8c7ac --- /dev/null +++ b/doc/functions/gnutls_rsa_params_import_pkcs1 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_rsa_params_import_pkcs1} (gnutls_rsa_params_t @var{params}, const gnutls_datum_t * @var{pkcs1_params}, gnutls_x509_crt_fmt_t @var{format}) +@var{params}: A structure where the parameters will be copied to + +@var{pkcs1_params}: should contain a PKCS1 RSAPrivateKey structure PEM or DER encoded + +@var{format}: the format of params. PEM or DER. + +This function will extract the RSAPrivateKey found in a PKCS1 formatted +structure. + +If the structure is PEM encoded, it should have a header +of "BEGIN RSA PRIVATE KEY". + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_rsa_params_import_pkcs1.short b/doc/functions/gnutls_rsa_params_import_pkcs1.short new file mode 100644 index 0000000..55b8142 --- /dev/null +++ b/doc/functions/gnutls_rsa_params_import_pkcs1.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_rsa_params_import_pkcs1} (gnutls_rsa_params_t @var{params}, const gnutls_datum_t * @var{pkcs1_params}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_rsa_params_import_raw b/doc/functions/gnutls_rsa_params_import_raw new file mode 100644 index 0000000..4f39c7b --- /dev/null +++ b/doc/functions/gnutls_rsa_params_import_raw @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_rsa_params_import_raw} (gnutls_rsa_params_t @var{rsa_params}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}) +@var{rsa_params}: Is a structure will hold the parameters + +@var{m}: holds the modulus + +@var{e}: holds the public exponent + +@var{d}: holds the private exponent + +@var{p}: holds the first prime (p) + +@var{q}: holds the second prime (q) + +@var{u}: holds the coefficient + +This function will replace the parameters in the given structure. +The new parameters should be stored in the appropriate +gnutls_datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_rsa_params_import_raw.short b/doc/functions/gnutls_rsa_params_import_raw.short new file mode 100644 index 0000000..7d38fb5 --- /dev/null +++ b/doc/functions/gnutls_rsa_params_import_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_rsa_params_import_raw} (gnutls_rsa_params_t @var{rsa_params}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}) diff --git a/doc/functions/gnutls_rsa_params_init b/doc/functions/gnutls_rsa_params_init new file mode 100644 index 0000000..2df86a1 --- /dev/null +++ b/doc/functions/gnutls_rsa_params_init @@ -0,0 +1,11 @@ + + + + +@deftypefun {int} {gnutls_rsa_params_init} (gnutls_rsa_params_t * @var{rsa_params}) +@var{rsa_params}: Is a structure that will hold the parameters + +This function will initialize the temporary RSA parameters structure. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_rsa_params_init.short b/doc/functions/gnutls_rsa_params_init.short new file mode 100644 index 0000000..8b24f74 --- /dev/null +++ b/doc/functions/gnutls_rsa_params_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_rsa_params_init} (gnutls_rsa_params_t * @var{rsa_params}) diff --git a/doc/functions/gnutls_safe_renegotiation_status b/doc/functions/gnutls_safe_renegotiation_status index bca6ac8..1b73787 100644 --- a/doc/functions/gnutls_safe_renegotiation_status +++ b/doc/functions/gnutls_safe_renegotiation_status @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_safe_renegotiation_status} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Can be used to check whether safe renegotiation is being used in the current session. diff --git a/doc/functions/gnutls_server_name_get b/doc/functions/gnutls_server_name_get index 63de1f0..d79f1aa 100644 --- a/doc/functions/gnutls_server_name_get +++ b/doc/functions/gnutls_server_name_get @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_server_name_get} (gnutls_session_t @var{session}, void * @var{data}, size_t * @var{data_length}, unsigned int * @var{type}, unsigned int @var{indx}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{data}: will hold the data @@ -19,7 +19,7 @@ gnutls_server_name_type_t. If @code{type} is GNUTLS_NAME_DNS, then this function is to be used by servers that support virtual hosting, and the data will be a null -terminated IDNA ACE string (prior to GnuTLS 3.4.0 it was a UTF-8 string). +terminated UTF-8 string. If @code{data} has not enough size to hold the server name GNUTLS_E_SHORT_MEMORY_BUFFER is returned, and @code{data_length} will diff --git a/doc/functions/gnutls_server_name_set b/doc/functions/gnutls_server_name_set index 2ee9398..7fbc6ee 100644 --- a/doc/functions/gnutls_server_name_set +++ b/doc/functions/gnutls_server_name_set @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_server_name_set} (gnutls_session_t @var{session}, gnutls_server_name_type_t @var{type}, const void * @var{name}, size_t @var{name_length}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{type}: specifies the indicator type @@ -17,10 +17,9 @@ This should be used by clients that connect to servers that do virtual hosting. The value of @code{name} depends on the @code{type} type. In case of -@code{GNUTLS_NAME_DNS} , a UTF-8 null-terminated domain name string, -without the trailing dot, is expected. - -IPv4 or IPv6 addresses are not permitted. +@code{GNUTLS_NAME_DNS} , an ASCII (0)-terminated domain name string, +without the trailing dot, is expected. IPv4 or IPv6 addresses are +not permitted. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error code is returned. diff --git a/doc/functions/gnutls_session_channel_binding b/doc/functions/gnutls_session_channel_binding index 7f5ce20..9b8eb30 100644 --- a/doc/functions/gnutls_session_channel_binding +++ b/doc/functions/gnutls_session_channel_binding @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_session_channel_binding} (gnutls_session_t @var{session}, gnutls_channel_binding_t @var{cbtype}, gnutls_datum_t * @var{cb}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{cbtype}: an @code{gnutls_channel_binding_t} enumeration type diff --git a/doc/functions/gnutls_session_enable_compatibility_mode b/doc/functions/gnutls_session_enable_compatibility_mode index 90b2d28..431706c 100644 --- a/doc/functions/gnutls_session_enable_compatibility_mode +++ b/doc/functions/gnutls_session_enable_compatibility_mode @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_session_enable_compatibility_mode} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function can be used to disable certain (security) features in TLS in order to maintain maximum compatibility with buggy diff --git a/doc/functions/gnutls_session_etm_status b/doc/functions/gnutls_session_etm_status deleted file mode 100644 index 7941824..0000000 --- a/doc/functions/gnutls_session_etm_status +++ /dev/null @@ -1,12 +0,0 @@ - - - - -@deftypefun {unsigned} {gnutls_session_etm_status} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. - -Get the status of the encrypt-then-mac extension negotiation. -This is in accordance to rfc7366 - -@strong{Returns:} Non-zero if the negotiation was successful or zero otherwise. -@end deftypefun diff --git a/doc/functions/gnutls_session_etm_status.short b/doc/functions/gnutls_session_etm_status.short deleted file mode 100644 index 6cf1089..0000000 --- a/doc/functions/gnutls_session_etm_status.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{unsigned} @ref{gnutls_session_etm_status} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_ext_master_secret_status b/doc/functions/gnutls_session_ext_master_secret_status deleted file mode 100644 index 6354617..0000000 --- a/doc/functions/gnutls_session_ext_master_secret_status +++ /dev/null @@ -1,12 +0,0 @@ - - - - -@deftypefun {unsigned} {gnutls_session_ext_master_secret_status} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. - -Get the status of the extended master secret extension negotiation. -This is in accordance to draft-ietf-tls-session-hash-01 - -@strong{Returns:} Non-zero if the negotiation was successful or zero otherwise. -@end deftypefun diff --git a/doc/functions/gnutls_session_ext_master_secret_status.short b/doc/functions/gnutls_session_ext_master_secret_status.short deleted file mode 100644 index f5cc6d5..0000000 --- a/doc/functions/gnutls_session_ext_master_secret_status.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{unsigned} @ref{gnutls_session_ext_master_secret_status} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_force_valid b/doc/functions/gnutls_session_force_valid index dae2047..b5b8db1 100644 --- a/doc/functions/gnutls_session_force_valid +++ b/doc/functions/gnutls_session_force_valid @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_session_force_valid} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Clears the invalid flag in a session. That means that sessions were corrupt or invalid data were received diff --git a/doc/functions/gnutls_session_get_data b/doc/functions/gnutls_session_get_data index 208617a..9daf4e9 100644 --- a/doc/functions/gnutls_session_get_data +++ b/doc/functions/gnutls_session_get_data @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_session_get_data} (gnutls_session_t @var{session}, void * @var{session_data}, size_t * @var{session_data_size}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{session_data}: is a pointer to space to hold the session. @@ -12,8 +12,7 @@ Returns all session parameters needed to be stored to support resumption. The client should call this, and store the returned session data. A session may be resumed later by calling @code{gnutls_session_set_data()} . -This function must be called after a successful (full) handshake. It should -not be used in already resumed sessions --see @code{gnutls_session_is_resumed()} . +This function must be called after a successful handshake. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise an error code is returned. diff --git a/doc/functions/gnutls_session_get_data2 b/doc/functions/gnutls_session_get_data2 index fe5157b..41caded 100644 --- a/doc/functions/gnutls_session_get_data2 +++ b/doc/functions/gnutls_session_get_data2 @@ -3,16 +3,14 @@ @deftypefun {int} {gnutls_session_get_data2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{data}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{data}: is a pointer to a datum that will hold the session. Returns all session parameters needed to be stored to support resumption. The client should call this, and store the returned session data. A session may be resumed later by calling @code{gnutls_session_set_data()} . -This function must be called after a successful (full) handshake. It should -not be used in already resumed sessions --see @code{gnutls_session_is_resumed()} . - +This function must be called after a successful handshake. The returned @code{data} are allocated and must be released using @code{gnutls_free()} . @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise diff --git a/doc/functions/gnutls_session_get_desc b/doc/functions/gnutls_session_get_desc index 9a520e7..babc198 100644 --- a/doc/functions/gnutls_session_get_desc +++ b/doc/functions/gnutls_session_get_desc @@ -8,9 +8,6 @@ This function returns a string describing the current session. The string is null terminated and allocated using @code{gnutls_malloc()} . -If initial negotiation is not complete when this function is called, -@code{NULL} will be returned. - @strong{Returns:} a description of the protocols and algorithms in the current session. @strong{Since:} 3.1.10 diff --git a/doc/functions/gnutls_session_get_id b/doc/functions/gnutls_session_get_id index 68f4016..87047eb 100644 --- a/doc/functions/gnutls_session_get_id +++ b/doc/functions/gnutls_session_get_id @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_session_get_id} (gnutls_session_t @var{session}, void * @var{session_id}, size_t * @var{session_id_size}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{session_id}: is a pointer to space to hold the session id. @@ -15,8 +15,8 @@ resumed. That is because resumed sessions share the same session ID with the original session. The session ID is selected by the server, that identify the -current session. In all supported TLS protocols, the session id -is less than @code{GNUTLS_MAX_SESSION_ID_SIZE} . +current session. In TLS 1.0 and SSL 3.0 session id is always less +than 32 bytes. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise an error code is returned. diff --git a/doc/functions/gnutls_session_get_id2 b/doc/functions/gnutls_session_get_id2 index b0d12c1..230d62d 100644 --- a/doc/functions/gnutls_session_get_id2 +++ b/doc/functions/gnutls_session_get_id2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_session_get_id2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{session_id}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{session_id}: will point to the session ID. diff --git a/doc/functions/gnutls_session_get_ptr b/doc/functions/gnutls_session_get_ptr index dc812ec..f9c8278 100644 --- a/doc/functions/gnutls_session_get_ptr +++ b/doc/functions/gnutls_session_get_ptr @@ -3,7 +3,7 @@ @deftypefun {void *} {gnutls_session_get_ptr} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get user pointer for session. Useful in callbacks. This is the pointer set with @code{gnutls_session_set_ptr()} . diff --git a/doc/functions/gnutls_session_get_random b/doc/functions/gnutls_session_get_random index 5a273c3..2c06dbd 100644 --- a/doc/functions/gnutls_session_get_random +++ b/doc/functions/gnutls_session_get_random @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_session_get_random} (gnutls_session_t @var{session}, gnutls_datum_t * @var{client}, gnutls_datum_t * @var{server}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{client}: the client part of the random diff --git a/doc/functions/gnutls_session_get_verify_cert_status b/doc/functions/gnutls_session_get_verify_cert_status deleted file mode 100644 index 1437dfe..0000000 --- a/doc/functions/gnutls_session_get_verify_cert_status +++ /dev/null @@ -1,18 +0,0 @@ - - - - -@deftypefun {unsigned int} {gnutls_session_get_verify_cert_status} (gnutls_session_t @var{session}) -@var{session}: is a gnutls session - -This function returns the status of the verification when initiated -via auto-verification, i.e., by @code{gnutls_session_set_verify_cert2()} or -@code{gnutls_session_set_verify_cert()} . If no certificate verification -was occurred then the return value would be set to ((unsigned int)-1). - -The certificate verification status is the same as in @code{gnutls_certificate_verify_peers()} . - -@strong{Returns:} the certificate verification status. - -@strong{Since:} 3.4.6 -@end deftypefun diff --git a/doc/functions/gnutls_session_get_verify_cert_status.short b/doc/functions/gnutls_session_get_verify_cert_status.short deleted file mode 100644 index 8e5c08d..0000000 --- a/doc/functions/gnutls_session_get_verify_cert_status.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{unsigned int} @ref{gnutls_session_get_verify_cert_status} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_is_resumed b/doc/functions/gnutls_session_is_resumed index 80e98b9..768d820 100644 --- a/doc/functions/gnutls_session_is_resumed +++ b/doc/functions/gnutls_session_is_resumed @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_session_is_resumed} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Check whether session is resumed or not. diff --git a/doc/functions/gnutls_session_resumption_requested b/doc/functions/gnutls_session_resumption_requested index 50017ba..571e28b 100644 --- a/doc/functions/gnutls_session_resumption_requested +++ b/doc/functions/gnutls_session_resumption_requested @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_session_resumption_requested} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Check whether the client has asked for session resumption. This function is valid only on server side. diff --git a/doc/functions/gnutls_session_set_data b/doc/functions/gnutls_session_set_data index 1e20a7b..1976f51 100644 --- a/doc/functions/gnutls_session_set_data +++ b/doc/functions/gnutls_session_set_data @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_session_set_data} (gnutls_session_t @var{session}, const void * @var{session_data}, size_t @var{session_data_size}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{session_data}: is a pointer to space to hold the session. diff --git a/doc/functions/gnutls_session_set_id b/doc/functions/gnutls_session_set_id index fb71b70..771a325 100644 --- a/doc/functions/gnutls_session_set_id +++ b/doc/functions/gnutls_session_set_id @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_session_set_id} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{sid}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{sid}: the session identifier diff --git a/doc/functions/gnutls_session_set_premaster b/doc/functions/gnutls_session_set_premaster index ae44b2d..99dd163 100644 --- a/doc/functions/gnutls_session_set_premaster +++ b/doc/functions/gnutls_session_set_premaster @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_session_set_premaster} (gnutls_session_t @var{session}, unsigned int @var{entity}, gnutls_protocol_t @var{version}, gnutls_kx_algorithm_t @var{kx}, gnutls_cipher_algorithm_t @var{cipher}, gnutls_mac_algorithm_t @var{mac}, gnutls_compression_method_t @var{comp}, const gnutls_datum_t * @var{master}, const gnutls_datum_t * @var{session_id}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{entity}: GNUTLS_SERVER or GNUTLS_CLIENT diff --git a/doc/functions/gnutls_session_set_ptr b/doc/functions/gnutls_session_set_ptr index 0140c7f..75f9be5 100644 --- a/doc/functions/gnutls_session_set_ptr +++ b/doc/functions/gnutls_session_set_ptr @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_session_set_ptr} (gnutls_session_t @var{session}, void * @var{ptr}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{ptr}: is the user pointer diff --git a/doc/functions/gnutls_session_set_verify_cert b/doc/functions/gnutls_session_set_verify_cert deleted file mode 100644 index e908497..0000000 --- a/doc/functions/gnutls_session_set_verify_cert +++ /dev/null @@ -1,27 +0,0 @@ - - - - -@deftypefun {void} {gnutls_session_set_verify_cert} (gnutls_session_t @var{session}, const char * @var{hostname}, unsigned @var{flags}) -@var{session}: is a gnutls session - -@var{hostname}: is the expected name of the peer; may be @code{NULL} - -@var{flags}: flags for certificate verification -- @code{gnutls_certificate_verify_flags} - -This function instructs GnuTLS to verify the peer's certificate -using the provided hostname. If the verification fails the handshake -will also fail with @code{GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR} . In that -case the verification result can be obtained using @code{gnutls_session_get_verify_cert_status()} . - -The @code{hostname} pointer provided must remain valid for the lifetime -of the session. More precisely it should be available during any subsequent -handshakes. If no hostname is provided, no hostname verification -will be performed. For a more advanced verification function check -@code{gnutls_session_set_verify_cert2()} . - -The @code{gnutls_session_set_verify_cert()} function is intended to be used by TLS -clients to verify the server's certificate. - -@strong{Since:} 3.4.6 -@end deftypefun diff --git a/doc/functions/gnutls_session_set_verify_cert.short b/doc/functions/gnutls_session_set_verify_cert.short deleted file mode 100644 index c4ac86d..0000000 --- a/doc/functions/gnutls_session_set_verify_cert.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_session_set_verify_cert} (gnutls_session_t @var{session}, const char * @var{hostname}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_session_set_verify_cert2 b/doc/functions/gnutls_session_set_verify_cert2 deleted file mode 100644 index 7725fba..0000000 --- a/doc/functions/gnutls_session_set_verify_cert2 +++ /dev/null @@ -1,24 +0,0 @@ - - - - -@deftypefun {void} {gnutls_session_set_verify_cert2} (gnutls_session_t @var{session}, gnutls_typed_vdata_st * @var{data}, unsigned @var{elements}, unsigned @var{flags}) -@var{session}: is a gnutls session - -@var{data}: an array of typed data - -@var{elements}: the number of data elements - -@var{flags}: flags for certificate verification -- @code{gnutls_certificate_verify_flags} - -This function instructs GnuTLS to verify the peer's certificate -using the provided typed data information. If the verification fails the handshake -will also fail with @code{GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR} . In that -case the verification result can be obtained using @code{gnutls_session_get_verify_cert_status()} . - -The acceptable typed data are the same as in @code{gnutls_certificate_verify_peers()} , -and once set must remain valid for the lifetime of the session. More precisely -they should be available during any subsequent handshakes. - -@strong{Since:} 3.4.6 -@end deftypefun diff --git a/doc/functions/gnutls_session_set_verify_cert2.short b/doc/functions/gnutls_session_set_verify_cert2.short deleted file mode 100644 index bc3d5df..0000000 --- a/doc/functions/gnutls_session_set_verify_cert2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_session_set_verify_cert2} (gnutls_session_t @var{session}, gnutls_typed_vdata_st * @var{data}, unsigned @var{elements}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_session_set_verify_function b/doc/functions/gnutls_session_set_verify_function deleted file mode 100644 index 4ce9b10..0000000 --- a/doc/functions/gnutls_session_set_verify_function +++ /dev/null @@ -1,28 +0,0 @@ - - - - -@deftypefun {void} {gnutls_session_set_verify_function} (gnutls_session_t @var{session}, gnutls_certificate_verify_function * @var{func}) -@var{session}: is a @code{gnutls_session_t} type. - -@var{func}: is the callback function - -This function sets a callback to be called when peer's certificate -has been received in order to verify it on receipt rather than -doing after the handshake is completed. This overrides any callback -set using @code{gnutls_certificate_set_verify_function()} . - -The callback's function prototype is: -int (*callback)(gnutls_session_t); - -If the callback function is provided then gnutls will call it, in the -handshake, just after the certificate message has been received. -To verify or obtain the certificate the @code{gnutls_certificate_verify_peers2()} , -@code{gnutls_certificate_type_get()} , @code{gnutls_certificate_get_peers()} functions -can be used. - -The callback function should return 0 for the handshake to continue -or non-zero to terminate. - -@strong{Since:} 3.4.6 -@end deftypefun diff --git a/doc/functions/gnutls_session_set_verify_function.short b/doc/functions/gnutls_session_set_verify_function.short deleted file mode 100644 index e465465..0000000 --- a/doc/functions/gnutls_session_set_verify_function.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_session_set_verify_function} (gnutls_session_t @var{session}, gnutls_certificate_verify_function * @var{func}) diff --git a/doc/functions/gnutls_session_ticket_enable_client b/doc/functions/gnutls_session_ticket_enable_client index b959bd6..162b4f5 100644 --- a/doc/functions/gnutls_session_ticket_enable_client +++ b/doc/functions/gnutls_session_ticket_enable_client @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_session_ticket_enable_client} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Request that the client should attempt session resumption using SessionTicket. diff --git a/doc/functions/gnutls_session_ticket_enable_server b/doc/functions/gnutls_session_ticket_enable_server index b071f5d..144c6d7 100644 --- a/doc/functions/gnutls_session_ticket_enable_server +++ b/doc/functions/gnutls_session_ticket_enable_server @@ -3,14 +3,13 @@ @deftypefun {int} {gnutls_session_ticket_enable_server} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{key}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{key}: key to encrypt session parameters. Request that the server should attempt session resumption using SessionTicket. @code{key} must be initialized with -@code{gnutls_session_ticket_key_generate()} , and should be overwritten -using @code{gnutls_memset()} before being released. +@code{gnutls_session_ticket_key_generate()} . @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an error code. diff --git a/doc/functions/gnutls_set_default_export_priority b/doc/functions/gnutls_set_default_export_priority new file mode 100644 index 0000000..145b03c --- /dev/null +++ b/doc/functions/gnutls_set_default_export_priority @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_set_default_export_priority} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} structure. + +Sets some default priority on the ciphers, key exchange methods, macs +and compression methods. This function also includes weak algorithms. + +This is the same as calling: + +gnutls_priority_set_direct (session, "EXPORT", NULL); + +This function is kept around for backwards compatibility, but +because of its wide use it is still fully supported. If you wish +to allow users to provide a string that specify which ciphers to +use (which is recommended), you should use +@code{gnutls_priority_set_direct()} or @code{gnutls_priority_set()} instead. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_set_default_export_priority.short b/doc/functions/gnutls_set_default_export_priority.short new file mode 100644 index 0000000..8994356 --- /dev/null +++ b/doc/functions/gnutls_set_default_export_priority.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_set_default_export_priority} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_set_default_priority b/doc/functions/gnutls_set_default_priority index 14a8345..36ef0bc 100644 --- a/doc/functions/gnutls_set_default_priority +++ b/doc/functions/gnutls_set_default_priority @@ -3,11 +3,19 @@ @deftypefun {int} {gnutls_set_default_priority} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. -Sets the default priority on the ciphers, key exchange methods, -macs and compression methods. For more fine-tuning you could -use @code{gnutls_priority_set_direct()} or @code{gnutls_priority_set()} instead. +Sets some default priority on the ciphers, key exchange methods, +macs and compression methods. + +This typically sets a default priority that is considered +sufficiently secure to establish encrypted sessions. + +This function is kept around for backwards compatibility, but +because of its wide use it is still fully supported. If you wish +to allow users to provide a string that specify which ciphers to +use (which is recommended), you should use +@code{gnutls_priority_set_direct()} or @code{gnutls_priority_set()} instead. @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. @end deftypefun diff --git a/doc/functions/gnutls_sign_algorithm_get b/doc/functions/gnutls_sign_algorithm_get index 3c3722d..89495c0 100644 --- a/doc/functions/gnutls_sign_algorithm_get +++ b/doc/functions/gnutls_sign_algorithm_get @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_sign_algorithm_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Returns the signature algorithm that is (or will be) used in this session by the server to sign data. diff --git a/doc/functions/gnutls_sign_algorithm_get_client b/doc/functions/gnutls_sign_algorithm_get_client index ada7d97..18a7bcd 100644 --- a/doc/functions/gnutls_sign_algorithm_get_client +++ b/doc/functions/gnutls_sign_algorithm_get_client @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_sign_algorithm_get_client} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Returns the signature algorithm that is (or will be) used in this session by the client to sign data. diff --git a/doc/functions/gnutls_sign_algorithm_get_requested b/doc/functions/gnutls_sign_algorithm_get_requested index 87d9fbb..33434ca 100644 --- a/doc/functions/gnutls_sign_algorithm_get_requested +++ b/doc/functions/gnutls_sign_algorithm_get_requested @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_sign_algorithm_get_requested} (gnutls_session_t @var{session}, size_t @var{indx}, gnutls_sign_algorithm_t * @var{algo}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{indx}: is an index of the signature algorithm to return diff --git a/doc/functions/gnutls_sign_callback_get b/doc/functions/gnutls_sign_callback_get new file mode 100644 index 0000000..db16921 --- /dev/null +++ b/doc/functions/gnutls_sign_callback_get @@ -0,0 +1,16 @@ + + + + +@deftypefun {gnutls_sign_func} {gnutls_sign_callback_get} (gnutls_session_t @var{session}, void ** @var{userdata}) +@var{session}: is a gnutls session + +@var{userdata}: if non-@code{NULL} , will be set to abstract callback pointer. + +Retrieve the callback function, and its userdata pointer. + +@strong{Returns:} The function pointer set by @code{gnutls_sign_callback_set()} , or +if not set, @code{NULL} . + +@strong{Deprecated:} Use the PKCS 11 interfaces instead. +@end deftypefun diff --git a/doc/functions/gnutls_sign_callback_get.short b/doc/functions/gnutls_sign_callback_get.short new file mode 100644 index 0000000..229df3b --- /dev/null +++ b/doc/functions/gnutls_sign_callback_get.short @@ -0,0 +1 @@ +@item @var{gnutls_sign_func} @ref{gnutls_sign_callback_get} (gnutls_session_t @var{session}, void ** @var{userdata}) diff --git a/doc/functions/gnutls_sign_callback_set b/doc/functions/gnutls_sign_callback_set new file mode 100644 index 0000000..01bb32f --- /dev/null +++ b/doc/functions/gnutls_sign_callback_set @@ -0,0 +1,26 @@ + + + + +@deftypefun {void} {gnutls_sign_callback_set} (gnutls_session_t @var{session}, gnutls_sign_func @var{sign_func}, void * @var{userdata}) +@var{session}: is a gnutls session + +@var{sign_func}: function pointer to application's sign callback. + +@var{userdata}: void pointer that will be passed to sign callback. + +Set the callback function. The function must have this prototype: + +typedef int (*gnutls_sign_func) (gnutls_session_t session, +void *userdata, +gnutls_certificate_type_t cert_type, +const gnutls_datum_t * cert, +const gnutls_datum_t * hash, +gnutls_datum_t * signature); + +The @code{userdata} parameter is passed to the @code{sign_func} verbatim, and +can be used to store application-specific data needed in the +callback function. See also @code{gnutls_sign_callback_get()} . + +@strong{Deprecated:} Use the PKCS 11 or @code{gnutls_privkey_t} interfacess like @code{gnutls_privkey_import_ext()} instead. +@end deftypefun diff --git a/doc/functions/gnutls_sign_callback_set.short b/doc/functions/gnutls_sign_callback_set.short new file mode 100644 index 0000000..c1d922c --- /dev/null +++ b/doc/functions/gnutls_sign_callback_set.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_sign_callback_set} (gnutls_session_t @var{session}, gnutls_sign_func @var{sign_func}, void * @var{userdata}) diff --git a/doc/functions/gnutls_sign_get_oid b/doc/functions/gnutls_sign_get_oid deleted file mode 100644 index 849f313..0000000 --- a/doc/functions/gnutls_sign_get_oid +++ /dev/null @@ -1,14 +0,0 @@ - - - - -@deftypefun {const char *} {gnutls_sign_get_oid} (gnutls_sign_algorithm_t @var{sign}) -@var{sign}: is a sign algorithm - -Convert a @code{gnutls_sign_algorithm_t} value to its object identifier. - -@strong{Returns:} a string that contains the object identifier of the specified sign -algorithm, or @code{NULL} . - -@strong{Since:} 3.4.3 -@end deftypefun diff --git a/doc/functions/gnutls_sign_get_oid.short b/doc/functions/gnutls_sign_get_oid.short deleted file mode 100644 index ab49135..0000000 --- a/doc/functions/gnutls_sign_get_oid.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{const char *} @ref{gnutls_sign_get_oid} (gnutls_sign_algorithm_t @var{sign}) diff --git a/doc/functions/gnutls_srp_allocate_client_credentials b/doc/functions/gnutls_srp_allocate_client_credentials index 7db84d4..3326002 100644 --- a/doc/functions/gnutls_srp_allocate_client_credentials +++ b/doc/functions/gnutls_srp_allocate_client_credentials @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_srp_allocate_client_credentials} (gnutls_srp_client_credentials_t * @var{sc}) -@var{sc}: is a pointer to a @code{gnutls_srp_server_credentials_t} type. +@var{sc}: is a pointer to a @code{gnutls_srp_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to allocate it. diff --git a/doc/functions/gnutls_srp_allocate_server_credentials b/doc/functions/gnutls_srp_allocate_server_credentials index ffdb7a7..dc1a8ba 100644 --- a/doc/functions/gnutls_srp_allocate_server_credentials +++ b/doc/functions/gnutls_srp_allocate_server_credentials @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_srp_allocate_server_credentials} (gnutls_srp_server_credentials_t * @var{sc}) -@var{sc}: is a pointer to a @code{gnutls_srp_server_credentials_t} type. +@var{sc}: is a pointer to a @code{gnutls_srp_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to allocate it. diff --git a/doc/functions/gnutls_srp_base64_decode2.short b/doc/functions/gnutls_srp_base64_decode2.short deleted file mode 100644 index f5ad566..0000000 --- a/doc/functions/gnutls_srp_base64_decode2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_srp_base64_decode2} (const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_srp_base64_decode2 b/doc/functions/gnutls_srp_base64_decode_alloc similarity index 80% rename from doc/functions/gnutls_srp_base64_decode2 rename to doc/functions/gnutls_srp_base64_decode_alloc index 78f0971..6b65a4c 100644 --- a/doc/functions/gnutls_srp_base64_decode2 +++ b/doc/functions/gnutls_srp_base64_decode_alloc @@ -2,7 +2,7 @@ -@deftypefun {int} {gnutls_srp_base64_decode2} (const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) +@deftypefun {int} {gnutls_srp_base64_decode_alloc} (const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) @var{b64_data}: contains the encoded data @var{result}: the place where decoded data lie diff --git a/doc/functions/gnutls_srp_base64_decode_alloc.short b/doc/functions/gnutls_srp_base64_decode_alloc.short new file mode 100644 index 0000000..3be8e5b --- /dev/null +++ b/doc/functions/gnutls_srp_base64_decode_alloc.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_base64_decode_alloc} (const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_srp_base64_encode2.short b/doc/functions/gnutls_srp_base64_encode2.short deleted file mode 100644 index a85ccd6..0000000 --- a/doc/functions/gnutls_srp_base64_encode2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_srp_base64_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_srp_base64_encode2 b/doc/functions/gnutls_srp_base64_encode_alloc similarity index 82% rename from doc/functions/gnutls_srp_base64_encode2 rename to doc/functions/gnutls_srp_base64_encode_alloc index 29ae50b..754d088 100644 --- a/doc/functions/gnutls_srp_base64_encode2 +++ b/doc/functions/gnutls_srp_base64_encode_alloc @@ -2,7 +2,7 @@ -@deftypefun {int} {gnutls_srp_base64_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@deftypefun {int} {gnutls_srp_base64_encode_alloc} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) @var{data}: contains the raw data @var{result}: will hold the newly allocated encoded data diff --git a/doc/functions/gnutls_srp_base64_encode_alloc.short b/doc/functions/gnutls_srp_base64_encode_alloc.short new file mode 100644 index 0000000..cc37007 --- /dev/null +++ b/doc/functions/gnutls_srp_base64_encode_alloc.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_base64_encode_alloc} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_srp_free_client_credentials b/doc/functions/gnutls_srp_free_client_credentials index bc95e56..e795008 100644 --- a/doc/functions/gnutls_srp_free_client_credentials +++ b/doc/functions/gnutls_srp_free_client_credentials @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_srp_free_client_credentials} (gnutls_srp_client_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_srp_client_credentials_t} type. +@var{sc}: is a @code{gnutls_srp_client_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to free (deallocate) it. diff --git a/doc/functions/gnutls_srp_free_server_credentials b/doc/functions/gnutls_srp_free_server_credentials index 6f94aad..fdbe3ee 100644 --- a/doc/functions/gnutls_srp_free_server_credentials +++ b/doc/functions/gnutls_srp_free_server_credentials @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_srp_free_server_credentials} (gnutls_srp_server_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_srp_server_credentials_t} type. +@var{sc}: is a @code{gnutls_srp_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to free (deallocate) it. diff --git a/doc/functions/gnutls_srp_set_client_credentials b/doc/functions/gnutls_srp_set_client_credentials index 22dd392..896fb7b 100644 --- a/doc/functions/gnutls_srp_set_client_credentials +++ b/doc/functions/gnutls_srp_set_client_credentials @@ -3,14 +3,14 @@ @deftypefun {int} {gnutls_srp_set_client_credentials} (gnutls_srp_client_credentials_t @var{res}, const char * @var{username}, const char * @var{password}) -@var{res}: is a @code{gnutls_srp_client_credentials_t} type. +@var{res}: is a @code{gnutls_srp_client_credentials_t} structure. @var{username}: is the user's userid @var{password}: is the user's password This function sets the username and password, in a -@code{gnutls_srp_client_credentials_t} type. Those will be used in +@code{gnutls_srp_client_credentials_t} structure. Those will be used in SRP authentication. @code{username} and @code{password} should be ASCII strings or UTF-8 strings prepared using the "SASLprep" profile of "stringprep". diff --git a/doc/functions/gnutls_srp_set_client_credentials_function b/doc/functions/gnutls_srp_set_client_credentials_function index f6e5858..56fecd3 100644 --- a/doc/functions/gnutls_srp_set_client_credentials_function +++ b/doc/functions/gnutls_srp_set_client_credentials_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_srp_set_client_credentials_function} (gnutls_srp_client_credentials_t @var{cred}, gnutls_srp_client_credentials_function * @var{func}) -@var{cred}: is a @code{gnutls_srp_server_credentials_t} type. +@var{cred}: is a @code{gnutls_srp_server_credentials_t} structure. @var{func}: is the callback function diff --git a/doc/functions/gnutls_srp_set_prime_bits b/doc/functions/gnutls_srp_set_prime_bits index bb93071..7d0eb24 100644 --- a/doc/functions/gnutls_srp_set_prime_bits +++ b/doc/functions/gnutls_srp_set_prime_bits @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_srp_set_prime_bits} (gnutls_session_t @var{session}, unsigned int @var{bits}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{bits}: is the number of bits diff --git a/doc/functions/gnutls_srp_set_server_credentials_file b/doc/functions/gnutls_srp_set_server_credentials_file index 8d8d56b..02de644 100644 --- a/doc/functions/gnutls_srp_set_server_credentials_file +++ b/doc/functions/gnutls_srp_set_server_credentials_file @@ -3,14 +3,14 @@ @deftypefun {int} {gnutls_srp_set_server_credentials_file} (gnutls_srp_server_credentials_t @var{res}, const char * @var{password_file}, const char * @var{password_conf_file}) -@var{res}: is a @code{gnutls_srp_server_credentials_t} type. +@var{res}: is a @code{gnutls_srp_server_credentials_t} structure. @var{password_file}: is the SRP password file (tpasswd) @var{password_conf_file}: is the SRP password conf file (tpasswd.conf) This function sets the password files, in a -@code{gnutls_srp_server_credentials_t} type. Those password files +@code{gnutls_srp_server_credentials_t} structure. Those password files hold usernames and verifiers and will be used for SRP authentication. diff --git a/doc/functions/gnutls_srp_set_server_credentials_function b/doc/functions/gnutls_srp_set_server_credentials_function index 0a34894..9ffbd41 100644 --- a/doc/functions/gnutls_srp_set_server_credentials_function +++ b/doc/functions/gnutls_srp_set_server_credentials_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_srp_set_server_credentials_function} (gnutls_srp_server_credentials_t @var{cred}, gnutls_srp_server_credentials_function * @var{func}) -@var{cred}: is a @code{gnutls_srp_server_credentials_t} type. +@var{cred}: is a @code{gnutls_srp_server_credentials_t} structure. @var{func}: is the callback function @@ -11,18 +11,13 @@ This function can be used to set a callback to retrieve the user's SRP credentials. The callback's function form is: int (*callback)(gnutls_session_t, const char* username, -gnutls_datum_t *salt, gnutls_datum_t *verifier, gnutls_datum_t *generator, -gnutls_datum_t *prime); +gnutls_datum_t* salt, gnutls_datum_t *verifier, gnutls_datum_t* generator, +gnutls_datum_t* prime); @code{username} contains the actual username. The @code{salt} , @code{verifier} , @code{generator} and @code{prime} must be filled in using the @code{gnutls_malloc()} . For convenience @code{prime} and @code{generator} may also be one of the static parameters defined in gnutls.h. -Initially, the data field is NULL in every @code{gnutls_datum_t} -structure that the callback has to fill in. When the -callback is done GnuTLS deallocates all of those buffers -which are non-NULL, regardless of the return value. - In order to prevent attackers from guessing valid usernames, if a user does not exist, g and n values should be filled in using a random user's parameters. In that case the callback must diff --git a/doc/functions/gnutls_srp_set_server_fake_salt_seed b/doc/functions/gnutls_srp_set_server_fake_salt_seed index 6e52314..c48be08 100644 --- a/doc/functions/gnutls_srp_set_server_fake_salt_seed +++ b/doc/functions/gnutls_srp_set_server_fake_salt_seed @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_srp_set_server_fake_salt_seed} (gnutls_srp_server_credentials_t @var{cred}, const gnutls_datum_t * @var{seed}, unsigned int @var{salt_length}) -@var{cred}: is a @code{gnutls_srp_server_credentials_t} type +@var{cred}: is a @code{gnutls_srp_server_credentials_t} structure @var{seed}: is the seed data, only needs to be valid until the function returns; size of the seed must be greater than zero diff --git a/doc/functions/gnutls_srtp_get_keys b/doc/functions/gnutls_srtp_get_keys index 1070fed..691dcf8 100644 --- a/doc/functions/gnutls_srtp_get_keys +++ b/doc/functions/gnutls_srtp_get_keys @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_srtp_get_keys} (gnutls_session_t @var{session}, void * @var{key_material}, unsigned int @var{key_material_size}, gnutls_datum_t * @var{client_key}, gnutls_datum_t * @var{client_salt}, gnutls_datum_t * @var{server_key}, gnutls_datum_t * @var{server_salt}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{key_material}: Space to hold the generated key material diff --git a/doc/functions/gnutls_srtp_get_mki b/doc/functions/gnutls_srtp_get_mki index 8e7acc0..ef1c95d 100644 --- a/doc/functions/gnutls_srtp_get_mki +++ b/doc/functions/gnutls_srtp_get_mki @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_srtp_get_mki} (gnutls_session_t @var{session}, gnutls_datum_t * @var{mki}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{mki}: will hold the MKI diff --git a/doc/functions/gnutls_srtp_get_selected_profile b/doc/functions/gnutls_srtp_get_selected_profile index b381670..16ec56f 100644 --- a/doc/functions/gnutls_srtp_get_selected_profile +++ b/doc/functions/gnutls_srtp_get_selected_profile @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_srtp_get_selected_profile} (gnutls_session_t @var{session}, gnutls_srtp_profile_t * @var{profile}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{profile}: will hold the profile diff --git a/doc/functions/gnutls_srtp_set_mki b/doc/functions/gnutls_srtp_set_mki index efca51a..46c20df 100644 --- a/doc/functions/gnutls_srtp_set_mki +++ b/doc/functions/gnutls_srtp_set_mki @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_srtp_set_mki} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{mki}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{mki}: holds the MKI diff --git a/doc/functions/gnutls_srtp_set_profile b/doc/functions/gnutls_srtp_set_profile index f2108cd..35cafac 100644 --- a/doc/functions/gnutls_srtp_set_profile +++ b/doc/functions/gnutls_srtp_set_profile @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_srtp_set_profile} (gnutls_session_t @var{session}, gnutls_srtp_profile_t @var{profile}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{profile}: is the profile id to add. diff --git a/doc/functions/gnutls_srtp_set_profile_direct b/doc/functions/gnutls_srtp_set_profile_direct index 60e284e..e066ff4 100644 --- a/doc/functions/gnutls_srtp_set_profile_direct +++ b/doc/functions/gnutls_srtp_set_profile_direct @@ -3,12 +3,12 @@ @deftypefun {int} {gnutls_srtp_set_profile_direct} (gnutls_session_t @var{session}, const char * @var{profiles}, const char ** @var{err_pos}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{profiles}: is a string that contains the supported SRTP profiles, separated by colons. -@var{err_pos}: In case of an error this will have the position in the string the error occurred, may be NULL. +@var{err_pos}: In case of an error this will have the position in the string the error occured, may be NULL. This function is to be used by both clients and servers, to declare what SRTP profiles they support, to negotiate with the peer. diff --git a/doc/functions/gnutls_subject_alt_names_deinit b/doc/functions/gnutls_subject_alt_names_deinit index 0bce7dc..976c7f2 100644 --- a/doc/functions/gnutls_subject_alt_names_deinit +++ b/doc/functions/gnutls_subject_alt_names_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_subject_alt_names_deinit} (gnutls_subject_alt_names_t @var{sans}) -@var{sans}: The alternative names +@var{sans}: The alternative names structure This function will deinitialize an alternative names structure. diff --git a/doc/functions/gnutls_subject_alt_names_get b/doc/functions/gnutls_subject_alt_names_get index a7f20e0..d4e8b5b 100644 --- a/doc/functions/gnutls_subject_alt_names_get +++ b/doc/functions/gnutls_subject_alt_names_get @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_subject_alt_names_get} (gnutls_subject_alt_names_t @var{sans}, unsigned int @var{seq}, unsigned int * @var{san_type}, gnutls_datum_t * @var{san}, gnutls_datum_t * @var{othername_oid}) -@var{sans}: The alternative names +@var{sans}: The alternative names structure @var{seq}: The index of the name to get @@ -14,7 +14,7 @@ @var{othername_oid}: The object identifier if @code{san_type} is @code{GNUTLS_SAN_OTHERNAME} (should be treated as constant) This function will return a specific alternative name as stored in -the @code{sans} type. The returned values should be treated as constant +the @code{sans} structure. The returned values should be treated as constant and valid for the lifetime of @code{sans} . @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} diff --git a/doc/functions/gnutls_subject_alt_names_init b/doc/functions/gnutls_subject_alt_names_init index b1114ef..73cd594 100644 --- a/doc/functions/gnutls_subject_alt_names_init +++ b/doc/functions/gnutls_subject_alt_names_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_subject_alt_names_init} (gnutls_subject_alt_names_t * @var{sans}) -@var{sans}: The alternative names +@var{sans}: The alternative names structure This function will initialize an alternative names structure. diff --git a/doc/functions/gnutls_subject_alt_names_set b/doc/functions/gnutls_subject_alt_names_set index 5aa2efa..5c1c3b5 100644 --- a/doc/functions/gnutls_subject_alt_names_set +++ b/doc/functions/gnutls_subject_alt_names_set @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_subject_alt_names_set} (gnutls_subject_alt_names_t @var{sans}, unsigned int @var{san_type}, const gnutls_datum_t * @var{san}, const char * @var{othername_oid}) -@var{sans}: The alternative names +@var{sans}: The alternative names structure @var{san_type}: The type of the name (of @code{gnutls_subject_alt_names_t} ) @@ -12,7 +12,7 @@ @var{othername_oid}: The object identifier if @code{san_type} is @code{GNUTLS_SAN_OTHERNAME} This function will store the specified alternative name in -the @code{sans} . +the @code{sans} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a negative error value. diff --git a/doc/functions/gnutls_supplemental_recv b/doc/functions/gnutls_supplemental_recv deleted file mode 100644 index b8c9cd5..0000000 --- a/doc/functions/gnutls_supplemental_recv +++ /dev/null @@ -1,15 +0,0 @@ - - - - -@deftypefun {void} {gnutls_supplemental_recv} (gnutls_session_t @var{session}, unsigned @var{do_recv_supplemental}) -@var{session}: is a @code{gnutls_session_t} type. - -@var{do_recv_supplemental}: non-zero in order to expect supplemental data - -This function is to be called by an extension handler to -instruct gnutls to attempt to receive supplemental data -during the handshake process. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_supplemental_recv.short b/doc/functions/gnutls_supplemental_recv.short deleted file mode 100644 index 0103447..0000000 --- a/doc/functions/gnutls_supplemental_recv.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_supplemental_recv} (gnutls_session_t @var{session}, unsigned @var{do_recv_supplemental}) diff --git a/doc/functions/gnutls_supplemental_register b/doc/functions/gnutls_supplemental_register deleted file mode 100644 index 5ef24ff..0000000 --- a/doc/functions/gnutls_supplemental_register +++ /dev/null @@ -1,26 +0,0 @@ - - - - -@deftypefun {int} {gnutls_supplemental_register} (const char * @var{name}, gnutls_supplemental_data_format_type_t @var{type}, gnutls_supp_recv_func @var{recv_func}, gnutls_supp_send_func @var{send_func}) -@var{name}: the name of the supplemental data to register - -@var{type}: the type of the supplemental data format - -@var{recv_func}: the function to receive the data - -@var{send_func}: the function to send the data - -This function will register a new supplemental data type (rfc4680). -The registered data will remain until @code{gnutls_global_deinit()} -is called. The provided @code{type} must be an unassigned type in -@code{gnutls_supplemental_data_format_type_t} . If the type is already -registered or handled by GnuTLS internally @code{GNUTLS_E_ALREADY_REGISTERED} -will be returned. - -This function is not thread safe. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_supplemental_register.short b/doc/functions/gnutls_supplemental_register.short deleted file mode 100644 index 1bed386..0000000 --- a/doc/functions/gnutls_supplemental_register.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_supplemental_register} (const char * @var{name}, gnutls_supplemental_data_format_type_t @var{type}, gnutls_supp_recv_func @var{recv_func}, gnutls_supp_send_func @var{send_func}) diff --git a/doc/functions/gnutls_supplemental_send b/doc/functions/gnutls_supplemental_send deleted file mode 100644 index ad02723..0000000 --- a/doc/functions/gnutls_supplemental_send +++ /dev/null @@ -1,14 +0,0 @@ - - - - -@deftypefun {void} {gnutls_supplemental_send} (gnutls_session_t @var{session}, unsigned @var{do_send_supplemental}) -@var{session}: is a @code{gnutls_session_t} type. - -@var{do_send_supplemental}: -- undescribed -- - -This function is to be called by an extension handler to -instruct gnutls to send supplemental data during the handshake process. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_supplemental_send.short b/doc/functions/gnutls_supplemental_send.short deleted file mode 100644 index e8bbe6d..0000000 --- a/doc/functions/gnutls_supplemental_send.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_supplemental_send} (gnutls_session_t @var{session}, unsigned @var{do_send_supplemental}) diff --git a/doc/functions/gnutls_system_key_add_x509 b/doc/functions/gnutls_system_key_add_x509 deleted file mode 100644 index fca6645..0000000 --- a/doc/functions/gnutls_system_key_add_x509 +++ /dev/null @@ -1,23 +0,0 @@ - - - - -@deftypefun {int} {gnutls_system_key_add_x509} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{privkey}, const char * @var{label}, char ** @var{cert_url}, char ** @var{key_url}) -@var{crt}: the certificate to be added - -@var{privkey}: the key to be added - -@var{label}: the friendly name to describe the key - -@var{cert_url}: if non-NULL it will contain an allocated value with the certificate URL - -@var{key_url}: if non-NULL it will contain an allocated value with the key URL - -This function will added the given key and certificate pair, -to the system list. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_system_key_add_x509.short b/doc/functions/gnutls_system_key_add_x509.short deleted file mode 100644 index 4502675..0000000 --- a/doc/functions/gnutls_system_key_add_x509.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_system_key_add_x509} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{privkey}, const char * @var{label}, char ** @var{cert_url}, char ** @var{key_url}) diff --git a/doc/functions/gnutls_system_key_delete b/doc/functions/gnutls_system_key_delete deleted file mode 100644 index f0d322b..0000000 --- a/doc/functions/gnutls_system_key_delete +++ /dev/null @@ -1,16 +0,0 @@ - - - - -@deftypefun {int} {gnutls_system_key_delete} (const char * @var{cert_url}, const char * @var{key_url}) -@var{cert_url}: the URL of the certificate - -@var{key_url}: the URL of the key - -This function will delete the key and certificate pair. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_system_key_delete.short b/doc/functions/gnutls_system_key_delete.short deleted file mode 100644 index b6ccf46..0000000 --- a/doc/functions/gnutls_system_key_delete.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_system_key_delete} (const char * @var{cert_url}, const char * @var{key_url}) diff --git a/doc/functions/gnutls_system_key_iter_deinit b/doc/functions/gnutls_system_key_iter_deinit deleted file mode 100644 index 918887d..0000000 --- a/doc/functions/gnutls_system_key_iter_deinit +++ /dev/null @@ -1,11 +0,0 @@ - - - - -@deftypefun {void} {gnutls_system_key_iter_deinit} (gnutls_system_key_iter_t @var{iter}) -@var{iter}: an iterator of system keys - -This function will deinitialize the iterator. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_system_key_iter_deinit.short b/doc/functions/gnutls_system_key_iter_deinit.short deleted file mode 100644 index 75fd82b..0000000 --- a/doc/functions/gnutls_system_key_iter_deinit.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_system_key_iter_deinit} (gnutls_system_key_iter_t @var{iter}) diff --git a/doc/functions/gnutls_system_key_iter_get_info b/doc/functions/gnutls_system_key_iter_get_info deleted file mode 100644 index 175dc0f..0000000 --- a/doc/functions/gnutls_system_key_iter_get_info +++ /dev/null @@ -1,33 +0,0 @@ - - - - -@deftypefun {int} {gnutls_system_key_iter_get_info} (gnutls_system_key_iter_t * @var{iter}, unsigned @var{cert_type}, char ** @var{cert_url}, char ** @var{key_url}, char ** @var{label}, gnutls_datum_t * @var{der}, unsigned int @var{flags}) -@var{iter}: an iterator of the system keys (must be set to @code{NULL} initially) - -@var{cert_type}: A value of gnutls_certificate_type_t which indicates the type of certificate to look for - -@var{cert_url}: The certificate URL of the pair (may be @code{NULL} ) - -@var{key_url}: The key URL of the pair (may be @code{NULL} ) - -@var{label}: The friendly name (if any) of the pair (may be @code{NULL} ) - -@var{der}: if non-NULL the DER data of the certificate - -@var{flags}: should be zero - -This function will return on each call a certificate -and key pair URLs, as well as a label associated with them, -and the DER-encoded certificate. When the iteration is complete it will -return @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . - -Typically @code{cert_type} should be @code{GNUTLS_CRT_X509} . - -All values set are allocated and must be cleared using @code{gnutls_free()} , - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_system_key_iter_get_info.short b/doc/functions/gnutls_system_key_iter_get_info.short deleted file mode 100644 index eff9ad6..0000000 --- a/doc/functions/gnutls_system_key_iter_get_info.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_system_key_iter_get_info} (gnutls_system_key_iter_t * @var{iter}, unsigned @var{cert_type}, char ** @var{cert_url}, char ** @var{key_url}, char ** @var{label}, gnutls_datum_t * @var{der}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_system_recv_timeout b/doc/functions/gnutls_system_recv_timeout deleted file mode 100644 index ac905de..0000000 --- a/doc/functions/gnutls_system_recv_timeout +++ /dev/null @@ -1,20 +0,0 @@ - - - - -@deftypefun {int} {gnutls_system_recv_timeout} (gnutls_transport_ptr_t @var{ptr}, unsigned int @var{ms}) -@var{ptr}: A gnutls_transport_ptr_t pointer - -@var{ms}: The number of milliseconds to wait. - -Wait for data to be received from the provided socket ( @code{ptr} ) within a -timeout period in milliseconds, using @code{select()} on the provided @code{ptr} . - -This function is provided as a helper for constructing custom -callbacks for @code{gnutls_transport_set_pull_timeout_function()} , -which can be used if you rely on socket file descriptors. - -Returns -1 on error, 0 on timeout, positive value if data are available for reading. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_system_recv_timeout.short b/doc/functions/gnutls_system_recv_timeout.short deleted file mode 100644 index a806c7e..0000000 --- a/doc/functions/gnutls_system_recv_timeout.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_system_recv_timeout} (gnutls_transport_ptr_t @var{ptr}, unsigned int @var{ms}) diff --git a/doc/functions/gnutls_tdb_init b/doc/functions/gnutls_tdb_init index 6facbe3..dec24b5 100644 --- a/doc/functions/gnutls_tdb_init +++ b/doc/functions/gnutls_tdb_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_tdb_init} (gnutls_tdb_t * @var{tdb}) -@var{tdb}: A pointer to the type to be initialized +@var{tdb}: The structure to be initialized This function will initialize a public key trust storage structure. diff --git a/doc/functions/gnutls_tdb_set_store_commitment_func b/doc/functions/gnutls_tdb_set_store_commitment_func index 4420a4d..99b4860 100644 --- a/doc/functions/gnutls_tdb_set_store_commitment_func +++ b/doc/functions/gnutls_tdb_set_store_commitment_func @@ -10,9 +10,7 @@ This function will associate a commitment (hash) storage function with the trust storage structure. The function is of the following form. -int gnutls_tdb_store_commitment_func(const char* db_name, const char* host, +gnutls_tdb_store_commitment_func(const char* db_name, const char* host, const char* service, time_t expiration, gnutls_digest_algorithm_t, const gnutls_datum_t* hash); - -The @code{db_name} should be used to pass any private data to this function. @end deftypefun diff --git a/doc/functions/gnutls_tdb_set_store_func b/doc/functions/gnutls_tdb_set_store_func index 0152d2b..6e76510 100644 --- a/doc/functions/gnutls_tdb_set_store_func +++ b/doc/functions/gnutls_tdb_set_store_func @@ -10,9 +10,7 @@ This function will associate a storage function with the trust storage structure. The function is of the following form. -int gnutls_tdb_store_func(const char* db_name, const char* host, +gnutls_tdb_store_func(const char* db_name, const char* host, const char* service, time_t expiration, const gnutls_datum_t* pubkey); - -The @code{db_name} should be used to pass any private data to this function. @end deftypefun diff --git a/doc/functions/gnutls_tdb_set_verify_func b/doc/functions/gnutls_tdb_set_verify_func index 9e885d2..2972b8b 100644 --- a/doc/functions/gnutls_tdb_set_verify_func +++ b/doc/functions/gnutls_tdb_set_verify_func @@ -10,11 +10,6 @@ This function will associate a retrieval function with the trust storage structure. The function is of the following form. -int gnutls_tdb_verify_func(const char* db_name, const char* host, +gnutls_tdb_verify_func(const char* db_name, const char* host, const char* service, const gnutls_datum_t* pubkey); - -The verify function should return zero on a match, @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} -if there is a mismatch and any other negative error code otherwise. - -The @code{db_name} should be used to pass any private data to this function. @end deftypefun diff --git a/doc/functions/gnutls_transport_get_int b/doc/functions/gnutls_transport_get_int index ccb9758..0e34d92 100644 --- a/doc/functions/gnutls_transport_get_int +++ b/doc/functions/gnutls_transport_get_int @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_transport_get_int} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Used to get the first argument of the transport function (like PUSH and PULL). This must have been set using diff --git a/doc/functions/gnutls_transport_get_int2 b/doc/functions/gnutls_transport_get_int2 index 5e94747..fe28b4c 100644 --- a/doc/functions/gnutls_transport_get_int2 +++ b/doc/functions/gnutls_transport_get_int2 @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_transport_get_int2} (gnutls_session_t @var{session}, int * @var{recv_int}, int * @var{send_int}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{recv_int}: will hold the value for the pull function diff --git a/doc/functions/gnutls_transport_get_ptr b/doc/functions/gnutls_transport_get_ptr index ba277b8..b24a95c 100644 --- a/doc/functions/gnutls_transport_get_ptr +++ b/doc/functions/gnutls_transport_get_ptr @@ -3,7 +3,7 @@ @deftypefun {gnutls_transport_ptr_t} {gnutls_transport_get_ptr} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Used to get the first argument of the transport function (like PUSH and PULL). This must have been set using diff --git a/doc/functions/gnutls_transport_get_ptr2 b/doc/functions/gnutls_transport_get_ptr2 index 2caa8cc..d94b149 100644 --- a/doc/functions/gnutls_transport_get_ptr2 +++ b/doc/functions/gnutls_transport_get_ptr2 @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_transport_get_ptr2} (gnutls_session_t @var{session}, gnutls_transport_ptr_t * @var{recv_ptr}, gnutls_transport_ptr_t * @var{send_ptr}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{recv_ptr}: will hold the value for the pull function diff --git a/doc/functions/gnutls_transport_set_errno b/doc/functions/gnutls_transport_set_errno index f8ee01c..f5e3451 100644 --- a/doc/functions/gnutls_transport_set_errno +++ b/doc/functions/gnutls_transport_set_errno @@ -3,12 +3,12 @@ @deftypefun {void} {gnutls_transport_set_errno} (gnutls_session_t @var{session}, int @var{err}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{err}: error value to store in session-specific errno variable. Store @code{err} in the session-specific errno variable. Useful values -for @code{err} are EINTR, EAGAIN and EMSGSIZE, other values are treated will be +for @code{err} is EAGAIN and EINTR, other values are treated will be treated as real errors in the push/pull function. This function is useful in replacement push and pull functions set by diff --git a/doc/functions/gnutls_transport_set_errno_function b/doc/functions/gnutls_transport_set_errno_function index aea1b08..2acb972 100644 --- a/doc/functions/gnutls_transport_set_errno_function +++ b/doc/functions/gnutls_transport_set_errno_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_transport_set_errno_function} (gnutls_session_t @var{session}, gnutls_errno_func @var{errno_func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{errno_func}: a callback function similar to @code{write()} diff --git a/doc/functions/gnutls_transport_set_int b/doc/functions/gnutls_transport_set_int index b38c76b..b2a3523 100644 --- a/doc/functions/gnutls_transport_set_int +++ b/doc/functions/gnutls_transport_set_int @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_transport_set_int} (gnutls_session_t @var{session}, int @var{i}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{i}: is the value. diff --git a/doc/functions/gnutls_transport_set_int2 b/doc/functions/gnutls_transport_set_int2 index e2cf269..0859b09 100644 --- a/doc/functions/gnutls_transport_set_int2 +++ b/doc/functions/gnutls_transport_set_int2 @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_transport_set_int2} (gnutls_session_t @var{session}, int @var{recv_int}, int @var{send_int}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{recv_int}: is the value for the pull function diff --git a/doc/functions/gnutls_transport_set_ptr b/doc/functions/gnutls_transport_set_ptr index ae2b94c..92e0c3c 100644 --- a/doc/functions/gnutls_transport_set_ptr +++ b/doc/functions/gnutls_transport_set_ptr @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_transport_set_ptr} (gnutls_session_t @var{session}, gnutls_transport_ptr_t @var{ptr}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{ptr}: is the value. diff --git a/doc/functions/gnutls_transport_set_ptr2 b/doc/functions/gnutls_transport_set_ptr2 index 87b30f1..2242033 100644 --- a/doc/functions/gnutls_transport_set_ptr2 +++ b/doc/functions/gnutls_transport_set_ptr2 @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_transport_set_ptr2} (gnutls_session_t @var{session}, gnutls_transport_ptr_t @var{recv_ptr}, gnutls_transport_ptr_t @var{send_ptr}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{recv_ptr}: is the value for the pull function diff --git a/doc/functions/gnutls_transport_set_pull_function b/doc/functions/gnutls_transport_set_pull_function index bc45944..91648dc 100644 --- a/doc/functions/gnutls_transport_set_pull_function +++ b/doc/functions/gnutls_transport_set_pull_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_transport_set_pull_function} (gnutls_session_t @var{session}, gnutls_pull_func @var{pull_func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{pull_func}: a callback function similar to @code{read()} diff --git a/doc/functions/gnutls_transport_set_pull_timeout_function b/doc/functions/gnutls_transport_set_pull_timeout_function index 692092c..939e72e 100644 --- a/doc/functions/gnutls_transport_set_pull_timeout_function +++ b/doc/functions/gnutls_transport_set_pull_timeout_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_transport_set_pull_timeout_function} (gnutls_session_t @var{session}, gnutls_pull_timeout_func @var{func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{func}: a callback function @@ -20,15 +20,5 @@ zero if no data are immediately available. @code{gnutls_pull_timeout_func} is of the form, int (*gnutls_pull_timeout_func)(gnutls_transport_ptr_t, unsigned int ms); -This callback is necessary when @code{gnutls_handshake_set_timeout()} or -@code{gnutls_record_set_timeout()} are set. It will not be used when -non-blocking sockets are in use. That is, this function will -not operate when @code{GNUTLS_NONBLOCK} is specified in @code{gnutls_init()} , -or a custom pull function is registered without updating the -pull timeout function. - -The helper function @code{gnutls_system_recv_timeout()} is provided to -simplify writing callbacks. - @strong{Since:} 3.0 @end deftypefun diff --git a/doc/functions/gnutls_transport_set_push_function b/doc/functions/gnutls_transport_set_push_function index b4b23f1..22bda03 100644 --- a/doc/functions/gnutls_transport_set_push_function +++ b/doc/functions/gnutls_transport_set_push_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_transport_set_push_function} (gnutls_session_t @var{session}, gnutls_push_func @var{push_func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{push_func}: a callback function similar to @code{write()} diff --git a/doc/functions/gnutls_transport_set_vec_push_function b/doc/functions/gnutls_transport_set_vec_push_function index 5a85b34..8c99056 100644 --- a/doc/functions/gnutls_transport_set_vec_push_function +++ b/doc/functions/gnutls_transport_set_vec_push_function @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_transport_set_vec_push_function} (gnutls_session_t @var{session}, gnutls_vec_push_func @var{vec_func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{vec_func}: a callback function similar to @code{writev()} diff --git a/doc/functions/gnutls_x509_aia_deinit b/doc/functions/gnutls_x509_aia_deinit index 5da28e3..617dd4a 100644 --- a/doc/functions/gnutls_x509_aia_deinit +++ b/doc/functions/gnutls_x509_aia_deinit @@ -3,9 +3,9 @@ @deftypefun {void} {gnutls_x509_aia_deinit} (gnutls_x509_aia_t @var{aia}) -@var{aia}: The authority info access +@var{aia}: The authority info access structure -This function will deinitialize an authority info access type. +This function will deinitialize a CRL distribution points structure. @strong{Since:} 3.3.0 @end deftypefun diff --git a/doc/functions/gnutls_x509_aia_get b/doc/functions/gnutls_x509_aia_get index 8116d7d..e6afadd 100644 --- a/doc/functions/gnutls_x509_aia_get +++ b/doc/functions/gnutls_x509_aia_get @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_aia_get} (gnutls_x509_aia_t @var{aia}, unsigned int @var{seq}, gnutls_datum_t * @var{oid}, unsigned * @var{san_type}, gnutls_datum_t * @var{san}) -@var{aia}: The authority info access +@var{aia}: The authority info access structure @var{seq}: specifies the sequence number of the access descriptor (0 for the first one, 1 for the second etc.) @@ -13,7 +13,7 @@ @var{san}: the access location name; to be treated as constant (may be null). -This function reads from the Authority Information Access type. +This function reads from the Authority Information Access structure. The @code{seq} input parameter is used to indicate which member of the sequence the caller is interested in. The first member is 0, the diff --git a/doc/functions/gnutls_x509_aia_init b/doc/functions/gnutls_x509_aia_init index 8926c45..89544c7 100644 --- a/doc/functions/gnutls_x509_aia_init +++ b/doc/functions/gnutls_x509_aia_init @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_x509_aia_init} (gnutls_x509_aia_t * @var{aia}) -@var{aia}: The authority info access +@var{aia}: The authority info access structure -This function will initialize an authority info access type. +This function will initialize a CRL distribution points structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_aia_set b/doc/functions/gnutls_x509_aia_set index dd1a0b0..de53ef2 100644 --- a/doc/functions/gnutls_x509_aia_set +++ b/doc/functions/gnutls_x509_aia_set @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_aia_set} (gnutls_x509_aia_t @var{aia}, const char * @var{oid}, unsigned @var{san_type}, const gnutls_datum_t * @var{san}) -@var{aia}: The authority info access +@var{aia}: The authority info access structure @var{oid}: the type of data. @@ -12,7 +12,7 @@ @var{san}: The alternative name data This function will store the specified alternative name in -the @code{aia} type. +the @code{aia} structure. Typically the value for @code{oid} should be @code{GNUTLS_OID_AD_OCSP} , or @code{GNUTLS_OID_AD_CAISSUERS} . diff --git a/doc/functions/gnutls_x509_aki_deinit b/doc/functions/gnutls_x509_aki_deinit index 52c3248..f80a66b 100644 --- a/doc/functions/gnutls_x509_aki_deinit +++ b/doc/functions/gnutls_x509_aki_deinit @@ -3,9 +3,9 @@ @deftypefun {void} {gnutls_x509_aki_deinit} (gnutls_x509_aki_t @var{aki}) -@var{aki}: The authority key identifier type +@var{aki}: The authority key identifier structure -This function will deinitialize an authority key identifier. +This function will deinitialize an authority key identifier structure. @strong{Since:} 3.3.0 @end deftypefun diff --git a/doc/functions/gnutls_x509_aki_get_cert_issuer b/doc/functions/gnutls_x509_aki_get_cert_issuer index c9b63b8..052a472 100644 --- a/doc/functions/gnutls_x509_aki_get_cert_issuer +++ b/doc/functions/gnutls_x509_aki_get_cert_issuer @@ -3,21 +3,20 @@ @deftypefun {int} {gnutls_x509_aki_get_cert_issuer} (gnutls_x509_aki_t @var{aki}, unsigned int @var{seq}, unsigned int * @var{san_type}, gnutls_datum_t * @var{san}, gnutls_datum_t * @var{othername_oid}, gnutls_datum_t * @var{serial}) -@var{aki}: The authority key ID +@var{aki}: The authority key ID structure @var{seq}: The index of the name to get -@var{san_type}: Will hold the type of the name (of @code{gnutls_subject_alt_names_t} ) +@var{san_type}: Will hold the type of the name (of @code{gnutls_subject_alt_names_t} ), may be null -@var{san}: The alternative name data +@var{san}: The alternative name data (may be null and should be treated as constant) -@var{othername_oid}: The object identifier if @code{san_type} is @code{GNUTLS_SAN_OTHERNAME} +@var{othername_oid}: The object identifier if @code{san_type} is @code{GNUTLS_SAN_OTHERNAME} (should be treated as constant) -@var{serial}: The authorityCertSerialNumber number +@var{serial}: The authorityCertSerialNumber number (may be null) This function will return a specific authorityCertIssuer name as stored in -the @code{aki} type, as well as the authorityCertSerialNumber. All the returned -values should be treated as constant, and may be set to @code{NULL} when are not required. +the @code{aki} structure, as well as the authorityCertSerialNumber. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if the index is out of bounds, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_aki_get_id b/doc/functions/gnutls_x509_aki_get_id index d3cc618..d4e7bd4 100644 --- a/doc/functions/gnutls_x509_aki_get_id +++ b/doc/functions/gnutls_x509_aki_get_id @@ -3,12 +3,12 @@ @deftypefun {int} {gnutls_x509_aki_get_id} (gnutls_x509_aki_t @var{aki}, gnutls_datum_t * @var{id}) -@var{aki}: The authority key ID +@var{aki}: The authority key ID structure @var{id}: Will hold the identifier This function will return the key identifier as stored in -the @code{aki} type. The identifier should be treated as constant. +the @code{aki} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if the index is out of bounds, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_aki_init b/doc/functions/gnutls_x509_aki_init index 18244f6..0c22c81 100644 --- a/doc/functions/gnutls_x509_aki_init +++ b/doc/functions/gnutls_x509_aki_init @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_x509_aki_init} (gnutls_x509_aki_t * @var{aki}) -@var{aki}: The authority key ID type +@var{aki}: The authority key ID structure -This function will initialize an authority key ID. +This function will initialize an authority key ID structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_aki_set_cert_issuer b/doc/functions/gnutls_x509_aki_set_cert_issuer index 8b35fe0..a751bd4 100644 --- a/doc/functions/gnutls_x509_aki_set_cert_issuer +++ b/doc/functions/gnutls_x509_aki_set_cert_issuer @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_aki_set_cert_issuer} (gnutls_x509_aki_t @var{aki}, unsigned int @var{san_type}, const gnutls_datum_t * @var{san}, const char * @var{othername_oid}, const gnutls_datum_t * @var{serial}) -@var{aki}: The authority key ID +@var{aki}: The authority key ID structure @var{san_type}: the type of the name (of @code{gnutls_subject_alt_names_t} ), may be null @@ -14,7 +14,7 @@ @var{serial}: The authorityCertSerialNumber number (may be null) This function will set the authorityCertIssuer name and the authorityCertSerialNumber -to be stored in the @code{aki} type. When storing multiple names, the serial +to be stored in the @code{aki} structure. When storing multiple names, the serial should be set on the first call, and subsequent calls should use a @code{NULL} serial. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_aki_set_id b/doc/functions/gnutls_x509_aki_set_id index 669badf..073c9fd 100644 --- a/doc/functions/gnutls_x509_aki_set_id +++ b/doc/functions/gnutls_x509_aki_set_id @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_x509_aki_set_id} (gnutls_x509_aki_t @var{aki}, const gnutls_datum_t * @var{id}) -@var{aki}: The authority key ID +@var{aki}: The authority key ID structure @var{id}: the key identifier -This function will set the keyIdentifier to be stored in the @code{aki} type. +This function will set the keyIdentifier to be stored in the @code{aki} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_crl_deinit b/doc/functions/gnutls_x509_crl_deinit index 80f3dac..2c73c43 100644 --- a/doc/functions/gnutls_x509_crl_deinit +++ b/doc/functions/gnutls_x509_crl_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_x509_crl_deinit} (gnutls_x509_crl_t @var{crl}) -@var{crl}: The data to be deinitialized +@var{crl}: The structure to be deinitialized This function will deinitialize a CRL structure. @end deftypefun diff --git a/doc/functions/gnutls_x509_crl_dist_points_deinit b/doc/functions/gnutls_x509_crl_dist_points_deinit index 1cb82ad..81b4739 100644 --- a/doc/functions/gnutls_x509_crl_dist_points_deinit +++ b/doc/functions/gnutls_x509_crl_dist_points_deinit @@ -3,9 +3,9 @@ @deftypefun {void} {gnutls_x509_crl_dist_points_deinit} (gnutls_x509_crl_dist_points_t @var{cdp}) -@var{cdp}: The CRL distribution points +@var{cdp}: The CRL distribution points structure -This function will deinitialize a CRL distribution points type. +This function will deinitialize a CRL distribution points structure. @strong{Since:} 3.3.0 @end deftypefun diff --git a/doc/functions/gnutls_x509_crl_dist_points_get b/doc/functions/gnutls_x509_crl_dist_points_get index f4b51ef..105aea7 100644 --- a/doc/functions/gnutls_x509_crl_dist_points_get +++ b/doc/functions/gnutls_x509_crl_dist_points_get @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_dist_points_get} (gnutls_x509_crl_dist_points_t @var{cdp}, unsigned int @var{seq}, unsigned int * @var{type}, gnutls_datum_t * @var{san}, unsigned int * @var{reasons}) -@var{cdp}: The CRL distribution points +@var{cdp}: The CRL distribution points structure @var{seq}: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.) @@ -14,7 +14,7 @@ @var{reasons}: Revocation reasons. An ORed sequence of flags from @code{gnutls_x509_crl_reason_flags_t} . This function retrieves the individual CRL distribution points (2.5.29.31), -contained in provided type. +contained in provided structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if the index is out of bounds, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_crl_dist_points_init b/doc/functions/gnutls_x509_crl_dist_points_init index 0215be8..5182169 100644 --- a/doc/functions/gnutls_x509_crl_dist_points_init +++ b/doc/functions/gnutls_x509_crl_dist_points_init @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_x509_crl_dist_points_init} (gnutls_x509_crl_dist_points_t * @var{cdp}) -@var{cdp}: The CRL distribution points +@var{cdp}: The CRL distribution points structure -This function will initialize a CRL distribution points type. +This function will initialize a CRL distribution points structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_crl_dist_points_set b/doc/functions/gnutls_x509_crl_dist_points_set index 4c3f8d2..5f72294 100644 --- a/doc/functions/gnutls_x509_crl_dist_points_set +++ b/doc/functions/gnutls_x509_crl_dist_points_set @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_dist_points_set} (gnutls_x509_crl_dist_points_t @var{cdp}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{san}, unsigned int @var{reasons}) -@var{cdp}: The CRL distribution points +@var{cdp}: The CRL distribution points structure @var{type}: The type of the name (of @code{gnutls_subject_alt_names_t} ) @@ -11,8 +11,8 @@ @var{reasons}: Revocation reasons. An ORed sequence of flags from @code{gnutls_x509_crl_reason_flags_t} . -This function will store the specified CRL distribution point value -the @code{cdp} type. +This function will store the specified CRL distibution point value +the @code{cdp} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_crl_export b/doc/functions/gnutls_x509_crl_export index cd023da..709de29 100644 --- a/doc/functions/gnutls_x509_crl_export +++ b/doc/functions/gnutls_x509_crl_export @@ -21,5 +21,5 @@ If the structure is PEM encoded, it will have a header of "BEGIN X509 CRL". @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. +negative error value. and a negative error code on failure. @end deftypefun diff --git a/doc/functions/gnutls_x509_crl_export2 b/doc/functions/gnutls_x509_crl_export2 index 2ffd76a..864c067 100644 --- a/doc/functions/gnutls_x509_crl_export2 +++ b/doc/functions/gnutls_x509_crl_export2 @@ -17,7 +17,7 @@ If the structure is PEM encoded, it will have a header of "BEGIN X509 CRL". @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. +negative error value. and a negative error code on failure. Since 3.1.3 @end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial b/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial index 2d01a76..45940e5 100644 --- a/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial +++ b/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_get_authority_key_gn_serial} (gnutls_x509_crl_t @var{crl}, unsigned int @var{seq}, void * @var{alt}, size_t * @var{alt_size}, unsigned int * @var{alt_type}, void * @var{serial}, size_t * @var{serial_size}, unsigned int * @var{critical}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) diff --git a/doc/functions/gnutls_x509_crl_get_authority_key_id b/doc/functions/gnutls_x509_crl_get_authority_key_id index 9e3aabf..3d93b66 100644 --- a/doc/functions/gnutls_x509_crl_get_authority_key_id +++ b/doc/functions/gnutls_x509_crl_get_authority_key_id @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_get_authority_key_id} (gnutls_x509_crl_t @var{crl}, void * @var{id}, size_t * @var{id_size}, unsigned int * @var{critical}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure @var{id}: The place where the identifier will be copied diff --git a/doc/functions/gnutls_x509_crl_get_crt_count b/doc/functions/gnutls_x509_crl_get_crt_count index 3a1d64a..1f4b503 100644 --- a/doc/functions/gnutls_x509_crl_get_crt_count +++ b/doc/functions/gnutls_x509_crl_get_crt_count @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_get_crt_count} (gnutls_x509_crl_t @var{crl}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure This function will return the number of revoked certificates in the given CRL. diff --git a/doc/functions/gnutls_x509_crl_get_crt_serial b/doc/functions/gnutls_x509_crl_get_crt_serial index 38901f8..9cd4563 100644 --- a/doc/functions/gnutls_x509_crl_get_crt_serial +++ b/doc/functions/gnutls_x509_crl_get_crt_serial @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_get_crt_serial} (gnutls_x509_crl_t @var{crl}, int @var{indx}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure @var{indx}: the index of the certificate to extract (starting from 0) @@ -20,5 +20,5 @@ Note that this function will have performance issues in large sequences of revoked certificates. In that case use @code{gnutls_x509_crl_iter_crt_serial()} . @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. +negative error value. and a negative error code on error. @end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_dn_oid b/doc/functions/gnutls_x509_crl_get_dn_oid index 023704c..a89a1a2 100644 --- a/doc/functions/gnutls_x509_crl_get_dn_oid +++ b/doc/functions/gnutls_x509_crl_get_dn_oid @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_x509_crl_get_dn_oid} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{indx}: Specifies which DN OID to send. Use (0) to get the first one. -@var{oid}: a pointer to store the OID (may be null) +@var{oid}: a pointer to a structure to hold the name (may be null) @var{sizeof_oid}: initially holds the size of 'oid' diff --git a/doc/functions/gnutls_x509_crl_get_extension_data b/doc/functions/gnutls_x509_crl_get_extension_data index 4fb5256..520abce 100644 --- a/doc/functions/gnutls_x509_crl_get_extension_data +++ b/doc/functions/gnutls_x509_crl_get_extension_data @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_get_extension_data} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure @var{indx}: Specifies which extension OID to send. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crl_get_extension_data2 b/doc/functions/gnutls_x509_crl_get_extension_data2 index 5128f51..3340488 100644 --- a/doc/functions/gnutls_x509_crl_get_extension_data2 +++ b/doc/functions/gnutls_x509_crl_get_extension_data2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_get_extension_data2} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, gnutls_datum_t * @var{data}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure @var{indx}: Specifies which extension OID to read. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crl_get_extension_info b/doc/functions/gnutls_x509_crl_get_extension_info index 0530ebc..ca2cc54 100644 --- a/doc/functions/gnutls_x509_crl_get_extension_info +++ b/doc/functions/gnutls_x509_crl_get_extension_info @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_x509_crl_get_extension_info} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure @var{indx}: Specifies which extension OID to send, use (0) to get the first one. -@var{oid}: a pointer to store the OID +@var{oid}: a pointer to a structure to hold the OID @var{sizeof_oid}: initially holds the maximum size of @code{oid} , on return holds actual size of @code{oid} . diff --git a/doc/functions/gnutls_x509_crl_get_extension_oid b/doc/functions/gnutls_x509_crl_get_extension_oid index 29492e1..3dfed83 100644 --- a/doc/functions/gnutls_x509_crl_get_extension_oid +++ b/doc/functions/gnutls_x509_crl_get_extension_oid @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_x509_crl_get_extension_oid} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure @var{indx}: Specifies which extension OID to send, use (0) to get the first one. -@var{oid}: a pointer to store the OID (may be null) +@var{oid}: a pointer to a structure to hold the OID (may be null) @var{sizeof_oid}: initially holds the size of @code{oid} diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn b/doc/functions/gnutls_x509_crl_get_issuer_dn index 113afb1..af8e5aa 100644 --- a/doc/functions/gnutls_x509_crl_get_issuer_dn +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_get_issuer_dn} (const gnutls_x509_crl_t @var{crl}, char * @var{buf}, size_t * @var{sizeof_buf}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{buf}: a pointer to a structure to hold the peer's name (may be null) diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn2 b/doc/functions/gnutls_x509_crl_get_issuer_dn2 index ef0c72b..d0eb561 100644 --- a/doc/functions/gnutls_x509_crl_get_issuer_dn2 +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_get_issuer_dn2} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure @var{dn}: a pointer to a structure to hold the name @@ -13,7 +13,7 @@ described in RFC4514. The output string will be ASCII or UTF-8 encoded, depending on the certificate data. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. +negative error value. and a negative error code on error. @strong{Since:} 3.1.10 @end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid b/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid index 5d2f81c..e2a54f7 100644 --- a/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_get_issuer_dn_by_oid} (gnutls_x509_crl_t @var{crl}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{oid}: holds an Object Identified in null terminated string diff --git a/doc/functions/gnutls_x509_crl_get_next_update b/doc/functions/gnutls_x509_crl_get_next_update index 322d068..70b3ad4 100644 --- a/doc/functions/gnutls_x509_crl_get_next_update +++ b/doc/functions/gnutls_x509_crl_get_next_update @@ -3,7 +3,7 @@ @deftypefun {time_t} {gnutls_x509_crl_get_next_update} (gnutls_x509_crl_t @var{crl}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure This function will return the time the next CRL will be issued. This field is optional in a CRL so it might be normal to get an diff --git a/doc/functions/gnutls_x509_crl_get_number b/doc/functions/gnutls_x509_crl_get_number index c800afb..82c315e 100644 --- a/doc/functions/gnutls_x509_crl_get_number +++ b/doc/functions/gnutls_x509_crl_get_number @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_get_number} (gnutls_x509_crl_t @var{crl}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure @var{ret}: The place where the number will be copied diff --git a/doc/functions/gnutls_x509_crl_get_raw_issuer_dn b/doc/functions/gnutls_x509_crl_get_raw_issuer_dn index b23c881..0616b35 100644 --- a/doc/functions/gnutls_x509_crl_get_raw_issuer_dn +++ b/doc/functions/gnutls_x509_crl_get_raw_issuer_dn @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_get_raw_issuer_dn} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{dn}: will hold the starting point of the DN diff --git a/doc/functions/gnutls_x509_crl_get_signature b/doc/functions/gnutls_x509_crl_get_signature index b788132..92bf829 100644 --- a/doc/functions/gnutls_x509_crl_get_signature +++ b/doc/functions/gnutls_x509_crl_get_signature @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_get_signature} (gnutls_x509_crl_t @var{crl}, char * @var{sig}, size_t * @var{sizeof_sig}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{sig}: a pointer where the signature part will be copied (may be null). @@ -12,5 +12,5 @@ This function will extract the signature field of a CRL. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. +negative error value. and a negative error code on error. @end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_signature_algorithm b/doc/functions/gnutls_x509_crl_get_signature_algorithm index ed6bd93..f6d69a7 100644 --- a/doc/functions/gnutls_x509_crl_get_signature_algorithm +++ b/doc/functions/gnutls_x509_crl_get_signature_algorithm @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_get_signature_algorithm} (gnutls_x509_crl_t @var{crl}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure This function will return a value of the @code{gnutls_sign_algorithm_t} enumeration that is the signature algorithm. diff --git a/doc/functions/gnutls_x509_crl_get_this_update b/doc/functions/gnutls_x509_crl_get_this_update index 4cbca40..35bcc5c 100644 --- a/doc/functions/gnutls_x509_crl_get_this_update +++ b/doc/functions/gnutls_x509_crl_get_this_update @@ -3,7 +3,7 @@ @deftypefun {time_t} {gnutls_x509_crl_get_this_update} (gnutls_x509_crl_t @var{crl}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure This function will return the time this CRL was issued. diff --git a/doc/functions/gnutls_x509_crl_get_version b/doc/functions/gnutls_x509_crl_get_version index 5f1931b..a7c0efc 100644 --- a/doc/functions/gnutls_x509_crl_get_version +++ b/doc/functions/gnutls_x509_crl_get_version @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_get_version} (gnutls_x509_crl_t @var{crl}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure This function will return the version of the specified CRL. diff --git a/doc/functions/gnutls_x509_crl_import b/doc/functions/gnutls_x509_crl_import index df0059d..e82d4fb 100644 --- a/doc/functions/gnutls_x509_crl_import +++ b/doc/functions/gnutls_x509_crl_import @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_import} (gnutls_x509_crl_t @var{crl}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) -@var{crl}: The data to store the parsed CRL. +@var{crl}: The structure to store the parsed CRL. @var{data}: The DER or PEM encoded CRL. diff --git a/doc/functions/gnutls_x509_crl_init b/doc/functions/gnutls_x509_crl_init index 0e7d119..2b4ef39 100644 --- a/doc/functions/gnutls_x509_crl_init +++ b/doc/functions/gnutls_x509_crl_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_init} (gnutls_x509_crl_t * @var{crl}) -@var{crl}: A pointer to the type to be initialized +@var{crl}: The structure to be initialized This function will initialize a CRL structure. CRL stands for Certificate Revocation List. A revocation list usually contains diff --git a/doc/functions/gnutls_x509_crl_iter_crt_serial b/doc/functions/gnutls_x509_crl_iter_crt_serial index e277e60..6364112 100644 --- a/doc/functions/gnutls_x509_crl_iter_crt_serial +++ b/doc/functions/gnutls_x509_crl_iter_crt_serial @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_iter_crt_serial} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crl_iter_t * @var{iter}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t}) -@var{crl}: should contain a @code{gnutls_x509_crl_t} type +@var{crl}: should contain a @code{gnutls_x509_crl_t} structure @var{iter}: A pointer to an iterator (initially the iterator should be @code{NULL} ) @@ -24,5 +24,5 @@ is returned and the iterator is reset. After use, the iterator must be deinitialized using @code{gnutls_x509_crl_iter_deinit()} . @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. +negative error value. and a negative error code on error. @end deftypefun diff --git a/doc/functions/gnutls_x509_crl_iter_deinit b/doc/functions/gnutls_x509_crl_iter_deinit index b33581a..6c12b79 100644 --- a/doc/functions/gnutls_x509_crl_iter_deinit +++ b/doc/functions/gnutls_x509_crl_iter_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_x509_crl_iter_deinit} (gnutls_x509_crl_iter_t @var{iter}) -@var{iter}: The iterator to be deinitialized +@var{iter}: The iterator structure to be deinitialized -This function will deinitialize an iterator type. +This function will deinitialize an iterator structure. @end deftypefun diff --git a/doc/functions/gnutls_x509_crl_list_import b/doc/functions/gnutls_x509_crl_list_import index afd5c5e..9318d79 100644 --- a/doc/functions/gnutls_x509_crl_list_import +++ b/doc/functions/gnutls_x509_crl_list_import @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_list_import} (gnutls_x509_crl_t * @var{crls}, unsigned int * @var{crl_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) -@var{crls}: Indicates where the parsed CRLs will be copied to. Must not be initialized. +@var{crls}: The structures to store the parsed CRLs. Must not be initialized. @var{crl_max}: Initially must hold the maximum number of crls. It will be updated with the number of crls available. diff --git a/doc/functions/gnutls_x509_crl_list_import2 b/doc/functions/gnutls_x509_crl_list_import2 index 09c1ff9..3a6cf26 100644 --- a/doc/functions/gnutls_x509_crl_list_import2 +++ b/doc/functions/gnutls_x509_crl_list_import2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_list_import2} (gnutls_x509_crl_t ** @var{crls}, unsigned int * @var{size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) -@var{crls}: Will contain the parsed crl list. +@var{crls}: The structures to store the parsed crl list. Must not be initialized. @var{size}: It will contain the size of the list. diff --git a/doc/functions/gnutls_x509_crl_print b/doc/functions/gnutls_x509_crl_print index 4a9bd7c..73e9248 100644 --- a/doc/functions/gnutls_x509_crl_print +++ b/doc/functions/gnutls_x509_crl_print @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_x509_crl_print} (gnutls_x509_crl_t @var{crl}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) -@var{crl}: The data to be printed +@var{crl}: The structure to be printed @var{format}: Indicate the format to use -@var{out}: Newly allocated datum with null terminated string. +@var{out}: Newly allocated datum with (0) terminated string. This function will pretty print a X.509 certificate revocation list, suitable for display to a human. diff --git a/doc/functions/gnutls_x509_crl_privkey_sign b/doc/functions/gnutls_x509_crl_privkey_sign index d50e625..a9a69b9 100644 --- a/doc/functions/gnutls_x509_crl_privkey_sign +++ b/doc/functions/gnutls_x509_crl_privkey_sign @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_privkey_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{issuer}: is the certificate of the certificate issuer diff --git a/doc/functions/gnutls_x509_crl_set_crt b/doc/functions/gnutls_x509_crl_set_crt index 46b50d0..19dd462 100644 --- a/doc/functions/gnutls_x509_crl_set_crt +++ b/doc/functions/gnutls_x509_crl_set_crt @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_set_crt} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{crt}, time_t @var{revocation_time}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{crt}: a certificate of type @code{gnutls_x509_crt_t} with the revoked certificate diff --git a/doc/functions/gnutls_x509_crl_set_crt_serial b/doc/functions/gnutls_x509_crl_set_crt_serial index 5b5ffb1..d29f604 100644 --- a/doc/functions/gnutls_x509_crl_set_crt_serial +++ b/doc/functions/gnutls_x509_crl_set_crt_serial @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_set_crt_serial} (gnutls_x509_crl_t @var{crl}, const void * @var{serial}, size_t @var{serial_size}, time_t @var{revocation_time}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{serial}: The revoked certificate's serial number diff --git a/doc/functions/gnutls_x509_crl_set_next_update b/doc/functions/gnutls_x509_crl_set_next_update index 1605722..e88c275 100644 --- a/doc/functions/gnutls_x509_crl_set_next_update +++ b/doc/functions/gnutls_x509_crl_set_next_update @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_set_next_update} (gnutls_x509_crl_t @var{crl}, time_t @var{exp_time}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{exp_time}: The actual time diff --git a/doc/functions/gnutls_x509_crl_set_this_update b/doc/functions/gnutls_x509_crl_set_this_update index e9dceef..6dd405c 100644 --- a/doc/functions/gnutls_x509_crl_set_this_update +++ b/doc/functions/gnutls_x509_crl_set_this_update @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_set_this_update} (gnutls_x509_crl_t @var{crl}, time_t @var{act_time}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{act_time}: The actual time diff --git a/doc/functions/gnutls_x509_crl_set_version b/doc/functions/gnutls_x509_crl_set_version index 2b8ac45..77301e3 100644 --- a/doc/functions/gnutls_x509_crl_set_version +++ b/doc/functions/gnutls_x509_crl_set_version @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_set_version} (gnutls_x509_crl_t @var{crl}, unsigned int @var{version}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{version}: holds the version number. For CRLv1 crls must be 1. diff --git a/doc/functions/gnutls_x509_crl_sign b/doc/functions/gnutls_x509_crl_sign index 1af35a8..37b5e46 100644 --- a/doc/functions/gnutls_x509_crl_sign +++ b/doc/functions/gnutls_x509_crl_sign @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{issuer}: is the certificate of the certificate issuer diff --git a/doc/functions/gnutls_x509_crl_sign2 b/doc/functions/gnutls_x509_crl_sign2 index bd22ef0..395a4f1 100644 --- a/doc/functions/gnutls_x509_crl_sign2 +++ b/doc/functions/gnutls_x509_crl_sign2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crl_sign2} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) -@var{crl}: should contain a gnutls_x509_crl_t type +@var{crl}: should contain a gnutls_x509_crl_t structure @var{issuer}: is the certificate of the certificate issuer diff --git a/doc/functions/gnutls_x509_crq_deinit b/doc/functions/gnutls_x509_crq_deinit index 1635307..0ba99a8 100644 --- a/doc/functions/gnutls_x509_crq_deinit +++ b/doc/functions/gnutls_x509_crq_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_x509_crq_deinit} (gnutls_x509_crq_t @var{crq}) -@var{crq}: the type to be deinitialized +@var{crq}: The structure to be initialized This function will deinitialize a PKCS@code{10} certificate request structure. diff --git a/doc/functions/gnutls_x509_crq_export b/doc/functions/gnutls_x509_crq_export index 1fbc902..cabd080 100644 --- a/doc/functions/gnutls_x509_crq_export +++ b/doc/functions/gnutls_x509_crq_export @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_export} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{format}: the format of output params. One of PEM or DER. diff --git a/doc/functions/gnutls_x509_crq_export2 b/doc/functions/gnutls_x509_crq_export2 index 66d1248..cc6f6e9 100644 --- a/doc/functions/gnutls_x509_crq_export2 +++ b/doc/functions/gnutls_x509_crq_export2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_export2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{format}: the format of output params. One of PEM or DER. diff --git a/doc/functions/gnutls_x509_crq_get_attribute_by_oid b/doc/functions/gnutls_x509_crq_get_attribute_by_oid index 747a1a7..d58efbf 100644 --- a/doc/functions/gnutls_x509_crq_get_attribute_by_oid +++ b/doc/functions/gnutls_x509_crq_get_attribute_by_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{buf_size}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{oid}: holds an Object Identifier in null-terminated string diff --git a/doc/functions/gnutls_x509_crq_get_attribute_data b/doc/functions/gnutls_x509_crq_get_attribute_data index 44d04aa..cf02c2d 100644 --- a/doc/functions/gnutls_x509_crq_get_attribute_data +++ b/doc/functions/gnutls_x509_crq_get_attribute_data @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_attribute_data} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{indx}: Specifies which attribute number to get. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crq_get_attribute_info b/doc/functions/gnutls_x509_crq_get_attribute_info index 3cc3f47..ded3e4f 100644 --- a/doc/functions/gnutls_x509_crq_get_attribute_info +++ b/doc/functions/gnutls_x509_crq_get_attribute_info @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_attribute_info} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{indx}: Specifies which attribute number to get. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crq_get_basic_constraints b/doc/functions/gnutls_x509_crq_get_basic_constraints index 1ed7b37..17027ef 100644 --- a/doc/functions/gnutls_x509_crq_get_basic_constraints +++ b/doc/functions/gnutls_x509_crq_get_basic_constraints @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_basic_constraints} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{critical}, unsigned int * @var{ca}, int * @var{pathlen}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{critical}: will be non-zero if the extension is marked as critical diff --git a/doc/functions/gnutls_x509_crq_get_challenge_password b/doc/functions/gnutls_x509_crq_get_challenge_password index 2e01474..111dacd 100644 --- a/doc/functions/gnutls_x509_crq_get_challenge_password +++ b/doc/functions/gnutls_x509_crq_get_challenge_password @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_challenge_password} (gnutls_x509_crq_t @var{crq}, char * @var{pass}, size_t * @var{pass_size}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{pass}: will hold a (0)-terminated password string diff --git a/doc/functions/gnutls_x509_crq_get_dn b/doc/functions/gnutls_x509_crq_get_dn index c0d1163..4961eee 100644 --- a/doc/functions/gnutls_x509_crq_get_dn +++ b/doc/functions/gnutls_x509_crq_get_dn @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_dn} (gnutls_x509_crq_t @var{crq}, char * @var{buf}, size_t * @var{buf_size}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{buf}: a pointer to a structure to hold the name (may be @code{NULL} ) diff --git a/doc/functions/gnutls_x509_crq_get_dn2 b/doc/functions/gnutls_x509_crq_get_dn2 index eb6ce92..f3a927c 100644 --- a/doc/functions/gnutls_x509_crq_get_dn2 +++ b/doc/functions/gnutls_x509_crq_get_dn2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_dn2} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{dn}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{dn}: a pointer to a structure to hold the name diff --git a/doc/functions/gnutls_x509_crq_get_dn_by_oid b/doc/functions/gnutls_x509_crq_get_dn_by_oid index cc9f683..14010db 100644 --- a/doc/functions/gnutls_x509_crq_get_dn_by_oid +++ b/doc/functions/gnutls_x509_crq_get_dn_by_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) -@var{crq}: should contain a gnutls_x509_crq_t type +@var{crq}: should contain a gnutls_x509_crq_t structure @var{oid}: holds an Object Identifier in a null terminated string diff --git a/doc/functions/gnutls_x509_crq_get_dn_oid b/doc/functions/gnutls_x509_crq_get_dn_oid index 26ff497..47035c2 100644 --- a/doc/functions/gnutls_x509_crq_get_dn_oid +++ b/doc/functions/gnutls_x509_crq_get_dn_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_dn_oid} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) -@var{crq}: should contain a gnutls_x509_crq_t type +@var{crq}: should contain a gnutls_x509_crq_t structure @var{indx}: Specifies which DN OID to get. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crq_get_extension_by_oid b/doc/functions/gnutls_x509_crq_get_extension_by_oid index 3ac431a..4984946 100644 --- a/doc/functions/gnutls_x509_crq_get_extension_by_oid +++ b/doc/functions/gnutls_x509_crq_get_extension_by_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_extension_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{buf_size}, unsigned int * @var{critical}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{oid}: holds an Object Identifier in a null terminated string diff --git a/doc/functions/gnutls_x509_crq_get_extension_by_oid2 b/doc/functions/gnutls_x509_crq_get_extension_by_oid2 deleted file mode 100644 index edb36fd..0000000 --- a/doc/functions/gnutls_x509_crq_get_extension_by_oid2 +++ /dev/null @@ -1,27 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_crq_get_extension_by_oid2} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, gnutls_datum_t * @var{output}, unsigned int * @var{critical}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type - -@var{oid}: holds an Object Identifier in a null terminated string - -@var{indx}: In case multiple same OIDs exist in the extensions, this -specifies which to get. Use (0) to get the first one. - -@var{output}: will hold the allocated extension data - -@var{critical}: will be non-zero if the extension is marked as critical - -This function will return the extension specified by the OID in -the certificate. The extensions will be returned as binary data -DER encoded, in the provided buffer. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error code in case of an error. If the certificate does not -contain the specified extension -@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. - -@strong{Since:} 3.3.8 -@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_extension_by_oid2.short b/doc/functions/gnutls_x509_crq_get_extension_by_oid2.short deleted file mode 100644 index 88f111f..0000000 --- a/doc/functions/gnutls_x509_crq_get_extension_by_oid2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_crq_get_extension_by_oid2} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, gnutls_datum_t * @var{output}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_extension_data b/doc/functions/gnutls_x509_crq_get_extension_data index 5df6967..69620a6 100644 --- a/doc/functions/gnutls_x509_crq_get_extension_data +++ b/doc/functions/gnutls_x509_crq_get_extension_data @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_extension_data} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{indx}: Specifies which extension number to get. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crq_get_extension_data2 b/doc/functions/gnutls_x509_crq_get_extension_data2 index 9a29cdd..48d638a 100644 --- a/doc/functions/gnutls_x509_crq_get_extension_data2 +++ b/doc/functions/gnutls_x509_crq_get_extension_data2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_extension_data2} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, gnutls_datum_t * @var{data}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{indx}: Specifies which extension OID to read. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crq_get_extension_info b/doc/functions/gnutls_x509_crq_get_extension_info index cb476c0..ddf9ed4 100644 --- a/doc/functions/gnutls_x509_crq_get_extension_info +++ b/doc/functions/gnutls_x509_crq_get_extension_info @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_x509_crq_get_extension_info} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{indx}: Specifies which extension number to get. Use (0) to get the first one. -@var{oid}: a pointer to store the OID +@var{oid}: a pointer to a structure to hold the OID @var{sizeof_oid}: initially holds the maximum size of @code{oid} , on return holds actual size of @code{oid} . diff --git a/doc/functions/gnutls_x509_crq_get_key_id b/doc/functions/gnutls_x509_crq_get_key_id index e3e706b..c196395 100644 --- a/doc/functions/gnutls_x509_crq_get_key_id +++ b/doc/functions/gnutls_x509_crq_get_key_id @@ -5,7 +5,7 @@ @deftypefun {int} {gnutls_x509_crq_get_key_id} (gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) @var{crq}: a certificate of type @code{gnutls_x509_crq_t} -@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} +@var{flags}: should be 0 for now @var{output_data}: will contain the key ID diff --git a/doc/functions/gnutls_x509_crq_get_key_purpose_oid b/doc/functions/gnutls_x509_crq_get_key_purpose_oid index a843731..8b74e6c 100644 --- a/doc/functions/gnutls_x509_crq_get_key_purpose_oid +++ b/doc/functions/gnutls_x509_crq_get_key_purpose_oid @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_x509_crq_get_key_purpose_oid} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{indx}: This specifies which OID to return, use (0) to get the first one -@var{oid}: a pointer to store the OID (may be @code{NULL} ) +@var{oid}: a pointer to a buffer to hold the OID (may be @code{NULL} ) @var{sizeof_oid}: initially holds the size of @code{oid} diff --git a/doc/functions/gnutls_x509_crq_get_key_usage b/doc/functions/gnutls_x509_crq_get_key_usage index aea5de6..92bcd54 100644 --- a/doc/functions/gnutls_x509_crq_get_key_usage +++ b/doc/functions/gnutls_x509_crq_get_key_usage @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_key_usage} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{key_usage}, unsigned int * @var{critical}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{key_usage}: where the key usage bits will be stored diff --git a/doc/functions/gnutls_x509_crq_get_pk_algorithm b/doc/functions/gnutls_x509_crq_get_pk_algorithm index 13b00f0..a2602de 100644 --- a/doc/functions/gnutls_x509_crq_get_pk_algorithm +++ b/doc/functions/gnutls_x509_crq_get_pk_algorithm @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_pk_algorithm} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{bits}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{bits}: if bits is non-@code{NULL} it will hold the size of the parameters' in bits diff --git a/doc/functions/gnutls_x509_crq_get_private_key_usage_period b/doc/functions/gnutls_x509_crq_get_private_key_usage_period index b5bbbce..450c61c 100644 --- a/doc/functions/gnutls_x509_crq_get_private_key_usage_period +++ b/doc/functions/gnutls_x509_crq_get_private_key_usage_period @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_private_key_usage_period} (gnutls_x509_crq_t @var{crq}, time_t * @var{activation}, time_t * @var{expiration}, unsigned int * @var{critical}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{activation}: The activation time diff --git a/doc/functions/gnutls_x509_crq_get_signature_algorithm b/doc/functions/gnutls_x509_crq_get_signature_algorithm deleted file mode 100644 index d6a6250..0000000 --- a/doc/functions/gnutls_x509_crq_get_signature_algorithm +++ /dev/null @@ -1,16 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_crq_get_signature_algorithm} (gnutls_x509_crq_t @var{crq}) -@var{crq}: should contain a @code{gnutls_x509_cr_t} type - -This function will return a value of the @code{gnutls_sign_algorithm_t} -enumeration that is the signature algorithm that has been used to -sign this certificate request. - -@strong{Returns:} a @code{gnutls_sign_algorithm_t} value, or a negative error code on -error. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_signature_algorithm.short b/doc/functions/gnutls_x509_crq_get_signature_algorithm.short deleted file mode 100644 index 2e97396..0000000 --- a/doc/functions/gnutls_x509_crq_get_signature_algorithm.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_crq_get_signature_algorithm} (gnutls_x509_crq_t @var{crq}) diff --git a/doc/functions/gnutls_x509_crq_get_subject_alt_name b/doc/functions/gnutls_x509_crq_get_subject_alt_name index 0c07673..5e52544 100644 --- a/doc/functions/gnutls_x509_crq_get_subject_alt_name +++ b/doc/functions/gnutls_x509_crq_get_subject_alt_name @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_subject_alt_name} (gnutls_x509_crq_t @var{crq}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{ret_type}, unsigned int * @var{critical}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{seq}: specifies the sequence number of the alt name, 0 for the first one, 1 for the second etc. diff --git a/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid b/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid index 20211e7..5773ff4 100644 --- a/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid +++ b/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_subject_alt_othername_oid} (gnutls_x509_crq_t @var{crq}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) diff --git a/doc/functions/gnutls_x509_crq_get_version b/doc/functions/gnutls_x509_crq_get_version index 1650223..6894df6 100644 --- a/doc/functions/gnutls_x509_crq_get_version +++ b/doc/functions/gnutls_x509_crq_get_version @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_get_version} (gnutls_x509_crq_t @var{crq}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure This function will return the version of the specified Certificate request. diff --git a/doc/functions/gnutls_x509_crq_import b/doc/functions/gnutls_x509_crq_import index 16b4116..48929a7 100644 --- a/doc/functions/gnutls_x509_crq_import +++ b/doc/functions/gnutls_x509_crq_import @@ -3,14 +3,14 @@ @deftypefun {int} {gnutls_x509_crq_import} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) -@var{crq}: The data to store the parsed certificate request. +@var{crq}: The structure to store the parsed certificate request. @var{data}: The DER or PEM encoded certificate. @var{format}: One of DER or PEM This function will convert the given DER or PEM encoded certificate -request to a @code{gnutls_x509_crq_t} type. The output will be +request to a @code{gnutls_x509_crq_t} structure. The output will be stored in @code{crq} . If the Certificate is PEM encoded it should have a header of "NEW diff --git a/doc/functions/gnutls_x509_crq_init b/doc/functions/gnutls_x509_crq_init index e6aa025..8f04c0d 100644 --- a/doc/functions/gnutls_x509_crq_init +++ b/doc/functions/gnutls_x509_crq_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_init} (gnutls_x509_crq_t * @var{crq}) -@var{crq}: A pointer to the type to be initialized +@var{crq}: The structure to be initialized This function will initialize a PKCS@code{10} certificate request structure. diff --git a/doc/functions/gnutls_x509_crq_print b/doc/functions/gnutls_x509_crq_print index c595d2e..a598f2a 100644 --- a/doc/functions/gnutls_x509_crq_print +++ b/doc/functions/gnutls_x509_crq_print @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_x509_crq_print} (gnutls_x509_crq_t @var{crq}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) -@var{crq}: The data to be printed +@var{crq}: The structure to be printed @var{format}: Indicate the format to use -@var{out}: Newly allocated datum with null terminated string. +@var{out}: Newly allocated datum with (0) terminated string. This function will pretty print a certificate request, suitable for display to a human. diff --git a/doc/functions/gnutls_x509_crq_privkey_sign b/doc/functions/gnutls_x509_crq_privkey_sign index bf81295..0e175e9 100644 --- a/doc/functions/gnutls_x509_crq_privkey_sign +++ b/doc/functions/gnutls_x509_crq_privkey_sign @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_privkey_sign} (gnutls_x509_crq_t @var{crq}, gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{key}: holds a private key diff --git a/doc/functions/gnutls_x509_crq_set_attribute_by_oid b/doc/functions/gnutls_x509_crq_set_attribute_by_oid index 09d4a45..2f74364 100644 --- a/doc/functions/gnutls_x509_crq_set_attribute_by_oid +++ b/doc/functions/gnutls_x509_crq_set_attribute_by_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_set_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, void * @var{buf}, size_t @var{buf_size}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{oid}: holds an Object Identifier in a null-terminated string diff --git a/doc/functions/gnutls_x509_crq_set_challenge_password b/doc/functions/gnutls_x509_crq_set_challenge_password index 5135bf5..4a502d2 100644 --- a/doc/functions/gnutls_x509_crq_set_challenge_password +++ b/doc/functions/gnutls_x509_crq_set_challenge_password @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_set_challenge_password} (gnutls_x509_crq_t @var{crq}, const char * @var{pass}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{pass}: holds a (0)-terminated password diff --git a/doc/functions/gnutls_x509_crq_set_dn_by_oid b/doc/functions/gnutls_x509_crq_set_dn_by_oid index c9ecb06..675730b 100644 --- a/doc/functions/gnutls_x509_crq_set_dn_by_oid +++ b/doc/functions/gnutls_x509_crq_set_dn_by_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_set_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{data}, unsigned int @var{sizeof_data}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{oid}: holds an Object Identifier in a (0)-terminated string diff --git a/doc/functions/gnutls_x509_crq_set_key b/doc/functions/gnutls_x509_crq_set_key index 3cf1fa9..c9c245f 100644 --- a/doc/functions/gnutls_x509_crq_set_key +++ b/doc/functions/gnutls_x509_crq_set_key @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_set_key} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{key}: holds a private key diff --git a/doc/functions/gnutls_x509_crq_set_key_purpose_oid b/doc/functions/gnutls_x509_crq_set_key_purpose_oid index a1a5653..e9c0acf 100644 --- a/doc/functions/gnutls_x509_crq_set_key_purpose_oid +++ b/doc/functions/gnutls_x509_crq_set_key_purpose_oid @@ -5,7 +5,7 @@ @deftypefun {int} {gnutls_x509_crq_set_key_purpose_oid} (gnutls_x509_crq_t @var{crq}, const void * @var{oid}, unsigned int @var{critical}) @var{crq}: a certificate of type @code{gnutls_x509_crq_t} -@var{oid}: a pointer to a null-terminated string that holds the OID +@var{oid}: a pointer to a (0)-terminated string that holds the OID @var{critical}: Whether this extension will be critical or not diff --git a/doc/functions/gnutls_x509_crq_set_key_rsa_raw b/doc/functions/gnutls_x509_crq_set_key_rsa_raw index 508ce6a..5ef89e2 100644 --- a/doc/functions/gnutls_x509_crq_set_key_rsa_raw +++ b/doc/functions/gnutls_x509_crq_set_key_rsa_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_set_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{m}: holds the modulus diff --git a/doc/functions/gnutls_x509_crq_set_pubkey b/doc/functions/gnutls_x509_crq_set_pubkey index 0e1ab07..5bbc478 100644 --- a/doc/functions/gnutls_x509_crq_set_pubkey +++ b/doc/functions/gnutls_x509_crq_set_pubkey @@ -3,12 +3,12 @@ @deftypefun {int} {gnutls_x509_crq_set_pubkey} (gnutls_x509_crq_t @var{crq}, gnutls_pubkey_t @var{key}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{key}: holds a public key This function will set the public parameters from the given public -key to the request. The @code{key} can be deallocated after that. +key to the request. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_crq_set_version b/doc/functions/gnutls_x509_crq_set_version index b3be03f..6778219 100644 --- a/doc/functions/gnutls_x509_crq_set_version +++ b/doc/functions/gnutls_x509_crq_set_version @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_set_version} (gnutls_x509_crq_t @var{crq}, unsigned int @var{version}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{version}: holds the version number, for v1 Requests must be 1 diff --git a/doc/functions/gnutls_x509_crq_sign b/doc/functions/gnutls_x509_crq_sign index cb24894..ddea120 100644 --- a/doc/functions/gnutls_x509_crq_sign +++ b/doc/functions/gnutls_x509_crq_sign @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_sign} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{key}: holds a private key diff --git a/doc/functions/gnutls_x509_crq_sign2 b/doc/functions/gnutls_x509_crq_sign2 index 675969e..394f065 100644 --- a/doc/functions/gnutls_x509_crq_sign2 +++ b/doc/functions/gnutls_x509_crq_sign2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crq_sign2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) -@var{crq}: should contain a @code{gnutls_x509_crq_t} type +@var{crq}: should contain a @code{gnutls_x509_crq_t} structure @var{key}: holds a private key diff --git a/doc/functions/gnutls_x509_crt_check_email b/doc/functions/gnutls_x509_crt_check_email deleted file mode 100644 index e0af9be..0000000 --- a/doc/functions/gnutls_x509_crt_check_email +++ /dev/null @@ -1,16 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_crt_check_email} (gnutls_x509_crt_t @var{cert}, const char * @var{email}, unsigned int @var{flags}) -@var{cert}: should contain an gnutls_x509_crt_t type - -@var{email}: A null terminated string that contains an email address (RFC822) - -@var{flags}: should be zero - -This function will check if the given certificate's subject matches -the given email address. - -@strong{Returns:} non-zero for a successful match, and zero on failure. -@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_email.short b/doc/functions/gnutls_x509_crt_check_email.short deleted file mode 100644 index a6cf60d..0000000 --- a/doc/functions/gnutls_x509_crt_check_email.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_crt_check_email} (gnutls_x509_crt_t @var{cert}, const char * @var{email}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_check_hostname b/doc/functions/gnutls_x509_crt_check_hostname index e16320a..9ff0396 100644 --- a/doc/functions/gnutls_x509_crt_check_hostname +++ b/doc/functions/gnutls_x509_crt_check_hostname @@ -3,16 +3,20 @@ @deftypefun {int} {gnutls_x509_crt_check_hostname} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname}) -@var{cert}: should contain an gnutls_x509_crt_t type +@var{cert}: should contain an gnutls_x509_crt_t structure @var{hostname}: A null terminated string that contains a DNS name This function will check if the given certificate's subject matches the given hostname. This is a basic implementation of the matching -described in RFC6125, and takes into account wildcards, +described in RFC2818 (HTTPS), which takes into account wildcards, and the DNSName/IPAddress subject alternative name PKIX extension. -For details see also @code{gnutls_x509_crt_check_hostname2()} . +The comparison may have false-negatives as it is done byte by byte in +non-ascii names. + +Wildcards are only considered if the domain name consists of three +components or more, and the wildcard starts at the leftmost position. @strong{Returns:} non-zero for a successful match, and zero on failure. @end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_hostname2 b/doc/functions/gnutls_x509_crt_check_hostname2 index 1560e65..db7d47b 100644 --- a/doc/functions/gnutls_x509_crt_check_hostname2 +++ b/doc/functions/gnutls_x509_crt_check_hostname2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_check_hostname2} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname}, unsigned int @var{flags}) -@var{cert}: should contain an gnutls_x509_crt_t type +@var{cert}: should contain an gnutls_x509_crt_t structure @var{hostname}: A null terminated string that contains a DNS name @@ -11,15 +11,11 @@ This function will check if the given certificate's subject matches the given hostname. This is a basic implementation of the matching -described in RFC6125, and takes into account wildcards, +described in RFC2818 (HTTPS), which takes into account wildcards, and the DNSName/IPAddress subject alternative name PKIX extension. -IPv4 addresses are accepted by this function in the dotted-decimal -format (e.g, ddd.ddd.ddd.ddd), and IPv6 addresses in the hexadecimal -x:x:x:x:x:x:x:x format. For them the IPAddress subject alternative -name extension is consulted, as well as the DNSNames in case of a non-match. -The latter fallback exists due to misconfiguration of many servers -which place an IPAddress inside the DNSName extension. +The comparison may have false-negatives as it is done byte by byte in +non-ascii names. When the flag @code{GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS} is specified no wildcards are considered. Otherwise they are only considered if the diff --git a/doc/functions/gnutls_x509_crt_check_issuer b/doc/functions/gnutls_x509_crt_check_issuer index 899cac5..dfb4362 100644 --- a/doc/functions/gnutls_x509_crt_check_issuer +++ b/doc/functions/gnutls_x509_crt_check_issuer @@ -11,9 +11,6 @@ This function will check if the given certificate was issued by the given issuer. It checks the DN fields and the authority key identifier and subject key identifier fields match. -If the same certificate is provided at the @code{cert} and @code{issuer} fields, -it will check whether the certificate is self-signed. - @strong{Returns:} It will return true (1) if the given certificate is issued by the given issuer, and false (0) if not. @end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_revocation b/doc/functions/gnutls_x509_crt_check_revocation index 56522b4..1f97711 100644 --- a/doc/functions/gnutls_x509_crt_check_revocation +++ b/doc/functions/gnutls_x509_crt_check_revocation @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_x509_crt_check_revocation} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crl_t * @var{crl_list}, int @var{crl_list_length}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure -@var{crl_list}: should contain a list of gnutls_x509_crl_t types +@var{crl_list}: should contain a list of gnutls_x509_crl_t structures @var{crl_list_length}: the length of the crl_list diff --git a/doc/functions/gnutls_x509_crt_deinit b/doc/functions/gnutls_x509_crt_deinit index bdbdb21..52b191b 100644 --- a/doc/functions/gnutls_x509_crt_deinit +++ b/doc/functions/gnutls_x509_crt_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_x509_crt_deinit} (gnutls_x509_crt_t @var{cert}) -@var{cert}: The data to be deinitialized +@var{cert}: The structure to be deinitialized This function will deinitialize a certificate structure. @end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_activation_time b/doc/functions/gnutls_x509_crt_get_activation_time index abc1840..d05fd00 100644 --- a/doc/functions/gnutls_x509_crt_get_activation_time +++ b/doc/functions/gnutls_x509_crt_get_activation_time @@ -3,7 +3,7 @@ @deftypefun {time_t} {gnutls_x509_crt_get_activation_time} (gnutls_x509_crt_t @var{cert}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure This function will return the time this Certificate was or will be activated. diff --git a/doc/functions/gnutls_x509_crt_get_authority_info_access b/doc/functions/gnutls_x509_crt_get_authority_info_access index 02304e1..a3aece5 100644 --- a/doc/functions/gnutls_x509_crt_get_authority_info_access +++ b/doc/functions/gnutls_x509_crt_get_authority_info_access @@ -11,7 +11,7 @@ @var{data}: output data to be freed with @code{gnutls_free()} . -@var{critical}: pointer to output integer that is set to non-zero if the extension is marked as critical (may be @code{NULL} ) +@var{critical}: pointer to output integer that is set to non-0 if the extension is marked as critical (may be @code{NULL} ) Note that a simpler API to access the authority info data is provided by @code{gnutls_x509_aia_get()} and @code{gnutls_x509_ext_import_aia()} . @@ -37,20 +37,17 @@ hold the accessLocation GeneralName type (e.g., If @code{what} is @code{GNUTLS_IA_URI} , @code{data} will hold the accessLocation URI data. Requesting this @code{what} value leads to an error if the -accessLocation is not of the "uniformResourceIdentifier" type. +accessLocation is not of the "uniformResourceIdentifier" type. If @code{what} is @code{GNUTLS_IA_OCSP_URI} , @code{data} will hold the OCSP URI. Requesting this @code{what} value leads to an error if the accessMethod is not 1.3.6.1.5.5.7.48.1 aka OSCP, or if accessLocation is not of -the "uniformResourceIdentifier" type. In that case @code{GNUTLS_E_UNKNOWN_ALGORITHM} -will be returned, and @code{seq} should be increased and this function -called again. +the "uniformResourceIdentifier" type. If @code{what} is @code{GNUTLS_IA_CAISSUERS_URI} , @code{data} will hold the caIssuers URI. Requesting this @code{what} value leads to an error if the accessMethod is not 1.3.6.1.5.5.7.48.2 aka caIssuers, or if accessLocation is not of the "uniformResourceIdentifier" type. -In that case handle as in @code{GNUTLS_IA_OCSP_URI} . More @code{what} values may be allocated in the future as needed. diff --git a/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial b/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial index d4becfd..144b526 100644 --- a/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial +++ b/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_authority_key_gn_serial} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{alt}, size_t * @var{alt_size}, unsigned int * @var{alt_type}, void * @var{serial}, size_t * @var{serial_size}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) diff --git a/doc/functions/gnutls_x509_crt_get_authority_key_id b/doc/functions/gnutls_x509_crt_get_authority_key_id index 0fff034..c7180d0 100644 --- a/doc/functions/gnutls_x509_crt_get_authority_key_id +++ b/doc/functions/gnutls_x509_crt_get_authority_key_id @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_authority_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{id}, size_t * @var{id_size}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{id}: The place where the identifier will be copied diff --git a/doc/functions/gnutls_x509_crt_get_basic_constraints b/doc/functions/gnutls_x509_crt_get_basic_constraints index fdaa19d..fb0371b 100644 --- a/doc/functions/gnutls_x509_crt_get_basic_constraints +++ b/doc/functions/gnutls_x509_crt_get_basic_constraints @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_basic_constraints} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, unsigned int * @var{ca}, int * @var{pathlen}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{critical}: will be non-zero if the extension is marked as critical diff --git a/doc/functions/gnutls_x509_crt_get_ca_status b/doc/functions/gnutls_x509_crt_get_ca_status index a1a72a0..e7a5724 100644 --- a/doc/functions/gnutls_x509_crt_get_ca_status +++ b/doc/functions/gnutls_x509_crt_get_ca_status @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_ca_status} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{critical}: will be non-zero if the extension is marked as critical @@ -15,9 +15,7 @@ does not have CA flag set. Use @code{gnutls_x509_crt_get_basic_constraints()} if you want to read the pathLenConstraint field too. -@strong{Returns:} If the certificate is a CA a positive value will be -returned, or (0) if the certificate does not have CA flag set. A -negative error code may be returned in case of errors. If the -certificate does not contain the basicConstraints extension -GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. +@strong{Returns:} A negative error code may be returned in case of parsing error. +If the certificate does not contain the basicConstraints extension +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. @end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_crl_dist_points b/doc/functions/gnutls_x509_crt_get_crl_dist_points index bb7a59b..001f3b2 100644 --- a/doc/functions/gnutls_x509_crt_get_crl_dist_points +++ b/doc/functions/gnutls_x509_crt_get_crl_dist_points @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_crl_dist_points} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{reason_flags}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{seq}: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.) diff --git a/doc/functions/gnutls_x509_crt_get_dn b/doc/functions/gnutls_x509_crt_get_dn index 4825565..7853184 100644 --- a/doc/functions/gnutls_x509_crt_get_dn +++ b/doc/functions/gnutls_x509_crt_get_dn @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{buf_size}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{buf}: a pointer to a structure to hold the name (may be null) diff --git a/doc/functions/gnutls_x509_crt_get_dn2 b/doc/functions/gnutls_x509_crt_get_dn2 index b205f58..909ac89 100644 --- a/doc/functions/gnutls_x509_crt_get_dn2 +++ b/doc/functions/gnutls_x509_crt_get_dn2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_dn2} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{dn}: a pointer to a structure to hold the name @@ -13,7 +13,7 @@ described in RFC4514. The output string will be ASCII or UTF-8 encoded, depending on the certificate data. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. +negative error value. and a negative error code on error. @strong{Since:} 3.1.10 @end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_dn_by_oid b/doc/functions/gnutls_x509_crt_get_dn_by_oid index 0b72ece..0cbf671 100644 --- a/doc/functions/gnutls_x509_crt_get_dn_by_oid +++ b/doc/functions/gnutls_x509_crt_get_dn_by_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{oid}: holds an Object Identified in null terminated string diff --git a/doc/functions/gnutls_x509_crt_get_dn_oid b/doc/functions/gnutls_x509_crt_get_dn_oid index 21e607b..f22ae8e 100644 --- a/doc/functions/gnutls_x509_crt_get_dn_oid +++ b/doc/functions/gnutls_x509_crt_get_dn_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_dn_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{oid_size}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{indx}: This specifies which OID to return. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crt_get_expiration_time b/doc/functions/gnutls_x509_crt_get_expiration_time index f18d6c8..9a70240 100644 --- a/doc/functions/gnutls_x509_crt_get_expiration_time +++ b/doc/functions/gnutls_x509_crt_get_expiration_time @@ -3,7 +3,7 @@ @deftypefun {time_t} {gnutls_x509_crt_get_expiration_time} (gnutls_x509_crt_t @var{cert}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure This function will return the time this Certificate was or will be expired. diff --git a/doc/functions/gnutls_x509_crt_get_extension_by_oid b/doc/functions/gnutls_x509_crt_get_extension_by_oid index c9c3ddc..8520a82 100644 --- a/doc/functions/gnutls_x509_crt_get_extension_by_oid +++ b/doc/functions/gnutls_x509_crt_get_extension_by_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_extension_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{buf_size}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{oid}: holds an Object Identified in null terminated string diff --git a/doc/functions/gnutls_x509_crt_get_extension_by_oid2 b/doc/functions/gnutls_x509_crt_get_extension_by_oid2 deleted file mode 100644 index 2d75d8e..0000000 --- a/doc/functions/gnutls_x509_crt_get_extension_by_oid2 +++ /dev/null @@ -1,26 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_crt_get_extension_by_oid2} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, gnutls_datum_t * @var{output}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type - -@var{oid}: holds an Object Identified in null terminated string - -@var{indx}: In case multiple same OIDs exist in the extensions, this specifies which to send. Use (0) to get the first one. - -@var{output}: will hold the allocated extension data - -@var{critical}: will be non-zero if the extension is marked as critical - -This function will return the extension specified by the OID in the -certificate. The extensions will be returned as binary data DER -encoded, in the provided buffer. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, -otherwise a negative error code is returned. If the certificate does not -contain the specified extension -GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. - -@strong{Since:} 3.3.8 -@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_extension_by_oid2.short b/doc/functions/gnutls_x509_crt_get_extension_by_oid2.short deleted file mode 100644 index 9831b32..0000000 --- a/doc/functions/gnutls_x509_crt_get_extension_by_oid2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_crt_get_extension_by_oid2} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, gnutls_datum_t * @var{output}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_extension_data b/doc/functions/gnutls_x509_crt_get_extension_data index 7052245..05f915f 100644 --- a/doc/functions/gnutls_x509_crt_get_extension_data +++ b/doc/functions/gnutls_x509_crt_get_extension_data @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_extension_data} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{indx}: Specifies which extension OID to send. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crt_get_extension_data2 b/doc/functions/gnutls_x509_crt_get_extension_data2 index 2fe0e20..57822d6 100644 --- a/doc/functions/gnutls_x509_crt_get_extension_data2 +++ b/doc/functions/gnutls_x509_crt_get_extension_data2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_extension_data2} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, gnutls_datum_t * @var{data}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{indx}: Specifies which extension OID to read. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crt_get_extension_info b/doc/functions/gnutls_x509_crt_get_extension_info index ef3f852..69fb83a 100644 --- a/doc/functions/gnutls_x509_crt_get_extension_info +++ b/doc/functions/gnutls_x509_crt_get_extension_info @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_extension_info} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{oid_size}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{indx}: Specifies which extension OID to send. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crt_get_extension_oid b/doc/functions/gnutls_x509_crt_get_extension_oid index 4db3c73..ec84618 100644 --- a/doc/functions/gnutls_x509_crt_get_extension_oid +++ b/doc/functions/gnutls_x509_crt_get_extension_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_extension_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{oid_size}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{indx}: Specifies which extension OID to send. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crt_get_fingerprint b/doc/functions/gnutls_x509_crt_get_fingerprint index 56d69ca..9fe2d70 100644 --- a/doc/functions/gnutls_x509_crt_get_fingerprint +++ b/doc/functions/gnutls_x509_crt_get_fingerprint @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_fingerprint} (gnutls_x509_crt_t @var{cert}, gnutls_digest_algorithm_t @var{algo}, void * @var{buf}, size_t * @var{buf_size}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{algo}: is a digest algorithm diff --git a/doc/functions/gnutls_x509_crt_get_issuer b/doc/functions/gnutls_x509_crt_get_issuer index 34a44a8..805e30a 100644 --- a/doc/functions/gnutls_x509_crt_get_issuer +++ b/doc/functions/gnutls_x509_crt_get_issuer @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{dn}: output variable with pointer to uint8_t DN diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_name b/doc/functions/gnutls_x509_crt_get_issuer_alt_name index 345b3db..7e3030b 100644 --- a/doc/functions/gnutls_x509_crt_get_issuer_alt_name +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_name @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_issuer_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ian}, size_t * @var{ian_size}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_name2 b/doc/functions/gnutls_x509_crt_get_issuer_alt_name2 index c0d8380..96511cd 100644 --- a/doc/functions/gnutls_x509_crt_get_issuer_alt_name2 +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_name2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_issuer_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ian}, size_t * @var{ian_size}, unsigned int * @var{ian_type}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid b/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid index e838163..d6123dd 100644 --- a/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_issuer_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn b/doc/functions/gnutls_x509_crt_get_issuer_dn index cebf7d8..d18d164 100644 --- a/doc/functions/gnutls_x509_crt_get_issuer_dn +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_issuer_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{buf_size}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{buf}: a pointer to a structure to hold the name (may be null) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn2 b/doc/functions/gnutls_x509_crt_get_issuer_dn2 index 0037628..d3d4b70 100644 --- a/doc/functions/gnutls_x509_crt_get_issuer_dn2 +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_issuer_dn2} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{dn}: a pointer to a structure to hold the name @@ -13,7 +13,7 @@ described in RFC4514. The output string will be ASCII or UTF-8 encoded, depending on the certificate data. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. +negative error value. and a negative error code on error. @strong{Since:} 3.1.10 @end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid b/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid index 02852a8..531caab 100644 --- a/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_issuer_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{oid}: holds an Object Identified in null terminated string diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn_oid b/doc/functions/gnutls_x509_crt_get_issuer_dn_oid index 5703237..f2457e3 100644 --- a/doc/functions/gnutls_x509_crt_get_issuer_dn_oid +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_issuer_dn_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{oid_size}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{indx}: This specifies which OID to return. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crt_get_issuer_unique_id b/doc/functions/gnutls_x509_crt_get_issuer_unique_id index 3522f50..bafb8e3 100644 --- a/doc/functions/gnutls_x509_crt_get_issuer_unique_id +++ b/doc/functions/gnutls_x509_crt_get_issuer_unique_id @@ -17,11 +17,6 @@ If the user allocated memory buffer is not large enough to hold the full subjectUniqueID, then a GNUTLS_E_SHORT_MEMORY_BUFFER error will be returned, and buf_size will be set to the actual length. -This function had a bug prior to 3.4.8 that prevented the setting -of @code{NULL} @code{buf} to discover the @code{buf_size} . To use this function safely -with the older versions the @code{buf} must be a valid buffer that can hold -at least a single byte if @code{buf_size} is zero. - @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. @strong{Since:} 2.12.0 diff --git a/doc/functions/gnutls_x509_crt_get_key_id b/doc/functions/gnutls_x509_crt_get_key_id index 347d376..1a8edf6 100644 --- a/doc/functions/gnutls_x509_crt_get_key_id +++ b/doc/functions/gnutls_x509_crt_get_key_id @@ -5,7 +5,7 @@ @deftypefun {int} {gnutls_x509_crt_get_key_id} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) @var{crt}: Holds the certificate -@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} +@var{flags}: should be 0 for now @var{output_data}: will contain the key ID diff --git a/doc/functions/gnutls_x509_crt_get_key_purpose_oid b/doc/functions/gnutls_x509_crt_get_key_purpose_oid index e7a8310..1fa773e 100644 --- a/doc/functions/gnutls_x509_crt_get_key_purpose_oid +++ b/doc/functions/gnutls_x509_crt_get_key_purpose_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{oid_size}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{indx}: This specifies which OID to return. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crt_get_key_usage b/doc/functions/gnutls_x509_crt_get_key_usage index 483a0bb..2e9b022 100644 --- a/doc/functions/gnutls_x509_crt_get_key_usage +++ b/doc/functions/gnutls_x509_crt_get_key_usage @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_key_usage} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{key_usage}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{key_usage}: where the key usage bits will be stored diff --git a/doc/functions/gnutls_x509_crt_get_name_constraints b/doc/functions/gnutls_x509_crt_get_name_constraints index f30371f..3320bf8 100644 --- a/doc/functions/gnutls_x509_crt_get_name_constraints +++ b/doc/functions/gnutls_x509_crt_get_name_constraints @@ -3,15 +3,15 @@ @deftypefun {int} {gnutls_x509_crt_get_name_constraints} (gnutls_x509_crt_t @var{crt}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{flags}, unsigned int * @var{critical}) -@var{crt}: should contain a @code{gnutls_x509_crt_t} type +@var{crt}: should contain a @code{gnutls_x509_crt_t} structure -@var{nc}: The nameconstraints intermediate type +@var{nc}: The nameconstraints intermediate structure @var{flags}: zero or @code{GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND} @var{critical}: the extension status -This function will return an intermediate type containing +This function will return an intermediate structure containing the name constraints of the provided CA certificate. That structure can be used in combination with @code{gnutls_x509_name_constraints_check()} to verify whether a server's name is in accordance with the constraints. diff --git a/doc/functions/gnutls_x509_crt_get_pk_algorithm b/doc/functions/gnutls_x509_crt_get_pk_algorithm index ff1cbd5..0d6d448 100644 --- a/doc/functions/gnutls_x509_crt_get_pk_algorithm +++ b/doc/functions/gnutls_x509_crt_get_pk_algorithm @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_pk_algorithm} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{bits}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{bits}: if bits is non null it will hold the size of the parameters' in bits diff --git a/doc/functions/gnutls_x509_crt_get_pk_ecc_raw b/doc/functions/gnutls_x509_crt_get_pk_ecc_raw deleted file mode 100644 index 4293c46..0000000 --- a/doc/functions/gnutls_x509_crt_get_pk_ecc_raw +++ /dev/null @@ -1,21 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_crt_get_pk_ecc_raw} (gnutls_x509_crt_t @var{crt}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) -@var{crt}: Holds the certificate - -@var{curve}: will hold the curve - -@var{x}: will hold x - -@var{y}: will hold y - -This function will export the ECC public key's parameters found in -the given certificate. The new parameters will be allocated using -@code{gnutls_malloc()} and will be stored in the appropriate datum. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.1 -@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_pk_ecc_raw.short b/doc/functions/gnutls_x509_crt_get_pk_ecc_raw.short deleted file mode 100644 index 1b80a75..0000000 --- a/doc/functions/gnutls_x509_crt_get_pk_ecc_raw.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_crt_get_pk_ecc_raw} (gnutls_x509_crt_t @var{crt}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_x509_crt_get_policy b/doc/functions/gnutls_x509_crt_get_policy index d16b41d..8003338 100644 --- a/doc/functions/gnutls_x509_crt_get_policy +++ b/doc/functions/gnutls_x509_crt_get_policy @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_policy} (gnutls_x509_crt_t @var{crt}, int @var{indx}, struct gnutls_x509_policy_st * @var{policy}, unsigned int * @var{critical}) -@var{crt}: should contain a @code{gnutls_x509_crt_t} type +@var{crt}: should contain a @code{gnutls_x509_crt_t} structure @var{indx}: This specifies which policy to return. Use (0) to get the first one. diff --git a/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm b/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm index 5e3a667..76e585b 100644 --- a/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm +++ b/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm @@ -9,7 +9,7 @@ @var{mand}: If non-zero it means that the algorithm MUST use this hash. May be NULL. -This function will read the certificate and return the appropriate digest +This function will read the certifcate and return the appropriate digest algorithm to use for signing with this certificate. Some certificates (i.e. DSA might not be able to sign without the preferred algorithm). diff --git a/doc/functions/gnutls_x509_crt_get_private_key_usage_period b/doc/functions/gnutls_x509_crt_get_private_key_usage_period index ec793de..0316b41 100644 --- a/doc/functions/gnutls_x509_crt_get_private_key_usage_period +++ b/doc/functions/gnutls_x509_crt_get_private_key_usage_period @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_private_key_usage_period} (gnutls_x509_crt_t @var{cert}, time_t * @var{activation}, time_t * @var{expiration}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{activation}: The activation time diff --git a/doc/functions/gnutls_x509_crt_get_proxy b/doc/functions/gnutls_x509_crt_get_proxy index fefec55..5641731 100644 --- a/doc/functions/gnutls_x509_crt_get_proxy +++ b/doc/functions/gnutls_x509_crt_get_proxy @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_proxy} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, int * @var{pathlen}, char ** @var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{critical}: will be non-zero if the extension is marked as critical diff --git a/doc/functions/gnutls_x509_crt_get_raw_dn b/doc/functions/gnutls_x509_crt_get_raw_dn index 872bb62..527c7e2 100644 --- a/doc/functions/gnutls_x509_crt_get_raw_dn +++ b/doc/functions/gnutls_x509_crt_get_raw_dn @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_raw_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{dn}: will hold the starting point of the DN diff --git a/doc/functions/gnutls_x509_crt_get_raw_issuer_dn b/doc/functions/gnutls_x509_crt_get_raw_issuer_dn index b22578e..ec3be15 100644 --- a/doc/functions/gnutls_x509_crt_get_raw_issuer_dn +++ b/doc/functions/gnutls_x509_crt_get_raw_issuer_dn @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_raw_issuer_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{dn}: will hold the starting point of the DN diff --git a/doc/functions/gnutls_x509_crt_get_serial b/doc/functions/gnutls_x509_crt_get_serial index 990bd12..77bd53d 100644 --- a/doc/functions/gnutls_x509_crt_get_serial +++ b/doc/functions/gnutls_x509_crt_get_serial @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_serial} (gnutls_x509_crt_t @var{cert}, void * @var{result}, size_t * @var{result_size}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{result}: The place where the serial number will be copied diff --git a/doc/functions/gnutls_x509_crt_get_signature b/doc/functions/gnutls_x509_crt_get_signature index 00b05df..e2e77a0 100644 --- a/doc/functions/gnutls_x509_crt_get_signature +++ b/doc/functions/gnutls_x509_crt_get_signature @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_signature} (gnutls_x509_crt_t @var{cert}, char * @var{sig}, size_t * @var{sig_size}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{sig}: a pointer where the signature part will be copied (may be null). @@ -12,5 +12,5 @@ This function will extract the signature field of a certificate. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. +negative error value. and a negative error code on error. @end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_signature_algorithm b/doc/functions/gnutls_x509_crt_get_signature_algorithm index 6452424..0aa7c9f 100644 --- a/doc/functions/gnutls_x509_crt_get_signature_algorithm +++ b/doc/functions/gnutls_x509_crt_get_signature_algorithm @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_signature_algorithm} (gnutls_x509_crt_t @var{cert}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure This function will return a value of the @code{gnutls_sign_algorithm_t} enumeration that is the signature algorithm that has been used to diff --git a/doc/functions/gnutls_x509_crt_get_subject b/doc/functions/gnutls_x509_crt_get_subject index 194634b..428ff92 100644 --- a/doc/functions/gnutls_x509_crt_get_subject +++ b/doc/functions/gnutls_x509_crt_get_subject @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_subject} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{dn}: output variable with pointer to uint8_t DN. diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_name b/doc/functions/gnutls_x509_crt_get_subject_alt_name index 36da911..beb3a8a 100644 --- a/doc/functions/gnutls_x509_crt_get_subject_alt_name +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_name @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_subject_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_name2 b/doc/functions/gnutls_x509_crt_get_subject_alt_name2 index a369ae3..26c40ae 100644 --- a/doc/functions/gnutls_x509_crt_get_subject_alt_name2 +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_name2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_subject_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{san_type}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid b/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid index c8ea663..64f6878 100644 --- a/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_subject_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{oid}, size_t * @var{oid_size}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) diff --git a/doc/functions/gnutls_x509_crt_get_subject_key_id b/doc/functions/gnutls_x509_crt_get_subject_key_id index de230a6..c15eacd 100644 --- a/doc/functions/gnutls_x509_crt_get_subject_key_id +++ b/doc/functions/gnutls_x509_crt_get_subject_key_id @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_subject_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure @var{ret}: The place where the identifier will be copied diff --git a/doc/functions/gnutls_x509_crt_get_subject_unique_id b/doc/functions/gnutls_x509_crt_get_subject_unique_id index 864f7fa..2954650 100644 --- a/doc/functions/gnutls_x509_crt_get_subject_unique_id +++ b/doc/functions/gnutls_x509_crt_get_subject_unique_id @@ -17,10 +17,5 @@ If the user allocated memory buffer is not large enough to hold the full subjectUniqueID, then a GNUTLS_E_SHORT_MEMORY_BUFFER error will be returned, and buf_size will be set to the actual length. -This function had a bug prior to 3.4.8 that prevented the setting -of @code{NULL} @code{buf} to discover the @code{buf_size} . To use this function safely -with the older versions the @code{buf} must be a valid buffer that can hold -at least a single byte if @code{buf_size} is zero. - @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. @end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_verify_algorithm b/doc/functions/gnutls_x509_crt_get_verify_algorithm new file mode 100644 index 0000000..0225bf1 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_verify_algorithm @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_verify_algorithm} (gnutls_x509_crt_t @var{crt}, const gnutls_datum_t * @var{signature}, gnutls_digest_algorithm_t * @var{hash}) +@var{crt}: Holds the certificate + +@var{signature}: contains the signature + +@var{hash}: The result of the call with the hash algorithm used for signature + +This function will read the certifcate and the signed data to +determine the hash algorithm used to generate the signature. + +@strong{Deprecated:} Use @code{gnutls_pubkey_get_verify_algorithm()} instead. + +@strong{Returns:} the 0 if the hash algorithm is found. A negative error code is +returned on error. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_verify_algorithm.short b/doc/functions/gnutls_x509_crt_get_verify_algorithm.short new file mode 100644 index 0000000..cff8d01 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_verify_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_verify_algorithm} (gnutls_x509_crt_t @var{crt}, const gnutls_datum_t * @var{signature}, gnutls_digest_algorithm_t * @var{hash}) diff --git a/doc/functions/gnutls_x509_crt_get_version b/doc/functions/gnutls_x509_crt_get_version index f3a6408..3992d61 100644 --- a/doc/functions/gnutls_x509_crt_get_version +++ b/doc/functions/gnutls_x509_crt_get_version @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_get_version} (gnutls_x509_crt_t @var{cert}) -@var{cert}: should contain a @code{gnutls_x509_crt_t} type +@var{cert}: should contain a @code{gnutls_x509_crt_t} structure This function will return the version of the specified Certificate. diff --git a/doc/functions/gnutls_x509_crt_import b/doc/functions/gnutls_x509_crt_import index 66abf74..f33e661 100644 --- a/doc/functions/gnutls_x509_crt_import +++ b/doc/functions/gnutls_x509_crt_import @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_import} (gnutls_x509_crt_t @var{cert}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) -@var{cert}: The data to store the parsed certificate. +@var{cert}: The structure to store the parsed certificate. @var{data}: The DER or PEM encoded certificate. diff --git a/doc/functions/gnutls_x509_crt_import_pkcs11_url b/doc/functions/gnutls_x509_crt_import_pkcs11_url new file mode 100644 index 0000000..8aa2996 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_import_pkcs11_url @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_import_pkcs11_url} (gnutls_x509_crt_t @var{crt}, const char * @var{url}, unsigned int @var{flags}) +@var{crt}: A certificate of type @code{gnutls_x509_crt_t} + +@var{url}: A PKCS 11 url + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags + +This function will import a PKCS 11 certificate directly from a token +without involving the @code{gnutls_pkcs11_obj_t} structure. This function will +fail if the certificate stored is not of X.509 type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_import_pkcs11_url.short b/doc/functions/gnutls_x509_crt_import_pkcs11_url.short new file mode 100644 index 0000000..24de580 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_import_pkcs11_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_import_pkcs11_url} (gnutls_x509_crt_t @var{crt}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_import_url b/doc/functions/gnutls_x509_crt_import_url deleted file mode 100644 index bde9ac6..0000000 --- a/doc/functions/gnutls_x509_crt_import_url +++ /dev/null @@ -1,25 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_crt_import_url} (gnutls_x509_crt_t @var{crt}, const char * @var{url}, unsigned int @var{flags}) -@var{crt}: A certificate of type @code{gnutls_x509_crt_t} - -@var{url}: A PKCS 11 url - -@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags - -This function will import a PKCS 11 certificate directly from a token -without involving the @code{gnutls_pkcs11_obj_t} type. This function will -fail if the certificate stored is not of X.509 type. - -Despite its name this function will attempt to import any kind of -URL to certificate. In previous versions of gnutls this function -was named gnutls_x509_crt_import_pkcs11_url, and the old name is -an alias to this one. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_import_url.short b/doc/functions/gnutls_x509_crt_import_url.short deleted file mode 100644 index b15e6e3..0000000 --- a/doc/functions/gnutls_x509_crt_import_url.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_crt_import_url} (gnutls_x509_crt_t @var{crt}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_init b/doc/functions/gnutls_x509_crt_init index 4d5e5a5..3627189 100644 --- a/doc/functions/gnutls_x509_crt_init +++ b/doc/functions/gnutls_x509_crt_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_init} (gnutls_x509_crt_t * @var{cert}) -@var{cert}: A pointer to the type to be initialized +@var{cert}: The structure to be initialized This function will initialize an X.509 certificate structure. diff --git a/doc/functions/gnutls_x509_crt_list_import b/doc/functions/gnutls_x509_crt_list_import index d886112..28c7246 100644 --- a/doc/functions/gnutls_x509_crt_list_import +++ b/doc/functions/gnutls_x509_crt_list_import @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_list_import} (gnutls_x509_crt_t * @var{certs}, unsigned int * @var{cert_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) -@var{certs}: Indicates where the parsed list will be copied to. Must not be initialized. +@var{certs}: The structures to store the parsed certificate. Must not be initialized. @var{cert_max}: Initially must hold the maximum number of certs. It will be updated with the number of certs available. diff --git a/doc/functions/gnutls_x509_crt_list_import2 b/doc/functions/gnutls_x509_crt_list_import2 index 89ea502..018f830 100644 --- a/doc/functions/gnutls_x509_crt_list_import2 +++ b/doc/functions/gnutls_x509_crt_list_import2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_list_import2} (gnutls_x509_crt_t ** @var{certs}, unsigned int * @var{size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) -@var{certs}: Will hold the parsed certificate list. +@var{certs}: The structures to store the parsed certificate. Must not be initialized. @var{size}: It will contain the size of the list. diff --git a/doc/functions/gnutls_x509_crt_list_import_pkcs11 b/doc/functions/gnutls_x509_crt_list_import_pkcs11 index 38f47be..31fb362 100644 --- a/doc/functions/gnutls_x509_crt_list_import_pkcs11 +++ b/doc/functions/gnutls_x509_crt_list_import_pkcs11 @@ -12,7 +12,7 @@ @var{flags}: 0 for now This function will import a PKCS 11 certificate list to a list of -@code{gnutls_x509_crt_t} type. These must not be initialized. +@code{gnutls_x509_crt_t} structure. These must not be initialized. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_crt_list_verify b/doc/functions/gnutls_x509_crt_list_verify index 2fe0bd2..cf66f49 100644 --- a/doc/functions/gnutls_x509_crt_list_verify +++ b/doc/functions/gnutls_x509_crt_list_verify @@ -19,12 +19,13 @@ @var{verify}: will hold the certificate verification output. - This function will try to verify the given certificate list and -return its status. The details of the verification are the same -as in @code{gnutls_x509_trust_list_verify_crt2()} . +return its status. If no flags are specified (0), this function +will use the basicConstraints (2.5.29.19) PKIX extension. This +means that only a certificate authority is allowed to sign a +certificate. -You must check the peer's name in order to check if the verified +You must also check the peer's name in order to check if the verified certificate belongs to the actual peer. The certificate verification output will be put in @code{verify} and will diff --git a/doc/functions/gnutls_x509_crt_print b/doc/functions/gnutls_x509_crt_print index c938ebf..6891bd8 100644 --- a/doc/functions/gnutls_x509_crt_print +++ b/doc/functions/gnutls_x509_crt_print @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_x509_crt_print} (gnutls_x509_crt_t @var{cert}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) -@var{cert}: The data to be printed +@var{cert}: The structure to be printed @var{format}: Indicate the format to use -@var{out}: Newly allocated datum with null terminated string. +@var{out}: Newly allocated datum with (0) terminated string. This function will pretty print a X.509 certificate, suitable for display to a human. diff --git a/doc/functions/gnutls_x509_crt_set_crq b/doc/functions/gnutls_x509_crt_set_crq index 7d5541d..bdbd801 100644 --- a/doc/functions/gnutls_x509_crt_set_crq +++ b/doc/functions/gnutls_x509_crt_set_crq @@ -11,9 +11,6 @@ This function will set the name and public parameters as well as the extensions from the given certificate request to the certificate. Only RSA keys are currently supported. -Note that this function will only set the @code{crq} if it is self -signed and the signature is correct. See @code{gnutls_x509_crq_sign2()} . - @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_issuer_unique_id b/doc/functions/gnutls_x509_crt_set_issuer_unique_id deleted file mode 100644 index bdcdd95..0000000 --- a/doc/functions/gnutls_x509_crt_set_issuer_unique_id +++ /dev/null @@ -1,18 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_crt_set_issuer_unique_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) -@var{cert}: a certificate of type @code{gnutls_x509_crt_t} - -@var{id}: The unique ID - -@var{id_size}: Holds the size of the unique ID. - -This function will set the X.509 certificate's issuer unique ID field. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.7 -@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_issuer_unique_id.short b/doc/functions/gnutls_x509_crt_set_issuer_unique_id.short deleted file mode 100644 index 10eec97..0000000 --- a/doc/functions/gnutls_x509_crt_set_issuer_unique_id.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_crt_set_issuer_unique_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) diff --git a/doc/functions/gnutls_x509_crt_set_key b/doc/functions/gnutls_x509_crt_set_key index 3d5328c..f7fe453 100644 --- a/doc/functions/gnutls_x509_crt_set_key +++ b/doc/functions/gnutls_x509_crt_set_key @@ -8,10 +8,8 @@ @var{key}: holds a private key This function will set the public parameters from the given -private key to the certificate. - -To export the public key (i.e., the SubjectPublicKeyInfo part), check -@code{gnutls_pubkey_import_x509()} . +private key to the certificate. Only RSA keys are currently +supported. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_crt_set_name_constraints b/doc/functions/gnutls_x509_crt_set_name_constraints index e62b8a8..a596f5a 100644 --- a/doc/functions/gnutls_x509_crt_set_name_constraints +++ b/doc/functions/gnutls_x509_crt_set_name_constraints @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_set_name_constraints} (gnutls_x509_crt_t @var{crt}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{critical}) -@var{crt}: The certificate +@var{crt}: The certificate structure @var{nc}: The nameconstraints structure diff --git a/doc/functions/gnutls_x509_crt_set_pin_function b/doc/functions/gnutls_x509_crt_set_pin_function index f8eb034..b74ea09 100644 --- a/doc/functions/gnutls_x509_crt_set_pin_function +++ b/doc/functions/gnutls_x509_crt_set_pin_function @@ -14,7 +14,7 @@ it is required to access a protected object. This function overrides the global function set using @code{gnutls_pkcs11_set_pin_function()} . Note that this callback is currently used only during the import -of a PKCS @code{11} certificate with @code{gnutls_x509_crt_import_url()} . +of a PKCS @code{11} certificate with @code{gnutls_x509_crt_import_pkcs11_url()} . @strong{Since:} 3.1.0 @end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_policy b/doc/functions/gnutls_x509_crt_set_policy index b6338bd..4645a55 100644 --- a/doc/functions/gnutls_x509_crt_set_policy +++ b/doc/functions/gnutls_x509_crt_set_policy @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_x509_crt_set_policy} (gnutls_x509_crt_t @var{crt}, const struct gnutls_x509_policy_st * @var{policy}, unsigned int @var{critical}) -@var{crt}: should contain a @code{gnutls_x509_crt_t} type +@var{crt}: should contain a @code{gnutls_x509_crt_t} structure -@var{policy}: A pointer to a policy +@var{policy}: A pointer to a policy structure. @var{critical}: use non-zero if the extension is marked as critical diff --git a/doc/functions/gnutls_x509_crt_set_proxy_dn b/doc/functions/gnutls_x509_crt_set_proxy_dn index 3812dad..2162246 100644 --- a/doc/functions/gnutls_x509_crt_set_proxy_dn +++ b/doc/functions/gnutls_x509_crt_set_proxy_dn @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_crt_set_proxy_dn} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{eecrt}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) -@var{crt}: a gnutls_x509_crt_t type with the new proxy cert +@var{crt}: a gnutls_x509_crt_t structure with the new proxy cert @var{eecrt}: the end entity certificate that will be issuing the proxy diff --git a/doc/functions/gnutls_x509_crt_set_pubkey b/doc/functions/gnutls_x509_crt_set_pubkey index a31be1e..1a2421a 100644 --- a/doc/functions/gnutls_x509_crt_set_pubkey +++ b/doc/functions/gnutls_x509_crt_set_pubkey @@ -3,12 +3,12 @@ @deftypefun {int} {gnutls_x509_crt_set_pubkey} (gnutls_x509_crt_t @var{crt}, gnutls_pubkey_t @var{key}) -@var{crt}: should contain a @code{gnutls_x509_crt_t} type +@var{crt}: should contain a @code{gnutls_x509_crt_t} structure @var{key}: holds a public key This function will set the public parameters from the given public -key to the certificate. The @code{key} can be deallocated after that. +key to the request. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_crt_set_subject_unique_id b/doc/functions/gnutls_x509_crt_set_subject_unique_id deleted file mode 100644 index 4abb9a6..0000000 --- a/doc/functions/gnutls_x509_crt_set_subject_unique_id +++ /dev/null @@ -1,18 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_crt_set_subject_unique_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) -@var{cert}: a certificate of type @code{gnutls_x509_crt_t} - -@var{id}: The unique ID - -@var{id_size}: Holds the size of the unique ID. - -This function will set the X.509 certificate's subject unique ID field. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.7 -@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_subject_unique_id.short b/doc/functions/gnutls_x509_crt_set_subject_unique_id.short deleted file mode 100644 index dec6d99..0000000 --- a/doc/functions/gnutls_x509_crt_set_subject_unique_id.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_crt_set_subject_unique_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) diff --git a/doc/functions/gnutls_x509_crt_verify b/doc/functions/gnutls_x509_crt_verify index 0b9ff2c..9e78159 100644 --- a/doc/functions/gnutls_x509_crt_verify +++ b/doc/functions/gnutls_x509_crt_verify @@ -17,9 +17,6 @@ This function will try to verify the given certificate and return its status. Note that a verification error does not imply a negative return status. In that case the @code{verify} status is set. -The details of the verification are the same -as in @code{gnutls_x509_trust_list_verify_crt2()} . - @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @end deftypefun diff --git a/doc/functions/gnutls_x509_crt_verify_data b/doc/functions/gnutls_x509_crt_verify_data new file mode 100644 index 0000000..01d382c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_verify_data @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_verify_data} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) +@var{crt}: Holds the certificate + +@var{flags}: should be 0 for now + +@var{data}: holds the data to be signed + +@var{signature}: contains the signature + +This function will verify the given signed data, using the +parameters from the certificate. + +Deprecated. This function cannot be easily used securely. +Use @code{gnutls_pubkey_verify_data2()} instead. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_verify_data.short b/doc/functions/gnutls_x509_crt_verify_data.short new file mode 100644 index 0000000..f20aac4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_verify_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_verify_data} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_x509_crt_verify_data2 b/doc/functions/gnutls_x509_crt_verify_data2 deleted file mode 100644 index 40325b0..0000000 --- a/doc/functions/gnutls_x509_crt_verify_data2 +++ /dev/null @@ -1,23 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_crt_verify_data2} (gnutls_x509_crt_t @var{crt}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) -@var{crt}: Holds the certificate to verify with - -@var{algo}: The signature algorithm used - -@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} - -@var{data}: holds the signed data - -@var{signature}: contains the signature - -This function will verify the given signed data, using the -parameters from the certificate. - -@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} -is returned, and zero or positive code on success. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_verify_data2.short b/doc/functions/gnutls_x509_crt_verify_data2.short deleted file mode 100644 index b6eec3d..0000000 --- a/doc/functions/gnutls_x509_crt_verify_data2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_crt_verify_data2} (gnutls_x509_crt_t @var{crt}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_x509_crt_verify_hash b/doc/functions/gnutls_x509_crt_verify_hash new file mode 100644 index 0000000..8d324aa --- /dev/null +++ b/doc/functions/gnutls_x509_crt_verify_hash @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_verify_hash} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature}) +@var{crt}: Holds the certificate + +@var{flags}: should be 0 for now + +@var{hash}: holds the hash digest to be verified + +@var{signature}: contains the signature + +This function will verify the given signed digest, using the +parameters from the certificate. + +Deprecated. This function cannot be easily used securely. +Use @code{gnutls_pubkey_verify_hash2()} instead. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_verify_hash.short b/doc/functions/gnutls_x509_crt_verify_hash.short new file mode 100644 index 0000000..d96d803 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_verify_hash.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_verify_hash} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_x509_dn_get_str b/doc/functions/gnutls_x509_dn_get_str deleted file mode 100644 index 927a9c2..0000000 --- a/doc/functions/gnutls_x509_dn_get_str +++ /dev/null @@ -1,19 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_dn_get_str} (gnutls_x509_dn_t @var{dn}, gnutls_datum_t * @var{str}) -@var{dn}: a pointer to DN - -@var{str}: a datum that will hold the name - -This function will allocate buffer and copy the name in the provided DN. -The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as -described in RFC4514. The output string will be ASCII or UTF-8 -encoded, depending on the certificate data. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.2 -@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_get_str.short b/doc/functions/gnutls_x509_dn_get_str.short deleted file mode 100644 index 841d7c8..0000000 --- a/doc/functions/gnutls_x509_dn_get_str.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_dn_get_str} (gnutls_x509_dn_t @var{dn}, gnutls_datum_t * @var{str}) diff --git a/doc/functions/gnutls_x509_dn_import b/doc/functions/gnutls_x509_dn_import index 98aa033..0048bc1 100644 --- a/doc/functions/gnutls_x509_dn_import +++ b/doc/functions/gnutls_x509_dn_import @@ -8,7 +8,7 @@ @var{data}: should contain a DER encoded RDN sequence This function parses an RDN sequence and stores the result to a -@code{gnutls_x509_dn_t} type. The data must have been initialized +@code{gnutls_x509_dn_t} structure. The structure must have been initialized with @code{gnutls_x509_dn_init()} . You may use @code{gnutls_x509_dn_get_rdn_ava()} to decode the DN. diff --git a/doc/functions/gnutls_x509_dn_init b/doc/functions/gnutls_x509_dn_init index 9353773..646a8d9 100644 --- a/doc/functions/gnutls_x509_dn_init +++ b/doc/functions/gnutls_x509_dn_init @@ -5,7 +5,7 @@ @deftypefun {int} {gnutls_x509_dn_init} (gnutls_x509_dn_t * @var{dn}) @var{dn}: the object to be initialized -This function initializes a @code{gnutls_x509_dn_t} type. +This function initializes a @code{gnutls_x509_dn_t} structure. The object returned must be deallocated using @code{gnutls_x509_dn_deinit()} . diff --git a/doc/functions/gnutls_x509_ext_deinit b/doc/functions/gnutls_x509_ext_deinit deleted file mode 100644 index b085fab..0000000 --- a/doc/functions/gnutls_x509_ext_deinit +++ /dev/null @@ -1,11 +0,0 @@ - - - - -@deftypefun {void} {gnutls_x509_ext_deinit} (gnutls_x509_ext_st * @var{ext}) -@var{ext}: The extensions structure - -This function will deinitialize an extensions structure. - -@strong{Since:} 3.3.8 -@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_deinit.short b/doc/functions/gnutls_x509_ext_deinit.short deleted file mode 100644 index 103ce4f..0000000 --- a/doc/functions/gnutls_x509_ext_deinit.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_x509_ext_deinit} (gnutls_x509_ext_st * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_aia b/doc/functions/gnutls_x509_ext_export_aia index ec3f4ad..ba2e098 100644 --- a/doc/functions/gnutls_x509_ext_export_aia +++ b/doc/functions/gnutls_x509_ext_export_aia @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_ext_export_aia} (gnutls_x509_aia_t @var{aia}, gnutls_datum_t * @var{ext}) -@var{aia}: The authority info access +@var{aia}: The authority info access structure @var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . diff --git a/doc/functions/gnutls_x509_ext_export_authority_key_id b/doc/functions/gnutls_x509_ext_export_authority_key_id index dfa8bb4..6d038a3 100644 --- a/doc/functions/gnutls_x509_ext_export_authority_key_id +++ b/doc/functions/gnutls_x509_ext_export_authority_key_id @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_ext_export_authority_key_id} (gnutls_x509_aki_t @var{aki}, gnutls_datum_t * @var{ext}) -@var{aki}: An initialized authority key identifier +@var{aki}: An initialized authority key identifier structure @var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . diff --git a/doc/functions/gnutls_x509_ext_export_crl_dist_points b/doc/functions/gnutls_x509_ext_export_crl_dist_points index 5183627..758e643 100644 --- a/doc/functions/gnutls_x509_ext_export_crl_dist_points +++ b/doc/functions/gnutls_x509_ext_export_crl_dist_points @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_ext_export_crl_dist_points} (gnutls_x509_crl_dist_points_t @var{cdp}, gnutls_datum_t * @var{ext}) -@var{cdp}: A pointer to an initialized CRL distribution points. +@var{cdp}: A pointer to an initialized CRL distribution points structure. @var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . diff --git a/doc/functions/gnutls_x509_ext_export_key_purposes b/doc/functions/gnutls_x509_ext_export_key_purposes index d485134..5fb33e1 100644 --- a/doc/functions/gnutls_x509_ext_export_key_purposes +++ b/doc/functions/gnutls_x509_ext_export_key_purposes @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_x509_ext_export_key_purposes} (gnutls_x509_key_purposes_t @var{p}, gnutls_datum_t * @var{ext}) -@var{p}: The key purposes +@var{p}: The key purposes structure @var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . -This function will convert the key purposes type to a +This function will convert the key purposes structure to a DER-encoded PKIX ExtKeyUsageSyntax (2.5.29.37) extension. The output data in @code{ext} will be allocated usin @code{gnutls_malloc()} . diff --git a/doc/functions/gnutls_x509_ext_export_name_constraints b/doc/functions/gnutls_x509_ext_export_name_constraints index 045a39a..4172365 100644 --- a/doc/functions/gnutls_x509_ext_export_name_constraints +++ b/doc/functions/gnutls_x509_ext_export_name_constraints @@ -3,11 +3,11 @@ @deftypefun {int} {gnutls_x509_ext_export_name_constraints} (gnutls_x509_name_constraints_t @var{nc}, gnutls_datum_t * @var{ext}) -@var{nc}: The nameconstraints +@var{nc}: The nameconstraints structure @var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . -This function will convert the provided name constraints type to a +This function will convert the provided name constraints structure to a DER-encoded PKIX NameConstraints (2.5.29.30) extension. The output data in @code{ext} will be allocated usin @code{gnutls_malloc()} . diff --git a/doc/functions/gnutls_x509_ext_export_policies b/doc/functions/gnutls_x509_ext_export_policies index 7ca30b7..87da5c2 100644 --- a/doc/functions/gnutls_x509_ext_export_policies +++ b/doc/functions/gnutls_x509_ext_export_policies @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_ext_export_policies} (gnutls_x509_policies_t @var{policies}, gnutls_datum_t * @var{ext}) -@var{policies}: A pointer to an initialized policies. +@var{policies}: A pointer to an initialized policies structure. @var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . diff --git a/doc/functions/gnutls_x509_ext_export_subject_alt_names b/doc/functions/gnutls_x509_ext_export_subject_alt_names index d2357c3..b51c616 100644 --- a/doc/functions/gnutls_x509_ext_export_subject_alt_names +++ b/doc/functions/gnutls_x509_ext_export_subject_alt_names @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_ext_export_subject_alt_names} (gnutls_subject_alt_names_t @var{sans}, gnutls_datum_t * @var{ext}) -@var{sans}: The alternative names +@var{sans}: The alternative names structure @var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . diff --git a/doc/functions/gnutls_x509_ext_import_aia b/doc/functions/gnutls_x509_ext_import_aia index fb75b44..c579854 100644 --- a/doc/functions/gnutls_x509_ext_import_aia +++ b/doc/functions/gnutls_x509_ext_import_aia @@ -5,7 +5,7 @@ @deftypefun {int} {gnutls_x509_ext_import_aia} (const gnutls_datum_t * @var{ext}, gnutls_x509_aia_t @var{aia}, unsigned int @var{flags}) @var{ext}: The DER-encoded extension data -@var{aia}: The authority info access +@var{aia}: The authority info access structure @var{flags}: should be zero diff --git a/doc/functions/gnutls_x509_ext_import_authority_key_id b/doc/functions/gnutls_x509_ext_import_authority_key_id index ea90f40..c2bf353 100644 --- a/doc/functions/gnutls_x509_ext_import_authority_key_id +++ b/doc/functions/gnutls_x509_ext_import_authority_key_id @@ -5,7 +5,7 @@ @deftypefun {int} {gnutls_x509_ext_import_authority_key_id} (const gnutls_datum_t * @var{ext}, gnutls_x509_aki_t @var{aki}, unsigned int @var{flags}) @var{ext}: a DER encoded extension -@var{aki}: An initialized authority key identifier type +@var{aki}: An initialized authority key identifier structure @var{flags}: should be zero diff --git a/doc/functions/gnutls_x509_ext_import_crl_dist_points b/doc/functions/gnutls_x509_ext_import_crl_dist_points index a10022a..1e79703 100644 --- a/doc/functions/gnutls_x509_ext_import_crl_dist_points +++ b/doc/functions/gnutls_x509_ext_import_crl_dist_points @@ -5,12 +5,12 @@ @deftypefun {int} {gnutls_x509_ext_import_crl_dist_points} (const gnutls_datum_t * @var{ext}, gnutls_x509_crl_dist_points_t @var{cdp}, unsigned int @var{flags}) @var{ext}: the DER encoded extension data -@var{cdp}: A pointer to an initialized CRL distribution points. +@var{cdp}: A pointer to an initialized CRL distribution points structure. @var{flags}: should be zero This function will extract the CRL distribution points extension (2.5.29.31) -and store it into the provided type. +and store it into the provided structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_ext_import_key_purposes b/doc/functions/gnutls_x509_ext_import_key_purposes index e0f5479..ae41488 100644 --- a/doc/functions/gnutls_x509_ext_import_key_purposes +++ b/doc/functions/gnutls_x509_ext_import_key_purposes @@ -5,13 +5,13 @@ @deftypefun {int} {gnutls_x509_ext_import_key_purposes} (const gnutls_datum_t * @var{ext}, gnutls_x509_key_purposes_t @var{p}, unsigned int @var{flags}) @var{ext}: The DER-encoded extension data -@var{p}: The key purposes +@var{p}: The key purposes structure @var{flags}: should be zero This function will extract the key purposes in the provided DER-encoded -ExtKeyUsageSyntax PKIX extension, to a @code{gnutls_x509_key_purposes_t} type. -The data must be initialized. +ExtKeyUsageSyntax PKIX extension, to a @code{gnutls_x509_key_purposes_t} structure. +The structure must be initialized. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_ext_import_name_constraints b/doc/functions/gnutls_x509_ext_import_name_constraints index 0a20a4e..fd7c317 100644 --- a/doc/functions/gnutls_x509_ext_import_name_constraints +++ b/doc/functions/gnutls_x509_ext_import_name_constraints @@ -5,18 +5,19 @@ @deftypefun {int} {gnutls_x509_ext_import_name_constraints} (const gnutls_datum_t * @var{ext}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{flags}) @var{ext}: a DER encoded extension -@var{nc}: The nameconstraints +@var{nc}: The nameconstraints intermediate structure @var{flags}: zero or @code{GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND} -This function will return an intermediate type containing +This function will return an intermediate structure containing the name constraints of the provided NameConstraints extension. That -can be used in combination with @code{gnutls_x509_name_constraints_check()} +structure can be used in combination with @code{gnutls_x509_name_constraints_check()} to verify whether a server's name is in accordance with the constraints. When the @code{flags} is set to @code{GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND} , then if -the @code{nc} type is empty this function will behave identically as if the flag was not set. -Otherwise if there are elements in the @code{nc} type then only the +the @code{nc} structure is empty +this function will behave identically as if the flag was not set. +Otherwise if there are elements in the @code{nc} structure then only the excluded constraints will be appended to the constraints. Note that @code{nc} must be initialized prior to calling this function. diff --git a/doc/functions/gnutls_x509_ext_import_policies b/doc/functions/gnutls_x509_ext_import_policies index cbf988e..6af8b83 100644 --- a/doc/functions/gnutls_x509_ext_import_policies +++ b/doc/functions/gnutls_x509_ext_import_policies @@ -5,12 +5,12 @@ @deftypefun {int} {gnutls_x509_ext_import_policies} (const gnutls_datum_t * @var{ext}, gnutls_x509_policies_t @var{policies}, unsigned int @var{flags}) @var{ext}: the DER encoded extension data -@var{policies}: A pointer to an initialized policies. +@var{policies}: A pointer to an initialized policies structures. @var{flags}: should be zero This function will extract the certificate policy extension (2.5.29.32) -and store it the provided policies. +and store it the provided structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_ext_import_proxy b/doc/functions/gnutls_x509_ext_import_proxy index 29b34d4..4548305 100644 --- a/doc/functions/gnutls_x509_ext_import_proxy +++ b/doc/functions/gnutls_x509_ext_import_proxy @@ -17,7 +17,6 @@ field and the actual value, -1 indicate that the field is absent. This function will return the information from a proxy certificate extension. It reads the ProxyCertInfo X.509 extension (1.3.6.1.5.5.7.1.14). -The @code{policyLanguage} and @code{policy} values must be deinitialized using @code{gnutls_free()} after use. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_ext_import_subject_alt_names b/doc/functions/gnutls_x509_ext_import_subject_alt_names index a5a9d19..72306c7 100644 --- a/doc/functions/gnutls_x509_ext_import_subject_alt_names +++ b/doc/functions/gnutls_x509_ext_import_subject_alt_names @@ -5,12 +5,13 @@ @deftypefun {int} {gnutls_x509_ext_import_subject_alt_names} (const gnutls_datum_t * @var{ext}, gnutls_subject_alt_names_t @var{sans}, unsigned int @var{flags}) @var{ext}: The DER-encoded extension data -@var{sans}: The alternative names +@var{sans}: The alternative names structure @var{flags}: should be zero This function will export the alternative names in the provided DER-encoded -SubjectAltName PKIX extension, to a @code{gnutls_subject_alt_names_t} type. @code{sans} must be initialized. +SubjectAltName PKIX extension, to a @code{gnutls_subject_alt_names_t} structure. The structure +must have been initialized. This function will succeed even if there no subject alternative names in the structure. diff --git a/doc/functions/gnutls_x509_ext_print b/doc/functions/gnutls_x509_ext_print deleted file mode 100644 index be03f68..0000000 --- a/doc/functions/gnutls_x509_ext_print +++ /dev/null @@ -1,21 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_ext_print} (gnutls_x509_ext_st * @var{exts}, unsigned int @var{exts_size}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) -@var{exts}: The data to be printed - -@var{exts_size}: the number of available structures - -@var{format}: Indicate the format to use - -@var{out}: Newly allocated datum with null terminated string. - -This function will pretty print X.509 certificate extensions, -suitable for display to a human. - -The output @code{out} needs to be deallocated using @code{gnutls_free()} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. -@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_print.short b/doc/functions/gnutls_x509_ext_print.short deleted file mode 100644 index d4ec00a..0000000 --- a/doc/functions/gnutls_x509_ext_print.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_ext_print} (gnutls_x509_ext_st * @var{exts}, unsigned int @var{exts_size}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_key_purpose_deinit b/doc/functions/gnutls_x509_key_purpose_deinit index 295d46b..9a633b2 100644 --- a/doc/functions/gnutls_x509_key_purpose_deinit +++ b/doc/functions/gnutls_x509_key_purpose_deinit @@ -3,9 +3,9 @@ @deftypefun {void} {gnutls_x509_key_purpose_deinit} (gnutls_x509_key_purposes_t @var{p}) -@var{p}: The key purposes +@var{p}: The key purposes structure -This function will deinitialize a key purposes type. +This function will deinitialize an alternative names structure. @strong{Since:} 3.3.0 @end deftypefun diff --git a/doc/functions/gnutls_x509_key_purpose_get b/doc/functions/gnutls_x509_key_purpose_get index 0877448..5bf6f4c 100644 --- a/doc/functions/gnutls_x509_key_purpose_get +++ b/doc/functions/gnutls_x509_key_purpose_get @@ -3,14 +3,14 @@ @deftypefun {int} {gnutls_x509_key_purpose_get} (gnutls_x509_key_purposes_t @var{p}, unsigned @var{idx}, gnutls_datum_t * @var{oid}) -@var{p}: The key purposes +@var{p}: The key purposes structure @var{idx}: The index of the key purpose to retrieve @var{oid}: Will hold the object identifier of the key purpose (to be treated as constant) This function will retrieve the specified by the index key purpose in the -purposes type. The object identifier will be a null terminated string. +purposes structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if the index is out of bounds, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_key_purpose_init b/doc/functions/gnutls_x509_key_purpose_init index fa74893..984deb3 100644 --- a/doc/functions/gnutls_x509_key_purpose_init +++ b/doc/functions/gnutls_x509_key_purpose_init @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_x509_key_purpose_init} (gnutls_x509_key_purposes_t * @var{p}) -@var{p}: The key purposes +@var{p}: The key purposes structure -This function will initialize an alternative names type. +This function will initialize an alternative names structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_key_purpose_set b/doc/functions/gnutls_x509_key_purpose_set index 346c60d..4d172ac 100644 --- a/doc/functions/gnutls_x509_key_purpose_set +++ b/doc/functions/gnutls_x509_key_purpose_set @@ -3,12 +3,12 @@ @deftypefun {int} {gnutls_x509_key_purpose_set} (gnutls_x509_key_purposes_t @var{p}, const char * @var{oid}) -@var{p}: The key purposes +@var{p}: The key purposes structure @var{oid}: The object identifier of the key purpose This function will store the specified key purpose in the -purposes. +purposes structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_name_constraints_add_excluded b/doc/functions/gnutls_x509_name_constraints_add_excluded index 902694c..d058a8a 100644 --- a/doc/functions/gnutls_x509_name_constraints_add_excluded +++ b/doc/functions/gnutls_x509_name_constraints_add_excluded @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_name_constraints_add_excluded} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) -@var{nc}: The nameconstraints +@var{nc}: The nameconstraints structure @var{type}: The type of the constraints diff --git a/doc/functions/gnutls_x509_name_constraints_add_permitted b/doc/functions/gnutls_x509_name_constraints_add_permitted index cf5a60b..4d8067f 100644 --- a/doc/functions/gnutls_x509_name_constraints_add_permitted +++ b/doc/functions/gnutls_x509_name_constraints_add_permitted @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_name_constraints_add_permitted} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) -@var{nc}: The nameconstraints +@var{nc}: The nameconstraints structure @var{type}: The type of the constraints diff --git a/doc/functions/gnutls_x509_name_constraints_check b/doc/functions/gnutls_x509_name_constraints_check index da4ffa2..068f3b2 100644 --- a/doc/functions/gnutls_x509_name_constraints_check +++ b/doc/functions/gnutls_x509_name_constraints_check @@ -3,7 +3,7 @@ @deftypefun {unsigned} {gnutls_x509_name_constraints_check} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) -@var{nc}: the extracted name constraints +@var{nc}: the extracted name constraints structure @var{type}: the type of the constraint to check (of type gnutls_x509_subject_alt_name_t) diff --git a/doc/functions/gnutls_x509_name_constraints_check_crt b/doc/functions/gnutls_x509_name_constraints_check_crt index 060ae0c..f248056 100644 --- a/doc/functions/gnutls_x509_name_constraints_check_crt +++ b/doc/functions/gnutls_x509_name_constraints_check_crt @@ -3,7 +3,7 @@ @deftypefun {unsigned} {gnutls_x509_name_constraints_check_crt} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, gnutls_x509_crt_t @var{cert}) -@var{nc}: the extracted name constraints +@var{nc}: the extracted name constraints structure @var{type}: the type of the constraint to check (of type gnutls_x509_subject_alt_name_t) diff --git a/doc/functions/gnutls_x509_name_constraints_deinit b/doc/functions/gnutls_x509_name_constraints_deinit index c6ca5fe..ffd07ca 100644 --- a/doc/functions/gnutls_x509_name_constraints_deinit +++ b/doc/functions/gnutls_x509_name_constraints_deinit @@ -3,9 +3,9 @@ @deftypefun {void} {gnutls_x509_name_constraints_deinit} (gnutls_x509_name_constraints_t @var{nc}) -@var{nc}: The nameconstraints +@var{nc}: The nameconstraints structure -This function will deinitialize a name constraints type. +This function will deinitialize a name constraints structure. @strong{Since:} 3.3.0 @end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_get_excluded b/doc/functions/gnutls_x509_name_constraints_get_excluded index ef5c97b..2f8467f 100644 --- a/doc/functions/gnutls_x509_name_constraints_get_excluded +++ b/doc/functions/gnutls_x509_name_constraints_get_excluded @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_name_constraints_get_excluded} (gnutls_x509_name_constraints_t @var{nc}, unsigned @var{idx}, unsigned * @var{type}, gnutls_datum_t * @var{name}) -@var{nc}: the extracted name constraints +@var{nc}: the extracted name constraints structure @var{idx}: the index of the constraint @@ -11,7 +11,7 @@ @var{name}: the name in the constraint (of the specific type) -This function will return an intermediate type containing +This function will return an intermediate structure containing the name constraints of the provided CA certificate. That structure can be used in combination with @code{gnutls_x509_name_constraints_check()} to verify whether a server's name is in accordance with the constraints. diff --git a/doc/functions/gnutls_x509_name_constraints_get_permitted b/doc/functions/gnutls_x509_name_constraints_get_permitted index 9959cd2..78611e5 100644 --- a/doc/functions/gnutls_x509_name_constraints_get_permitted +++ b/doc/functions/gnutls_x509_name_constraints_get_permitted @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_name_constraints_get_permitted} (gnutls_x509_name_constraints_t @var{nc}, unsigned @var{idx}, unsigned * @var{type}, gnutls_datum_t * @var{name}) -@var{nc}: the extracted name constraints +@var{nc}: the extracted name constraints structure @var{idx}: the index of the constraint @@ -11,7 +11,7 @@ @var{name}: the name in the constraint (of the specific type) -This function will return an intermediate type containing +This function will return an intermediate structure containing the name constraints of the provided CA certificate. That structure can be used in combination with @code{gnutls_x509_name_constraints_check()} to verify whether a server's name is in accordance with the constraints. diff --git a/doc/functions/gnutls_x509_name_constraints_init b/doc/functions/gnutls_x509_name_constraints_init index 92969bb..d74b509 100644 --- a/doc/functions/gnutls_x509_name_constraints_init +++ b/doc/functions/gnutls_x509_name_constraints_init @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_x509_name_constraints_init} (gnutls_x509_name_constraints_t * @var{nc}) -@var{nc}: The nameconstraints +@var{nc}: The nameconstraints structure -This function will initialize a name constraints type. +This function will initialize a name constraints structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_othername_to_virtual b/doc/functions/gnutls_x509_othername_to_virtual deleted file mode 100644 index 303357a..0000000 --- a/doc/functions/gnutls_x509_othername_to_virtual +++ /dev/null @@ -1,20 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_othername_to_virtual} (const char * @var{oid}, const gnutls_datum_t * @var{othername}, unsigned int * @var{virt_type}, gnutls_datum_t * @var{virt}) -@var{oid}: The othername object identifier - -@var{othername}: The othername data - -@var{virt_type}: GNUTLS_SAN_OTHERNAME_XXX - -@var{virt}: allocated printable data - -This function will parse and convert the othername data to a virtual -type supported by gnutls. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. - -@strong{Since:} 3.3.8 -@end deftypefun diff --git a/doc/functions/gnutls_x509_othername_to_virtual.short b/doc/functions/gnutls_x509_othername_to_virtual.short deleted file mode 100644 index 13b4a64..0000000 --- a/doc/functions/gnutls_x509_othername_to_virtual.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_othername_to_virtual} (const char * @var{oid}, const gnutls_datum_t * @var{othername}, unsigned int * @var{virt_type}, gnutls_datum_t * @var{virt}) diff --git a/doc/functions/gnutls_x509_policies_deinit b/doc/functions/gnutls_x509_policies_deinit index 9501d42..658c3da 100644 --- a/doc/functions/gnutls_x509_policies_deinit +++ b/doc/functions/gnutls_x509_policies_deinit @@ -3,9 +3,9 @@ @deftypefun {void} {gnutls_x509_policies_deinit} (gnutls_x509_policies_t @var{policies}) -@var{policies}: The authority key identifier +@var{policies}: The authority key identifier structure -This function will deinitialize an authority key identifier type. +This function will deinitialize an authority key identifier structure. @strong{Since:} 3.3.0 @end deftypefun diff --git a/doc/functions/gnutls_x509_policies_get b/doc/functions/gnutls_x509_policies_get index 97d9413..068a241 100644 --- a/doc/functions/gnutls_x509_policies_get +++ b/doc/functions/gnutls_x509_policies_get @@ -3,14 +3,14 @@ @deftypefun {int} {gnutls_x509_policies_get} (gnutls_x509_policies_t @var{policies}, unsigned int @var{seq}, struct gnutls_x509_policy_st * @var{policy}) -@var{policies}: The policies +@var{policies}: The policies structure @var{seq}: The index of the name to get @var{policy}: Will hold the policy This function will return a specific policy as stored in -the @code{policies} type. The returned values should be treated as constant +the @code{policies} structure. The returned values should be treated as constant and valid for the lifetime of @code{policies} . @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} diff --git a/doc/functions/gnutls_x509_policies_init b/doc/functions/gnutls_x509_policies_init index fd91d7f..2d55348 100644 --- a/doc/functions/gnutls_x509_policies_init +++ b/doc/functions/gnutls_x509_policies_init @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_x509_policies_init} (gnutls_x509_policies_t * @var{policies}) -@var{policies}: The authority key ID +@var{policies}: The authority key ID structure -This function will initialize an authority key ID type. +This function will initialize an authority key ID structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_policies_set b/doc/functions/gnutls_x509_policies_set index 7d05085..be8eee2 100644 --- a/doc/functions/gnutls_x509_policies_set +++ b/doc/functions/gnutls_x509_policies_set @@ -3,12 +3,12 @@ @deftypefun {int} {gnutls_x509_policies_set} (gnutls_x509_policies_t @var{policies}, const struct gnutls_x509_policy_st * @var{policy}) -@var{policies}: An initialized policies +@var{policies}: An initialized policies structure @var{policy}: Contains the policy to set This function will store the specified policy in -the provided @code{policies} . +the provided @code{policies} structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_privkey_deinit b/doc/functions/gnutls_x509_privkey_deinit index ca8a33b..14c58b3 100644 --- a/doc/functions/gnutls_x509_privkey_deinit +++ b/doc/functions/gnutls_x509_privkey_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_x509_privkey_deinit} (gnutls_x509_privkey_t @var{key}) -@var{key}: The key to be deinitialized +@var{key}: The structure to be deinitialized This function will deinitialize a private key structure. @end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export_dsa_raw b/doc/functions/gnutls_x509_privkey_export_dsa_raw index 8cfe3b7..1c8ddb7 100644 --- a/doc/functions/gnutls_x509_privkey_export_dsa_raw +++ b/doc/functions/gnutls_x509_privkey_export_dsa_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_export_dsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}) -@var{key}: a key +@var{key}: a structure that holds the DSA parameters @var{p}: will hold the p diff --git a/doc/functions/gnutls_x509_privkey_export_ecc_raw b/doc/functions/gnutls_x509_privkey_export_ecc_raw index 9cb7f5a..48995c2 100644 --- a/doc/functions/gnutls_x509_privkey_export_ecc_raw +++ b/doc/functions/gnutls_x509_privkey_export_ecc_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_export_ecc_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}) -@var{key}: a key +@var{key}: a structure that holds the rsa parameters @var{curve}: will hold the curve diff --git a/doc/functions/gnutls_x509_privkey_export_rsa_raw b/doc/functions/gnutls_x509_privkey_export_rsa_raw index ff6426f..311c232 100644 --- a/doc/functions/gnutls_x509_privkey_export_rsa_raw +++ b/doc/functions/gnutls_x509_privkey_export_rsa_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_export_rsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}) -@var{key}: a key +@var{key}: a structure that holds the rsa parameters @var{m}: will hold the modulus diff --git a/doc/functions/gnutls_x509_privkey_export_rsa_raw2 b/doc/functions/gnutls_x509_privkey_export_rsa_raw2 index bd42141..144fe8a 100644 --- a/doc/functions/gnutls_x509_privkey_export_rsa_raw2 +++ b/doc/functions/gnutls_x509_privkey_export_rsa_raw2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_export_rsa_raw2} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}) -@var{key}: a key +@var{key}: a structure that holds the rsa parameters @var{m}: will hold the modulus diff --git a/doc/functions/gnutls_x509_privkey_fix b/doc/functions/gnutls_x509_privkey_fix index 2c40b95..f3434f6 100644 --- a/doc/functions/gnutls_x509_privkey_fix +++ b/doc/functions/gnutls_x509_privkey_fix @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_fix} (gnutls_x509_privkey_t @var{key}) -@var{key}: a key +@var{key}: Holds the key This function will recalculate the secondary parameters in a key. In RSA keys, this can be the coefficient and exponent1,2. diff --git a/doc/functions/gnutls_x509_privkey_generate b/doc/functions/gnutls_x509_privkey_generate index dbc83c3..0cd5b50 100644 --- a/doc/functions/gnutls_x509_privkey_generate +++ b/doc/functions/gnutls_x509_privkey_generate @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_generate} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}) -@var{key}: a key +@var{key}: should contain a @code{gnutls_x509_privkey_t} structure @var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} . diff --git a/doc/functions/gnutls_x509_privkey_get_key_id b/doc/functions/gnutls_x509_privkey_get_key_id index b09b3d4..d3be153 100644 --- a/doc/functions/gnutls_x509_privkey_get_key_id +++ b/doc/functions/gnutls_x509_privkey_get_key_id @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_x509_privkey_get_key_id} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) -@var{key}: a key +@var{key}: Holds the key -@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} +@var{flags}: should be 0 for now @var{output_data}: will contain the key ID diff --git a/doc/functions/gnutls_x509_privkey_get_pk_algorithm b/doc/functions/gnutls_x509_privkey_get_pk_algorithm index ee56bfb..550eb60 100644 --- a/doc/functions/gnutls_x509_privkey_get_pk_algorithm +++ b/doc/functions/gnutls_x509_privkey_get_pk_algorithm @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_get_pk_algorithm} (gnutls_x509_privkey_t @var{key}) -@var{key}: should contain a @code{gnutls_x509_privkey_t} type +@var{key}: should contain a @code{gnutls_x509_privkey_t} structure This function will return the public key algorithm of a private key. diff --git a/doc/functions/gnutls_x509_privkey_get_pk_algorithm2 b/doc/functions/gnutls_x509_privkey_get_pk_algorithm2 index c2401b5..aff3161 100644 --- a/doc/functions/gnutls_x509_privkey_get_pk_algorithm2 +++ b/doc/functions/gnutls_x509_privkey_get_pk_algorithm2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_get_pk_algorithm2} (gnutls_x509_privkey_t @var{key}, unsigned int * @var{bits}) -@var{key}: should contain a @code{gnutls_x509_privkey_t} type +@var{key}: should contain a @code{gnutls_x509_privkey_t} structure @var{bits}: The number of bits in the public key algorithm diff --git a/doc/functions/gnutls_x509_privkey_import b/doc/functions/gnutls_x509_privkey_import index 1893d8c..55a36d8 100644 --- a/doc/functions/gnutls_x509_privkey_import +++ b/doc/functions/gnutls_x509_privkey_import @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_import} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) -@var{key}: The data to store the parsed key +@var{key}: The structure to store the parsed key @var{data}: The DER or PEM encoded certificate. diff --git a/doc/functions/gnutls_x509_privkey_import2 b/doc/functions/gnutls_x509_privkey_import2 index a9d8f83..ec6578c 100644 --- a/doc/functions/gnutls_x509_privkey_import2 +++ b/doc/functions/gnutls_x509_privkey_import2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_import2} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) -@var{key}: The data to store the parsed key +@var{key}: The structure to store the parsed key @var{data}: The DER or PEM encoded key. @@ -21,8 +21,7 @@ The supported formats are basic unencrypted key, PKCS8, PKCS12, and the openssl format. If the provided key is encrypted but no password was given, then -@code{GNUTLS_E_DECRYPTION_FAILED} is returned. Since GnuTLS 3.4.0 this -function will utilize the PIN callbacks if any. +@code{GNUTLS_E_DECRYPTION_FAILED} is returned. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_privkey_import_dsa_raw b/doc/functions/gnutls_x509_privkey_import_dsa_raw index b1ce659..13d37d7 100644 --- a/doc/functions/gnutls_x509_privkey_import_dsa_raw +++ b/doc/functions/gnutls_x509_privkey_import_dsa_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_import_dsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x}) -@var{key}: The data to store the parsed key +@var{key}: The structure to store the parsed key @var{p}: holds the p diff --git a/doc/functions/gnutls_x509_privkey_import_ecc_raw b/doc/functions/gnutls_x509_privkey_import_ecc_raw index 6c14b7f..d281af1 100644 --- a/doc/functions/gnutls_x509_privkey_import_ecc_raw +++ b/doc/functions/gnutls_x509_privkey_import_ecc_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_import_ecc_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) -@var{key}: The data to store the parsed key +@var{key}: The structure to store the parsed key @var{curve}: holds the curve diff --git a/doc/functions/gnutls_x509_privkey_import_openssl b/doc/functions/gnutls_x509_privkey_import_openssl index 53dd7fd..263a5ea 100644 --- a/doc/functions/gnutls_x509_privkey_import_openssl +++ b/doc/functions/gnutls_x509_privkey_import_openssl @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_import_openssl} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, const char * @var{password}) -@var{key}: The data to store the parsed key +@var{key}: The structure to store the parsed key @var{data}: The DER or PEM encoded key. diff --git a/doc/functions/gnutls_x509_privkey_import_pkcs8 b/doc/functions/gnutls_x509_privkey_import_pkcs8 index f64fd99..983dab5 100644 --- a/doc/functions/gnutls_x509_privkey_import_pkcs8 +++ b/doc/functions/gnutls_x509_privkey_import_pkcs8 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_import_pkcs8} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) -@var{key}: The data to store the parsed key +@var{key}: The structure to store the parsed key @var{data}: The DER or PEM encoded key. diff --git a/doc/functions/gnutls_x509_privkey_import_rsa_raw b/doc/functions/gnutls_x509_privkey_import_rsa_raw index 7d2af3e..8e92372 100644 --- a/doc/functions/gnutls_x509_privkey_import_rsa_raw +++ b/doc/functions/gnutls_x509_privkey_import_rsa_raw @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_import_rsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}) -@var{key}: The data to store the parsed key +@var{key}: The structure to store the parsed key @var{m}: holds the modulus diff --git a/doc/functions/gnutls_x509_privkey_import_rsa_raw2 b/doc/functions/gnutls_x509_privkey_import_rsa_raw2 index 243a15b..bb21cab 100644 --- a/doc/functions/gnutls_x509_privkey_import_rsa_raw2 +++ b/doc/functions/gnutls_x509_privkey_import_rsa_raw2 @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_import_rsa_raw2} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}, const gnutls_datum_t * @var{e1}, const gnutls_datum_t * @var{e2}) -@var{key}: The data to store the parsed key +@var{key}: The structure to store the parsed key @var{m}: holds the modulus diff --git a/doc/functions/gnutls_x509_privkey_init b/doc/functions/gnutls_x509_privkey_init index bd63c46..064b091 100644 --- a/doc/functions/gnutls_x509_privkey_init +++ b/doc/functions/gnutls_x509_privkey_init @@ -3,9 +3,9 @@ @deftypefun {int} {gnutls_x509_privkey_init} (gnutls_x509_privkey_t * @var{key}) -@var{key}: A pointer to the type to be initialized +@var{key}: The structure to be initialized -This function will initialize a private key type. +This function will initialize an private key structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_privkey_sec_param b/doc/functions/gnutls_x509_privkey_sec_param index 05a3fa6..8416667 100644 --- a/doc/functions/gnutls_x509_privkey_sec_param +++ b/doc/functions/gnutls_x509_privkey_sec_param @@ -3,7 +3,7 @@ @deftypefun {gnutls_sec_param_t} {gnutls_x509_privkey_sec_param} (gnutls_x509_privkey_t @var{key}) -@var{key}: a key +@var{key}: a key structure This function will return the security parameter appropriate with this private key. diff --git a/doc/functions/gnutls_x509_privkey_set_pin_function b/doc/functions/gnutls_x509_privkey_set_pin_function deleted file mode 100644 index 24f4734..0000000 --- a/doc/functions/gnutls_x509_privkey_set_pin_function +++ /dev/null @@ -1,19 +0,0 @@ - - - - -@deftypefun {void} {gnutls_x509_privkey_set_pin_function} (gnutls_x509_privkey_t @var{privkey}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) -@var{privkey}: The certificate structure - -@var{fn}: the callback - -@var{userdata}: data associated with the callback - -This function will set a callback function to be used when -it is required to access a protected object. This function overrides -the global function set using @code{gnutls_pkcs11_set_pin_function()} . - -Note that this callback is used when decrypting a key. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_set_pin_function.short b/doc/functions/gnutls_x509_privkey_set_pin_function.short deleted file mode 100644 index eb34433..0000000 --- a/doc/functions/gnutls_x509_privkey_set_pin_function.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_x509_privkey_set_pin_function} (gnutls_x509_privkey_t @var{privkey}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_x509_privkey_sign_data b/doc/functions/gnutls_x509_privkey_sign_data index 241fb2b..b82b72c 100644 --- a/doc/functions/gnutls_x509_privkey_sign_data +++ b/doc/functions/gnutls_x509_privkey_sign_data @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_sign_data} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, void * @var{signature}, size_t * @var{signature_size}) -@var{key}: a key +@var{key}: Holds the key @var{digest}: should be MD5 or SHA1 @@ -30,4 +30,6 @@ the hash algorithm. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Deprecated:} Use @code{gnutls_privkey_sign_data()} . @end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_sign_hash b/doc/functions/gnutls_x509_privkey_sign_hash index 878cd27..b7d2c64 100644 --- a/doc/functions/gnutls_x509_privkey_sign_hash +++ b/doc/functions/gnutls_x509_privkey_sign_hash @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_sign_hash} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature}) -@var{key}: a key +@var{key}: Holds the key @var{hash}: holds the data to be signed diff --git a/doc/functions/gnutls_x509_privkey_verify_params b/doc/functions/gnutls_x509_privkey_verify_params index a44e6ba..c88f996 100644 --- a/doc/functions/gnutls_x509_privkey_verify_params +++ b/doc/functions/gnutls_x509_privkey_verify_params @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_privkey_verify_params} (gnutls_x509_privkey_t @var{key}) -@var{key}: a key +@var{key}: should contain a @code{gnutls_x509_privkey_t} structure This function will verify the private key parameters. diff --git a/doc/functions/gnutls_x509_trust_list_add_cas b/doc/functions/gnutls_x509_trust_list_add_cas index 4563a2e..461c6f9 100644 --- a/doc/functions/gnutls_x509_trust_list_add_cas +++ b/doc/functions/gnutls_x509_trust_list_add_cas @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_trust_list_add_cas} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crt_t * @var{clist}, unsigned @var{clist_size}, unsigned int @var{flags}) -@var{list}: The list +@var{list}: The structure of the list @var{clist}: A list of CAs diff --git a/doc/functions/gnutls_x509_trust_list_add_crls b/doc/functions/gnutls_x509_trust_list_add_crls index c7f6f04..33ace7c 100644 --- a/doc/functions/gnutls_x509_trust_list_add_crls +++ b/doc/functions/gnutls_x509_trust_list_add_crls @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_trust_list_add_crls} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crl_t * @var{crl_list}, int @var{crl_size}, unsigned int @var{flags}, unsigned int @var{verification_flags}) -@var{list}: The list +@var{list}: The structure of the list @var{crl_list}: A list of CRLs @@ -18,10 +18,7 @@ to the trusted list. The list of CRLs must not be deinitialized during this structure's lifetime. This function must be called after @code{gnutls_x509_trust_list_add_cas()} -to allow verifying the CRLs for validity. If the flag @code{GNUTLS_TL_NO_DUPLICATES} -is given, then any provided CRLs that are a duplicate, will be deinitialized -and not added to the list (that assumes that @code{gnutls_x509_trust_list_deinit()} -will be called with all=1). +to allow verifying the CRLs for validity. @strong{Returns:} The number of added elements is returned. diff --git a/doc/functions/gnutls_x509_trust_list_add_named_crt b/doc/functions/gnutls_x509_trust_list_add_named_crt index 9e3e275..561ee1a 100644 --- a/doc/functions/gnutls_x509_trust_list_add_named_crt +++ b/doc/functions/gnutls_x509_trust_list_add_named_crt @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_trust_list_add_named_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, const void * @var{name}, size_t @var{name_size}, unsigned int @var{flags}) -@var{list}: The list +@var{list}: The structure of the list @var{cert}: A certificate @@ -16,9 +16,7 @@ This function will add the given certificate to the trusted list and associate it with a name. The certificate will not be be used for verification with @code{gnutls_x509_trust_list_verify_crt()} -but with @code{gnutls_x509_trust_list_verify_named_crt()} or -@code{gnutls_x509_trust_list_verify_crt2()} - the latter only since -GnuTLS 3.4.0 and if a hostname is provided. +but only with @code{gnutls_x509_trust_list_verify_named_crt()} . In principle this function can be used to set individual "server" certificates that are trusted by the user for that specific server diff --git a/doc/functions/gnutls_x509_trust_list_add_system_trust b/doc/functions/gnutls_x509_trust_list_add_system_trust index 62e3ecd..0d5980f 100644 --- a/doc/functions/gnutls_x509_trust_list_add_system_trust +++ b/doc/functions/gnutls_x509_trust_list_add_system_trust @@ -10,11 +10,9 @@ @var{tl_vflags}: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL This function adds the system's default trusted certificate -authorities to the trusted list. Note that on unsupported systems +authorities to the trusted list. Note that on unsupported system this function returns @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . -This function implies the flag @code{GNUTLS_TL_NO_DUPLICATES} . - @strong{Returns:} The number of added elements or a negative error code on error. @strong{Since:} 3.1 diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_dir b/doc/functions/gnutls_x509_trust_list_add_trust_dir deleted file mode 100644 index 1899885..0000000 --- a/doc/functions/gnutls_x509_trust_list_add_trust_dir +++ /dev/null @@ -1,25 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_trust_list_add_trust_dir} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_dir}, const char * @var{crl_dir}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) -@var{list}: The list - -@var{ca_dir}: A directory containing the CAs (optional) - -@var{crl_dir}: A directory containing a list of CRLs (optional) - -@var{type}: The format of the certificates - -@var{tl_flags}: GNUTLS_TL_* - -@var{tl_vflags}: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL - -This function will add the given certificate authorities -to the trusted list. Only directories are accepted by -this function. - -@strong{Returns:} The number of added elements is returned. - -@strong{Since:} 3.3.6 -@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_dir.short b/doc/functions/gnutls_x509_trust_list_add_trust_dir.short deleted file mode 100644 index 5bcfc19..0000000 --- a/doc/functions/gnutls_x509_trust_list_add_trust_dir.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_trust_list_add_trust_dir} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_dir}, const char * @var{crl_dir}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_file b/doc/functions/gnutls_x509_trust_list_add_trust_file index baa408f..ee50e4e 100644 --- a/doc/functions/gnutls_x509_trust_list_add_trust_file +++ b/doc/functions/gnutls_x509_trust_list_add_trust_file @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_trust_list_add_trust_file} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_file}, const char * @var{crl_file}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) -@var{list}: The list +@var{list}: The structure of the list @var{ca_file}: A file containing a list of CAs (optional) @@ -16,11 +16,8 @@ @var{tl_vflags}: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL This function will add the given certificate authorities -to the trusted list. PKCS @code{11} URLs are also accepted, instead -of files, by this function. A PKCS @code{11} URL implies a trust -database (a specially marked module in p11-kit); the URL "pkcs11:" -implies all trust databases in the system. Only a single URL specifying -trust databases can be set; they cannot be stacked with multiple calls. +to the trusted list. pkcs11 URLs are also accepted, instead +of files, by this function. @strong{Returns:} The number of added elements is returned. diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_mem b/doc/functions/gnutls_x509_trust_list_add_trust_mem index 35f6212..6fa56f3 100644 --- a/doc/functions/gnutls_x509_trust_list_add_trust_mem +++ b/doc/functions/gnutls_x509_trust_list_add_trust_mem @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_trust_list_add_trust_mem} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{cas}, const gnutls_datum_t * @var{crls}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) -@var{list}: The list +@var{list}: The structure of the list @var{cas}: A buffer containing a list of CAs (optional) diff --git a/doc/functions/gnutls_x509_trust_list_deinit b/doc/functions/gnutls_x509_trust_list_deinit index 337e484..8a0e58d 100644 --- a/doc/functions/gnutls_x509_trust_list_deinit +++ b/doc/functions/gnutls_x509_trust_list_deinit @@ -3,7 +3,7 @@ @deftypefun {void} {gnutls_x509_trust_list_deinit} (gnutls_x509_trust_list_t @var{list}, unsigned int @var{all}) -@var{list}: The list to be deinitialized +@var{list}: The structure to be deinitialized @var{all}: if non-zero it will deinitialize all the certificates and CRLs contained in the structure. diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer b/doc/functions/gnutls_x509_trust_list_get_issuer index 0288c35..8ee9816 100644 --- a/doc/functions/gnutls_x509_trust_list_get_issuer +++ b/doc/functions/gnutls_x509_trust_list_get_issuer @@ -3,19 +3,16 @@ @deftypefun {int} {gnutls_x509_trust_list_get_issuer} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) -@var{list}: The list +@var{list}: The structure of the list @var{cert}: is the certificate to find issuer for @var{issuer}: Will hold the issuer if any. Should be treated as constant. -@var{flags}: Use zero or @code{GNUTLS_TL_GET_COPY} +@var{flags}: Use zero. -This function will find the issuer of the given certificate. -If the flag @code{GNUTLS_TL_GET_COPY} is specified a copy of the issuer -will be returned which must be freed using @code{gnutls_x509_crt_deinit()} . -Note that the flag @code{GNUTLS_TL_GET_COPY} is required for this function -to work with PKCS @code{11} trust lists in a thread-safe way. +This function will attempt to find the issuer of the +given certificate. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn b/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn deleted file mode 100644 index b2357a1..0000000 --- a/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn +++ /dev/null @@ -1,21 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_trust_list_get_issuer_by_dn} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{dn}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) -@var{list}: The list - -@var{dn}: is the issuer's DN - -@var{issuer}: Will hold the issuer if any. Should be deallocated after use. - -@var{flags}: Use zero - -This function will find the issuer with the given name, and -return a copy of the issuer, which must be freed using @code{gnutls_x509_crt_deinit()} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn.short b/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn.short deleted file mode 100644 index 275bed4..0000000 --- a/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_trust_list_get_issuer_by_dn} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{dn}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id b/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id deleted file mode 100644 index 1b999ed..0000000 --- a/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id +++ /dev/null @@ -1,23 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_trust_list_get_issuer_by_subject_key_id} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{dn}, const gnutls_datum_t * @var{spki}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) -@var{list}: The list - -@var{dn}: is the issuer's DN (may be @code{NULL} ) - -@var{spki}: is the subject key ID - -@var{issuer}: Will hold the issuer if any. Should be deallocated after use. - -@var{flags}: Use zero - -This function will find the issuer with the given name and subject key ID, and -return a copy of the issuer, which must be freed using @code{gnutls_x509_crt_deinit()} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.2 -@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id.short b/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id.short deleted file mode 100644 index 7eab909..0000000 --- a/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_trust_list_get_issuer_by_subject_key_id} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{dn}, const gnutls_datum_t * @var{spki}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_trust_list_init b/doc/functions/gnutls_x509_trust_list_init index b8ec0b3..75a3d6b 100644 --- a/doc/functions/gnutls_x509_trust_list_init +++ b/doc/functions/gnutls_x509_trust_list_init @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_trust_list_init} (gnutls_x509_trust_list_t * @var{list}, unsigned int @var{size}) -@var{list}: A pointer to the type to be initialized +@var{list}: The structure to be initialized @var{size}: The size of the internal hash table. Use (0) for default size. diff --git a/doc/functions/gnutls_x509_trust_list_iter_deinit b/doc/functions/gnutls_x509_trust_list_iter_deinit deleted file mode 100644 index 5dd7f01..0000000 --- a/doc/functions/gnutls_x509_trust_list_iter_deinit +++ /dev/null @@ -1,11 +0,0 @@ - - - - -@deftypefun {void} {gnutls_x509_trust_list_iter_deinit} (gnutls_x509_trust_list_iter_t @var{iter}) -@var{iter}: The iterator structure to be deinitialized - -This function will deinitialize an iterator structure. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_iter_deinit.short b/doc/functions/gnutls_x509_trust_list_iter_deinit.short deleted file mode 100644 index 0fbed15..0000000 --- a/doc/functions/gnutls_x509_trust_list_iter_deinit.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{void} @ref{gnutls_x509_trust_list_iter_deinit} (gnutls_x509_trust_list_iter_t @var{iter}) diff --git a/doc/functions/gnutls_x509_trust_list_iter_get_ca b/doc/functions/gnutls_x509_trust_list_iter_get_ca deleted file mode 100644 index ff059b6..0000000 --- a/doc/functions/gnutls_x509_trust_list_iter_get_ca +++ /dev/null @@ -1,26 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_trust_list_iter_get_ca} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_trust_list_iter_t * @var{iter}, gnutls_x509_crt_t * @var{crt}) -@var{list}: The list - -@var{iter}: A pointer to an iterator (initially the iterator should be @code{NULL} ) - -@var{crt}: where the certificate will be copied - -This function obtains a certificate in the trust list and advances the -iterator to the next certificate. The certificate returned in @code{crt} must be -deallocated with @code{gnutls_x509_crt_deinit()} . - -When past the last element is accessed @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} -is returned and the iterator is reset. - -After use, the iterator must be deinitialized usin -@code{gnutls_x509_trust_list_iter_deinit()} . - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. - -@strong{Since:} 3.4.0 -@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_iter_get_ca.short b/doc/functions/gnutls_x509_trust_list_iter_get_ca.short deleted file mode 100644 index 3adbd92..0000000 --- a/doc/functions/gnutls_x509_trust_list_iter_get_ca.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_trust_list_iter_get_ca} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_trust_list_iter_t * @var{iter}, gnutls_x509_crt_t * @var{crt}) diff --git a/doc/functions/gnutls_x509_trust_list_remove_cas b/doc/functions/gnutls_x509_trust_list_remove_cas index 63098e7..d6cde22 100644 --- a/doc/functions/gnutls_x509_trust_list_remove_cas +++ b/doc/functions/gnutls_x509_trust_list_remove_cas @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_trust_list_remove_cas} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crt_t * @var{clist}, int @var{clist_size}) -@var{list}: The list +@var{list}: The structure of the list @var{clist}: A list of CAs diff --git a/doc/functions/gnutls_x509_trust_list_remove_trust_file b/doc/functions/gnutls_x509_trust_list_remove_trust_file index 22c1a4d..968c4b5 100644 --- a/doc/functions/gnutls_x509_trust_list_remove_trust_file +++ b/doc/functions/gnutls_x509_trust_list_remove_trust_file @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_trust_list_remove_trust_file} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_file}, gnutls_x509_crt_fmt_t @var{type}) -@var{list}: The list +@var{list}: The structure of the list @var{ca_file}: A file containing a list of CAs diff --git a/doc/functions/gnutls_x509_trust_list_remove_trust_mem b/doc/functions/gnutls_x509_trust_list_remove_trust_mem index d7034be..8014b72 100644 --- a/doc/functions/gnutls_x509_trust_list_remove_trust_mem +++ b/doc/functions/gnutls_x509_trust_list_remove_trust_mem @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_trust_list_remove_trust_mem} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{cas}, gnutls_x509_crt_fmt_t @var{type}) -@var{list}: The list +@var{list}: The structure of the list @var{cas}: A buffer containing a list of CAs (optional) diff --git a/doc/functions/gnutls_x509_trust_list_verify_crt b/doc/functions/gnutls_x509_trust_list_verify_crt index f5a297d..ee50d48 100644 --- a/doc/functions/gnutls_x509_trust_list_verify_crt +++ b/doc/functions/gnutls_x509_trust_list_verify_crt @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_trust_list_verify_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t * @var{cert_list}, unsigned int @var{cert_list_size}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) -@var{list}: The list +@var{list}: The structure of the list @var{cert_list}: is the certificate list to be verified @@ -16,10 +16,13 @@ @var{func}: If non-null will be called on each chain element verification with the output. This function will try to verify the given certificate and return -its status. The @code{voutput} parameter will hold an OR'ed sequence of +its status. The @code{verify} parameter will hold an OR'ed sequence of @code{gnutls_certificate_status_t} flags. -The details of the verification are the same as in @code{gnutls_x509_trust_list_verify_crt2()} . +Additionally a certificate verification profile can be specified +from the ones in @code{gnutls_certificate_verification_profiles_t} by +ORing the result of @code{GNUTLS_PROFILE_TO_VFLAGS()} to the verification +flags. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. diff --git a/doc/functions/gnutls_x509_trust_list_verify_crt2 b/doc/functions/gnutls_x509_trust_list_verify_crt2 deleted file mode 100644 index 0d11c41..0000000 --- a/doc/functions/gnutls_x509_trust_list_verify_crt2 +++ /dev/null @@ -1,53 +0,0 @@ - - - - -@deftypefun {int} {gnutls_x509_trust_list_verify_crt2} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t * @var{cert_list}, unsigned int @var{cert_list_size}, gnutls_typed_vdata_st * @var{data}, unsigned int @var{elements}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) -@var{list}: The list - -@var{cert_list}: is the certificate list to be verified - -@var{cert_list_size}: is the certificate list size - -@var{data}: an array of typed data - -@var{elements}: the number of data elements - -@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. - -@var{voutput}: will hold the certificate verification output. - -@var{func}: If non-null will be called on each chain element verification with the output. - -This function will attempt to verify the given certificate and return -its status. The @code{voutput} parameter will hold an OR'ed sequence of -@code{gnutls_certificate_status_t} flags. When a chain of @code{cert_list_size} with -more than one certificates is provided, the verification status will apply -to the first certificate in the chain that failed verification. The -verification process starts from the end of the chain (from CA to end -certificate). - -Additionally a certificate verification profile can be specified -from the ones in @code{gnutls_certificate_verification_profiles_t} by -ORing the result of @code{GNUTLS_PROFILE_TO_VFLAGS()} to the verification -flags. - -The acceptable @code{data} types are @code{GNUTLS_DT_DNS_HOSTNAME} and @code{GNUTLS_DT_KEY_PURPOSE_OID} . -The former accepts as data a null-terminated hostname, and the latter a null-terminated -object identifier (e.g., @code{GNUTLS_KP_TLS_WWW_SERVER} ). -If a DNS hostname is provided then this function will compare -the hostname in the certificate against the given. If names do not match the -@code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will be set. In addition it -will consider certificates provided with @code{gnutls_x509_trust_list_add_named_crt()} . - -If a key purpose OID is provided and the end-certificate contains the extended key -usage PKIX extension, it will be required to match the provided OID -or be marked for any purpose, otherwise verification will fail with -@code{GNUTLS_CERT_PURPOSE_MISMATCH} status. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a -negative error value. Note that verification failure will not result to an -error code, only @code{voutput} will be updated. - -@strong{Since:} 3.3.8 -@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_verify_crt2.short b/doc/functions/gnutls_x509_trust_list_verify_crt2.short deleted file mode 100644 index 7c3b35b..0000000 --- a/doc/functions/gnutls_x509_trust_list_verify_crt2.short +++ /dev/null @@ -1 +0,0 @@ -@item @var{int} @ref{gnutls_x509_trust_list_verify_crt2} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t * @var{cert_list}, unsigned int @var{cert_list_size}, gnutls_typed_vdata_st * @var{data}, unsigned int @var{elements}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) diff --git a/doc/functions/gnutls_x509_trust_list_verify_named_crt b/doc/functions/gnutls_x509_trust_list_verify_named_crt index f116489..e76fde1 100644 --- a/doc/functions/gnutls_x509_trust_list_verify_named_crt +++ b/doc/functions/gnutls_x509_trust_list_verify_named_crt @@ -3,7 +3,7 @@ @deftypefun {int} {gnutls_x509_trust_list_verify_named_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, const void * @var{name}, size_t @var{name_size}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) -@var{list}: The list +@var{list}: The structure of the list @var{cert}: is the certificate to be verified @@ -18,10 +18,9 @@ @var{func}: If non-null will be called on each chain element verification with the output. This function will try to find a certificate that is associated with the provided -name --see @code{gnutls_x509_trust_list_add_named_crt()} . If a match is found the -certificate is considered valid. In addition to that this function will also -check CRLs. The @code{voutput} parameter will hold an OR'ed sequence of -@code{gnutls_certificate_status_t} flags. +name --see @code{gnutls_x509_trust_list_add_named_crt()} . If a match is found the certificate is considered valid. +In addition to that this function will also check CRLs. +The @code{voutput} parameter will hold an OR'ed sequence of @code{gnutls_certificate_status_t} flags. Additionally a certificate verification profile can be specified from the ones in @code{gnutls_certificate_verification_profiles_t} by diff --git a/doc/gnutls-api.texi b/doc/gnutls-api.texi index 16bb285..d64e9b5 100644 --- a/doc/gnutls-api.texi +++ b/doc/gnutls-api.texi @@ -2,7 +2,7 @@ @subheading gnutls_alert_get @anchor{gnutls_alert_get} @deftypefun {gnutls_alert_description_t} {gnutls_alert_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function will return the last alert number received. This function should be called when @code{GNUTLS_E_WARNING_ALERT_RECEIVED} or @@ -40,7 +40,7 @@ This function will return a string of the name of the alert. @subheading gnutls_alert_send @anchor{gnutls_alert_send} @deftypefun {int} {gnutls_alert_send} (gnutls_session_t @var{session}, gnutls_alert_level_t @var{level}, gnutls_alert_description_t @var{desc}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{level}: is the level of the alert @@ -62,7 +62,7 @@ an error code is returned. @subheading gnutls_alert_send_appropriate @anchor{gnutls_alert_send_appropriate} @deftypefun {int} {gnutls_alert_send_appropriate} (gnutls_session_t @var{session}, int @var{err}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{err}: is an integer @@ -83,7 +83,7 @@ an error code is returned. @subheading gnutls_alpn_get_selected_protocol @anchor{gnutls_alpn_get_selected_protocol} @deftypefun {int} {gnutls_alpn_get_selected_protocol} (gnutls_session_t @var{session}, gnutls_datum_t * @var{protocol}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{protocol}: will hold the protocol name @@ -91,19 +91,16 @@ This function allows you to get the negotiated protocol name. The returned protocol should be treated as opaque, constant value and only valid during the session life. -The selected protocol is the first supported by the list sent -by the client. - @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error code is returned. -Since 3.2.0 +Since 3.1.11 @end deftypefun @subheading gnutls_alpn_set_protocols @anchor{gnutls_alpn_set_protocols} @deftypefun {int} {gnutls_alpn_set_protocols} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{protocols}, unsigned @var{protocols_size}, unsigned int @var{flags}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{protocols}: is the protocol names to add. @@ -112,7 +109,7 @@ Since 3.2.0 @var{flags}: zero or @code{GNUTLS_ALPN_} * This function is to be used by both clients and servers, to declare -the supported ALPN protocols, which are used during negotiation with peer. +the supported ALPN protocols, which are used during peer negotiation. If @code{GNUTLS_ALPN_MAND} is specified the connection will be aborted if no matching ALPN protocol is found. @@ -120,13 +117,13 @@ if no matching ALPN protocol is found. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error code is returned. -Since 3.2.0 +Since 3.1.11 @end deftypefun @subheading gnutls_anon_allocate_client_credentials @anchor{gnutls_anon_allocate_client_credentials} @deftypefun {int} {gnutls_anon_allocate_client_credentials} (gnutls_anon_client_credentials_t * @var{sc}) -@var{sc}: is a pointer to a @code{gnutls_anon_client_credentials_t} type. +@var{sc}: is a pointer to a @code{gnutls_anon_client_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to allocate it. @@ -137,7 +134,7 @@ this helper function is provided in order to allocate it. @subheading gnutls_anon_allocate_server_credentials @anchor{gnutls_anon_allocate_server_credentials} @deftypefun {int} {gnutls_anon_allocate_server_credentials} (gnutls_anon_server_credentials_t * @var{sc}) -@var{sc}: is a pointer to a @code{gnutls_anon_server_credentials_t} type. +@var{sc}: is a pointer to a @code{gnutls_anon_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to allocate it. @@ -148,7 +145,7 @@ helper function is provided in order to allocate it. @subheading gnutls_anon_free_client_credentials @anchor{gnutls_anon_free_client_credentials} @deftypefun {void} {gnutls_anon_free_client_credentials} (gnutls_anon_client_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_anon_client_credentials_t} type. +@var{sc}: is a @code{gnutls_anon_client_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to free (deallocate) it. @@ -157,7 +154,7 @@ helper function is provided in order to free (deallocate) it. @subheading gnutls_anon_free_server_credentials @anchor{gnutls_anon_free_server_credentials} @deftypefun {void} {gnutls_anon_free_server_credentials} (gnutls_anon_server_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_anon_server_credentials_t} type. +@var{sc}: is a @code{gnutls_anon_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to free (deallocate) it. @@ -166,7 +163,7 @@ helper function is provided in order to free (deallocate) it. @subheading gnutls_anon_set_params_function @anchor{gnutls_anon_set_params_function} @deftypefun {void} {gnutls_anon_set_params_function} (gnutls_anon_server_credentials_t @var{res}, gnutls_params_function * @var{func}) -@var{res}: is a gnutls_anon_server_credentials_t type +@var{res}: is a gnutls_anon_server_credentials_t structure @var{func}: is the function to be called @@ -178,9 +175,9 @@ The callback should return @code{GNUTLS_E_SUCCESS} (0) on success. @subheading gnutls_anon_set_server_dh_params @anchor{gnutls_anon_set_server_dh_params} @deftypefun {void} {gnutls_anon_set_server_dh_params} (gnutls_anon_server_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) -@var{res}: is a gnutls_anon_server_credentials_t type +@var{res}: is a gnutls_anon_server_credentials_t structure -@var{dh_params}: The Diffie-Hellman parameters. +@var{dh_params}: is a structure that holds Diffie-Hellman parameters. This function will set the Diffie-Hellman parameters for an anonymous server to use. These parameters will be used in @@ -190,7 +187,7 @@ Anonymous Diffie-Hellman cipher suites. @subheading gnutls_anon_set_server_params_function @anchor{gnutls_anon_set_server_params_function} @deftypefun {void} {gnutls_anon_set_server_params_function} (gnutls_anon_server_credentials_t @var{res}, gnutls_params_function * @var{func}) -@var{res}: is a gnutls_certificate_credentials_t type +@var{res}: is a gnutls_certificate_credentials_t structure @var{func}: is the function to be called @@ -202,7 +199,7 @@ callback should return @code{GNUTLS_E_SUCCESS} (0) on success. @subheading gnutls_auth_client_get_type @anchor{gnutls_auth_client_get_type} @deftypefun {gnutls_credentials_type_t} {gnutls_auth_client_get_type} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Returns the type of credentials that were used for client authentication. The returned information is to be used to distinguish the function used @@ -215,7 +212,7 @@ schema, a @code{gnutls_credentials_type_t} type. @subheading gnutls_auth_get_type @anchor{gnutls_auth_get_type} @deftypefun {gnutls_credentials_type_t} {gnutls_auth_get_type} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Returns type of credentials for the current authentication schema. The returned information is to be used to distinguish the function used @@ -232,7 +229,7 @@ schema, a @code{gnutls_credentials_type_t} type. @subheading gnutls_auth_server_get_type @anchor{gnutls_auth_server_get_type} @deftypefun {gnutls_credentials_type_t} {gnutls_auth_server_get_type} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Returns the type of credentials that were used for server authentication. The returned information is to be used to distinguish the function used @@ -242,26 +239,10 @@ to access authentication data. schema, a @code{gnutls_credentials_type_t} type. @end deftypefun -@subheading gnutls_buffer_append_data -@anchor{gnutls_buffer_append_data} -@deftypefun {int} {gnutls_buffer_append_data} (gnutls_buffer_t @var{dest}, const void * @var{data}, size_t @var{data_size}) -@var{dest}: the buffer to append to - -@var{data}: the data - -@var{data_size}: the size of @code{data} - -Appends the provided @code{data} to the destination buffer. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_bye @anchor{gnutls_bye} @deftypefun {int} {gnutls_bye} (gnutls_session_t @var{session}, gnutls_close_request_t @var{how}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{how}: is an integer @@ -309,7 +290,7 @@ This is the creation time for openpgp keys. @subheading gnutls_certificate_allocate_credentials @anchor{gnutls_certificate_allocate_credentials} @deftypefun {int} {gnutls_certificate_allocate_credentials} (gnutls_certificate_credentials_t * @var{res}) -@var{res}: is a pointer to a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a pointer to a @code{gnutls_certificate_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to allocate it. @@ -343,7 +324,7 @@ This function will return the peer's certificate expiration time. @subheading gnutls_certificate_free_ca_names @anchor{gnutls_certificate_free_ca_names} @deftypefun {void} {gnutls_certificate_free_ca_names} (gnutls_certificate_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. This function will delete all the CA name in the given credentials. Clients may call this to save some memory since in @@ -359,7 +340,7 @@ clients. @subheading gnutls_certificate_free_cas @anchor{gnutls_certificate_free_cas} @deftypefun {void} {gnutls_certificate_free_cas} (gnutls_certificate_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. This function will delete all the CAs associated with the given credentials. Servers that do not use @@ -370,7 +351,7 @@ memory. @subheading gnutls_certificate_free_credentials @anchor{gnutls_certificate_free_credentials} @deftypefun {void} {gnutls_certificate_free_credentials} (gnutls_certificate_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to free (deallocate) it. @@ -383,7 +364,7 @@ function). @subheading gnutls_certificate_free_crls @anchor{gnutls_certificate_free_crls} @deftypefun {void} {gnutls_certificate_free_crls} (gnutls_certificate_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. This function will delete all the CRLs associated with the given credentials. @@ -392,7 +373,7 @@ with the given credentials. @subheading gnutls_certificate_free_keys @anchor{gnutls_certificate_free_keys} @deftypefun {void} {gnutls_certificate_free_keys} (gnutls_certificate_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. This function will delete all the keys and the certificates associated with the given credentials. This function must not be called when a @@ -402,7 +383,7 @@ TLS negotiation that uses the credentials is in progress. @subheading gnutls_certificate_get_crt_raw @anchor{gnutls_certificate_get_crt_raw} @deftypefun {int} {gnutls_certificate_get_crt_raw} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx1}, unsigned @var{idx2}, gnutls_datum_t * @var{cert}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. @var{idx1}: the index of the certificate if multiple are present @@ -425,18 +406,15 @@ is returned. @subheading gnutls_certificate_get_issuer @anchor{gnutls_certificate_get_issuer} @deftypefun {int} {gnutls_certificate_get_issuer} (gnutls_certificate_credentials_t @var{sc}, gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. @var{cert}: is the certificate to find issuer for @var{issuer}: Will hold the issuer if any. Should be treated as constant. -@var{flags}: Use zero or @code{GNUTLS_TL_GET_COPY} +@var{flags}: Use zero. This function will return the issuer of a given certificate. -As with @code{gnutls_x509_trust_list_get_issuer()} this function requires -the @code{GNUTLS_TL_GET_COPY} flag in order to operate with PKCS @code{11} trust -lists. In that case the issuer must be freed using @code{gnutls_x509_crt_deinit()} . @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. @@ -474,7 +452,7 @@ issuer's certificate, then the issuer's issuer etc. In case of OpenPGP keys a single key will be returned in raw format. -@strong{Returns:} a pointer to a @code{gnutls_datum_t} containing the peer's +@strong{Returns:} a pointer to a @code{gnutls_datum_t} containing our certificates, or @code{NULL} in case of an error or if no certificate was used. @end deftypefun @@ -495,80 +473,10 @@ an error code is returned. @strong{Since:} 3.1.3 @end deftypefun -@subheading gnutls_certificate_get_verify_flags -@anchor{gnutls_certificate_get_verify_flags} -@deftypefun {unsigned int} {gnutls_certificate_get_verify_flags} (gnutls_certificate_credentials_t @var{res}) -@var{res}: is a gnutls_certificate_credentials_t type - -Returns the verification flags set with -@code{gnutls_certificate_set_verify_flags()} . - -@strong{Returns:} The certificate verification flags used by @code{res} . - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_certificate_get_x509_crt -@anchor{gnutls_certificate_get_x509_crt} -@deftypefun {int} {gnutls_certificate_get_x509_crt} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_crt_t ** @var{crt_list}, unsigned * @var{crt_list_size}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. - -@var{index}: The index of the certificate list to obtain. - -@var{crt_list}: Where to store the certificate list. - -@var{crt_list_size}: Will hold the number of certificates. - -Obtains a X.509 certificate list that has been stored in @code{res} with one of -@code{gnutls_certificate_set_x509_key()} , @code{gnutls_certificate_set_key()} , -@code{gnutls_certificate_set_x509_key_file()} , -@code{gnutls_certificate_set_x509_key_file2()} , -@code{gnutls_certificate_set_x509_key_mem()} , or -@code{gnutls_certificate_set_x509_key_mem2()} . Each certificate in the returned -certificate list must be deallocated with @code{gnutls_x509_crt_deinit()} , and the -list itself must be freed with @code{gnutls_free()} . - -If there is no certificate with the given index, -@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. If the certificate -with the given index is not a X.509 certificate, @code{GNUTLS_E_INVALID_REQUEST} -is returned. The returned certificates must be deinitialized after -use, and the @code{crt_list} pointer must be freed using @code{gnutls_free()} . - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_certificate_get_x509_key -@anchor{gnutls_certificate_get_x509_key} -@deftypefun {int} {gnutls_certificate_get_x509_key} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_privkey_t * @var{key}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. - -@var{index}: The index of the key to obtain. - -@var{key}: Location to store the key. - -Obtains a X.509 private key that has been stored in @code{res} with one of -@code{gnutls_certificate_set_x509_key()} , @code{gnutls_certificate_set_key()} , -@code{gnutls_certificate_set_x509_key_file()} , -@code{gnutls_certificate_set_x509_key_file2()} , -@code{gnutls_certificate_set_x509_key_mem()} , or -@code{gnutls_certificate_set_x509_key_mem2()} . The returned key must be deallocated -with @code{gnutls_x509_privkey_deinit()} when no longer needed. - -If there is no key with the given index, -@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. If the key with the -given index is not a X.509 key, @code{GNUTLS_E_INVALID_REQUEST} is returned. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_certificate_send_x509_rdn_sequence @anchor{gnutls_certificate_send_x509_rdn_sequence} @deftypefun {void} {gnutls_certificate_send_x509_rdn_sequence} (gnutls_session_t @var{session}, int @var{status}) -@var{session}: a @code{gnutls_session_t} type. +@var{session}: is a pointer to a @code{gnutls_session_t} structure. @var{status}: is 0 or 1 @@ -585,7 +493,7 @@ methods other than certificate with X.509 certificates. @subheading gnutls_certificate_server_set_request @anchor{gnutls_certificate_server_set_request} @deftypefun {void} {gnutls_certificate_server_set_request} (gnutls_session_t @var{session}, gnutls_certificate_request_t @var{req}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{req}: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE @@ -599,9 +507,9 @@ function then the client will not be asked to send a certificate. @subheading gnutls_certificate_set_dh_params @anchor{gnutls_certificate_set_dh_params} @deftypefun {void} {gnutls_certificate_set_dh_params} (gnutls_certificate_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) -@var{res}: is a gnutls_certificate_credentials_t type +@var{res}: is a gnutls_certificate_credentials_t structure -@var{dh_params}: the Diffie-Hellman parameters. +@var{dh_params}: is a structure that holds Diffie-Hellman parameters. This function will set the Diffie-Hellman parameters for a certificate server to use. These parameters will be used in @@ -610,20 +518,6 @@ to the parameters are stored in the certificate handle, so you must not deallocate the parameters before the certificate is deallocated. @end deftypefun -@subheading gnutls_certificate_set_flags -@anchor{gnutls_certificate_set_flags} -@deftypefun {void} {gnutls_certificate_set_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) -@var{res}: is a gnutls_certificate_credentials_t type - -@var{flags}: are the flags of @code{gnutls_certificate_flags} type - -This function will set flags to tweak the operation of -the credentials structure. See the @code{gnutls_certificate_flags} enumerations -for more information on the available flags. - -@strong{Since:} 3.4.7 -@end deftypefun - @subheading gnutls_certificate_set_ocsp_status_request_file @anchor{gnutls_certificate_set_ocsp_status_request_file} @deftypefun {int} {gnutls_certificate_set_ocsp_status_request_file} (gnutls_certificate_credentials_t @var{sc}, const char * @var{response_file}, unsigned int @var{flags}) @@ -649,7 +543,7 @@ otherwise a negative error code is returned. @subheading gnutls_certificate_set_ocsp_status_request_function @anchor{gnutls_certificate_set_ocsp_status_request_function} @deftypefun {void} {gnutls_certificate_set_ocsp_status_request_function} (gnutls_certificate_credentials_t @var{sc}, gnutls_status_request_ocsp_func @var{ocsp_func}, void * @var{ptr}) -@var{sc}: is a @code{gnutls_certificate_credentials_t} type. +@var{sc}: is a @code{gnutls_certificate_credentials_t} structure. @var{ocsp_func}: function pointer to OCSP status request callback. @@ -680,7 +574,7 @@ otherwise a negative error code is returned. @subheading gnutls_certificate_set_params_function @anchor{gnutls_certificate_set_params_function} @deftypefun {void} {gnutls_certificate_set_params_function} (gnutls_certificate_credentials_t @var{res}, gnutls_params_function * @var{func}) -@var{res}: is a gnutls_certificate_credentials_t type +@var{res}: is a gnutls_certificate_credentials_t structure @var{func}: is the function to be called @@ -692,7 +586,7 @@ authentication. The callback should return @code{GNUTLS_E_SUCCESS} (0) on succ @subheading gnutls_certificate_set_pin_function @anchor{gnutls_certificate_set_pin_function} @deftypefun {void} {gnutls_certificate_set_pin_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) -@var{cred}: is a @code{gnutls_certificate_credentials_t} type. +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. @var{fn}: A PIN callback @@ -711,13 +605,12 @@ to have effect. @subheading gnutls_certificate_set_retrieve_function @anchor{gnutls_certificate_set_retrieve_function} @deftypefun {void} {gnutls_certificate_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function * @var{func}) -@var{cred}: is a @code{gnutls_certificate_credentials_t} type. +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. @var{func}: is the callback function This function sets a callback to be called in order to retrieve the -certificate to be used in the handshake. The callback will take control -only if a certificate is requested by the peer. You are advised +certificate to be used in the handshake. You are advised to use @code{gnutls_certificate_set_retrieve_function2()} because it is much more efficient in the processing it requires from gnutls. @@ -725,10 +618,10 @@ The callback's function prototype is: int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st); - @code{req_ca_dn} is only used in X.509 certificates. + @code{req_ca_cert} is only used in X.509 certificates. Contains a list with the CA names that the server considers trusted. -This is a hint and typically the client should send a certificate that is signed -by one of these CAs. These names, when available, are DER encoded. To get a more +Normally we should send a certificate that is signed +by one of these CAs. These names are DER encoded. To get a more meaningful value use the function @code{gnutls_x509_rdn_get()} . @code{pk_algos} contains a list with server's acceptable signature algorithms. @@ -744,9 +637,7 @@ In server side pk_algos and req_ca_dn are NULL. The callback function should set the certificate list to be sent, and return 0 on success. If no certificate was selected then the number of certificates should be set to zero. The value (-1) -indicates error and the handshake will be terminated. If both certificates -are set in the credentials and a callback is available, the callback -takes predence. +indicates error and the handshake will be terminated. @strong{Since:} 3.0 @end deftypefun @@ -754,7 +645,7 @@ takes predence. @subheading gnutls_certificate_set_verify_flags @anchor{gnutls_certificate_set_verify_flags} @deftypefun {void} {gnutls_certificate_set_verify_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) -@var{res}: is a gnutls_certificate_credentials_t type +@var{res}: is a gnutls_certificate_credentials_t structure @var{flags}: are the flags @@ -766,7 +657,7 @@ of certificates and override any defaults. The provided flags must be an OR of @subheading gnutls_certificate_set_verify_function @anchor{gnutls_certificate_set_verify_function} @deftypefun {void} {gnutls_certificate_set_verify_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_verify_function * @var{func}) -@var{cred}: is a @code{gnutls_certificate_credentials_t} type. +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. @var{func}: is the callback function @@ -792,7 +683,7 @@ or non-zero to terminate. @subheading gnutls_certificate_set_verify_limits @anchor{gnutls_certificate_set_verify_limits} @deftypefun {void} {gnutls_certificate_set_verify_limits} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{max_bits}, unsigned int @var{max_depth}) -@var{res}: is a gnutls_certificate_credentials type +@var{res}: is a gnutls_certificate_credentials structure @var{max_bits}: is the number of bits of an acceptable certificate (default 8200) @@ -807,7 +698,7 @@ limits. @subheading gnutls_certificate_set_x509_crl @anchor{gnutls_certificate_set_x509_crl} @deftypefun {int} {gnutls_certificate_set_x509_crl} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crl_t * @var{crl_list}, int @var{crl_list_size}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{crl_list}: is a list of trusted CRLs. They should have been verified before. @@ -827,7 +718,7 @@ multiple times. @subheading gnutls_certificate_set_x509_crl_file @anchor{gnutls_certificate_set_x509_crl_file} @deftypefun {int} {gnutls_certificate_set_x509_crl_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{crlfile}, gnutls_x509_crt_fmt_t @var{type}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{crlfile}: is a file containing the list of verified CRLs (DER or PEM list) @@ -845,7 +736,7 @@ This function may be called multiple times. @subheading gnutls_certificate_set_x509_crl_mem @anchor{gnutls_certificate_set_x509_crl_mem} @deftypefun {int} {gnutls_certificate_set_x509_crl_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{CRL}, gnutls_x509_crt_fmt_t @var{type}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{CRL}: is a list of trusted CRLs. They should have been verified before. @@ -863,7 +754,7 @@ multiple times. @subheading gnutls_certificate_set_x509_key @anchor{gnutls_certificate_set_x509_key} @deftypefun {int} {gnutls_certificate_set_x509_key} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crt_t * @var{cert_list}, int @var{cert_list_size}, gnutls_x509_privkey_t @var{key}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{cert_list}: contains a certificate list (path) for the specified private key @@ -872,7 +763,7 @@ multiple times. @var{key}: is a @code{gnutls_x509_privkey_t} key This function sets a certificate/private key pair in the -gnutls_certificate_credentials_t type. This function may be +gnutls_certificate_credentials_t structure. This function may be called more than once, in case multiple keys/certificates exist for the server. For clients that wants to send more than their own end entity certificate (e.g., also an intermediate CA cert) then put @@ -881,9 +772,6 @@ the certificate chain in @code{cert_list} . Note that the certificates and keys provided, can be safely deinitialized after this function is called. -If that function fails to load the @code{res} type is at an undefined state, it must -not be reused to load other keys or certificates. - @strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. @strong{Since:} 2.4.0 @@ -892,7 +780,7 @@ not be reused to load other keys or certificates. @subheading gnutls_certificate_set_x509_key_file @anchor{gnutls_certificate_set_x509_key_file} @deftypefun {int} {gnutls_certificate_set_x509_key_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{certfile}: is a file that containing the certificate list (path) for the specified private key, in PKCS7 format, or a list of certificates @@ -902,7 +790,7 @@ the specified private key, in PKCS7 format, or a list of certificates @var{type}: is PEM or DER This function sets a certificate/private key pair in the -gnutls_certificate_credentials_t type. This function may be +gnutls_certificate_credentials_t structure. This function may be called more than once, in case multiple keys/certificates exist for the server. For clients that need to send more than its own end entity certificate, e.g., also an intermediate CA cert, then the @@ -913,24 +801,19 @@ when selecting the appropriate certificate to use (in case of multiple certificate/key pairs). This function can also accept URLs at @code{keyfile} and @code{certfile} . In that case it -will use the private key and certificate indicated by the URLs. Note +will import the private key and certificate indicated by the URLs. Note that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . In case the @code{certfile} is provided as a PKCS @code{11} URL, then the certificate, and its -present issuers in the token are imported (i.e., forming the required trust chain). - -If that function fails to load the @code{res} structure is at an undefined state, it must -not be reused to load other keys or certificates. +present issuers in the token are are imported (i.e., the required trust chain). @strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. - -@strong{Since:} 3.1.11 @end deftypefun @subheading gnutls_certificate_set_x509_key_file2 @anchor{gnutls_certificate_set_x509_key_file2} @deftypefun {int} {gnutls_certificate_set_x509_key_file2} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{certfile}: is a file that containing the certificate list (path) for the specified private key, in PKCS7 format, or a list of certificates @@ -944,7 +827,7 @@ the specified private key, in PKCS7 format, or a list of certificates @var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t This function sets a certificate/private key pair in the -gnutls_certificate_credentials_t type. This function may be +gnutls_certificate_credentials_t structure. This function may be called more than once, in case multiple keys/certificates exist for the server. For clients that need to send more than its own end entity certificate, e.g., also an intermediate CA cert, then the @@ -955,16 +838,11 @@ when selecting the appropriate certificate to use (in case of multiple certificate/key pairs). This function can also accept URLs at @code{keyfile} and @code{certfile} . In that case it -will use the private key and certificate indicated by the URLs. Note +will import the private key and certificate indicated by the URLs. Note that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . -Before GnuTLS 3.4.0 when a URL was specified, the @code{pass} part was ignored and a -PIN callback had to be registered, this is no longer the case in current releases. In case the @code{certfile} is provided as a PKCS @code{11} URL, then the certificate, and its -present issuers in the token are imported (i.e., forming the required trust chain). - -If that function fails to load the @code{res} structure is at an undefined state, it must -not be reused to load other keys or certificates. +present issuers in the token are are imported (i.e., the required trust chain). @strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. @end deftypefun @@ -972,7 +850,7 @@ not be reused to load other keys or certificates. @subheading gnutls_certificate_set_x509_key_mem @anchor{gnutls_certificate_set_x509_key_mem} @deftypefun {int} {gnutls_certificate_set_x509_key_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{cert}, const gnutls_datum_t * @var{key}, gnutls_x509_crt_fmt_t @var{type}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{cert}: contains a certificate list (path) for the specified private key @@ -981,7 +859,7 @@ not be reused to load other keys or certificates. @var{type}: is PEM or DER This function sets a certificate/private key pair in the -gnutls_certificate_credentials_t type. This function may be called +gnutls_certificate_credentials_t structure. This function may be called more than once, in case multiple keys/certificates exist for the server. @@ -1001,7 +879,7 @@ The @code{key} may be @code{NULL} if you are using a sign callback, see @subheading gnutls_certificate_set_x509_key_mem2 @anchor{gnutls_certificate_set_x509_key_mem2} @deftypefun {int} {gnutls_certificate_set_x509_key_mem2} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{cert}, const gnutls_datum_t * @var{key}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{cert}: contains a certificate list (path) for the specified private key @@ -1014,7 +892,7 @@ The @code{key} may be @code{NULL} if you are using a sign callback, see @var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t This function sets a certificate/private key pair in the -gnutls_certificate_credentials_t type. This function may be called +gnutls_certificate_credentials_t structure. This function may be called more than once, in case multiple keys/certificates exist for the server. @@ -1034,7 +912,7 @@ The @code{key} may be @code{NULL} if you are using a sign callback, see @subheading gnutls_certificate_set_x509_simple_pkcs12_file @anchor{gnutls_certificate_set_x509_simple_pkcs12_file} @deftypefun {int} {gnutls_certificate_set_x509_simple_pkcs12_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{pkcs12file}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{password}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{pkcs12file}: filename of file containing PKCS@code{12} blob. @@ -1043,7 +921,7 @@ The @code{key} may be @code{NULL} if you are using a sign callback, see @var{password}: optional password used to decrypt PKCS@code{12} file, bags and keys. This function sets a certificate/private key pair and/or a CRL in -the gnutls_certificate_credentials_t type. This function may +the gnutls_certificate_credentials_t structure. This function may be called more than once (in case multiple keys/certificates exist for the server). @@ -1072,7 +950,7 @@ all. @subheading gnutls_certificate_set_x509_simple_pkcs12_mem @anchor{gnutls_certificate_set_x509_simple_pkcs12_mem} @deftypefun {int} {gnutls_certificate_set_x509_simple_pkcs12_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{p12blob}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{password}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{p12blob}: the PKCS@code{12} blob. @@ -1081,7 +959,7 @@ all. @var{password}: optional password used to decrypt PKCS@code{12} file, bags and keys. This function sets a certificate/private key pair and/or a CRL in -the gnutls_certificate_credentials_t type. This function may +the gnutls_certificate_credentials_t structure. This function may be called more than once (in case multiple keys/certificates exist for the server). @@ -1111,7 +989,7 @@ all. @subheading gnutls_certificate_set_x509_system_trust @anchor{gnutls_certificate_set_x509_system_trust} @deftypefun {int} {gnutls_certificate_set_x509_system_trust} (gnutls_certificate_credentials_t @var{cred}) -@var{cred}: is a @code{gnutls_certificate_credentials_t} type. +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. This function adds the system's default trusted CAs in order to verify client or server certificates. @@ -1128,7 +1006,7 @@ on error. @subheading gnutls_certificate_set_x509_trust @anchor{gnutls_certificate_set_x509_trust} @deftypefun {int} {gnutls_certificate_set_x509_trust} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crt_t * @var{ca_list}, int @var{ca_list_size}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{ca_list}: is a list of trusted CAs @@ -1150,29 +1028,10 @@ on error. @strong{Since:} 2.4.0 @end deftypefun -@subheading gnutls_certificate_set_x509_trust_dir -@anchor{gnutls_certificate_set_x509_trust_dir} -@deftypefun {int} {gnutls_certificate_set_x509_trust_dir} (gnutls_certificate_credentials_t @var{cred}, const char * @var{ca_dir}, gnutls_x509_crt_fmt_t @var{type}) -@var{cred}: is a @code{gnutls_certificate_credentials_t} type. - -@var{ca_dir}: is a directory containing the list of trusted CAs (DER or PEM list) - -@var{type}: is PEM or DER - -This function adds the trusted CAs present in the directory in order to -verify client or server certificates. This function is identical -to @code{gnutls_certificate_set_x509_trust_file()} but loads all certificates -in a directory. - -@strong{Returns:} the number of certificates processed - -@strong{Since:} 3.3.6 -@end deftypefun - @subheading gnutls_certificate_set_x509_trust_file @anchor{gnutls_certificate_set_x509_trust_file} @deftypefun {int} {gnutls_certificate_set_x509_trust_file} (gnutls_certificate_credentials_t @var{cred}, const char * @var{cafile}, gnutls_x509_crt_fmt_t @var{type}) -@var{cred}: is a @code{gnutls_certificate_credentials_t} type. +@var{cred}: is a @code{gnutls_certificate_credentials_t} structure. @var{cafile}: is a file containing the list of trusted CAs (DER or PEM list) @@ -1192,13 +1051,14 @@ This function can also accept URLs. In that case it will import all certificates that are marked as trusted. Note that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . -@strong{Returns:} the number of certificates processed +@strong{Returns:} number of certificates processed, or a negative error code on +error. @end deftypefun @subheading gnutls_certificate_set_x509_trust_mem @anchor{gnutls_certificate_set_x509_trust_mem} @deftypefun {int} {gnutls_certificate_set_x509_trust_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{ca}, gnutls_x509_crt_fmt_t @var{type}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type. +@var{res}: is a @code{gnutls_certificate_credentials_t} structure. @var{ca}: is a list of trusted CAs or a DER certificate @@ -1221,7 +1081,7 @@ on error. @subheading gnutls_certificate_type_get @anchor{gnutls_certificate_type_get} @deftypefun {gnutls_certificate_type_t} {gnutls_certificate_type_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. The certificate type is by default X.509, unless it is negotiated as a TLS extension. @@ -1303,19 +1163,18 @@ The default verification flags used by this function can be overridden using @code{gnutls_certificate_set_verify_flags()} . See the documentation of @code{gnutls_certificate_verify_peers2()} for details in the verification process. -The acceptable @code{data} types are @code{GNUTLS_DT_DNS_HOSTNAME} , @code{GNUTLS_DT_RFC822NAME} and @code{GNUTLS_DT_KEY_PURPOSE_OID} . -The former two accept as data a null-terminated hostname or email address, and the latter a null-terminated -object identifier (e.g., @code{GNUTLS_KP_TLS_WWW_SERVER} ). +The acceptable data types are @code{GNUTLS_DT_DNS_HOSTNAME} and @code{GNUTLS_DT_KEY_PURPOSE_OID} . If a DNS hostname is provided then this function will compare -the hostname in the certificate against the given. If names do not match the -@code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will be set. +the hostname in the certificate against the given. The comparison will +be accurate for ascii names; non-ascii names are compared byte-by-byte. +If names do not match the @code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will be set. + If a key purpose OID is provided and the end-certificate contains the extended key usage PKIX extension, it will be required to be have the provided key purpose -or be marked for any purpose, otherwise verification will fail with @code{GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE} status. +(e.g., @code{GNUTLS_KP_TLS_WWW_SERVER} ), or be marked for any purpose, otherwise +verification will fail with @code{GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE} status. -@strong{Returns:} a negative error code on error and @code{GNUTLS_E_SUCCESS} (0) -when the peer's certificate was successfully parsed, whether or not -it was verified. +@strong{Returns:} a negative error code on error and @code{GNUTLS_E_SUCCESS} (0) on success. @strong{Since:} 3.3.0 @end deftypefun @@ -1346,9 +1205,7 @@ Note that you must also check the peer's name in order to check if the verified certificate belongs to the actual peer, see @code{gnutls_x509_crt_check_hostname()} , or use @code{gnutls_certificate_verify_peers3()} . -@strong{Returns:} a negative error code on error and @code{GNUTLS_E_SUCCESS} (0) -when the peer's certificate was successfully parsed, whether or not -it was verified. +@strong{Returns:} a negative error code on error and @code{GNUTLS_E_SUCCESS} (0) on success. @end deftypefun @subheading gnutls_certificate_verify_peers3 @@ -1376,9 +1233,7 @@ If names do not match the @code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will In order to verify the purpose of the end-certificate (by checking the extended key usage), use @code{gnutls_certificate_verify_peers()} . -@strong{Returns:} a negative error code on error and @code{GNUTLS_E_SUCCESS} (0) -when the peer's certificate was successfully parsed, whether or not -it was verified. +@strong{Returns:} a negative error code on error and @code{GNUTLS_E_SUCCESS} (0) on success. @strong{Since:} 3.1.4 @end deftypefun @@ -1402,7 +1257,7 @@ check is done and only the version string is returned. @subheading gnutls_cipher_get @anchor{gnutls_cipher_get} @deftypefun {gnutls_cipher_algorithm_t} {gnutls_cipher_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get currently used cipher. @@ -1502,7 +1357,7 @@ bounds, @code{NULL} is returned. @subheading gnutls_compression_get @anchor{gnutls_compression_get} @deftypefun {gnutls_compression_method_t} {gnutls_compression_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get currently used compression algorithm. @@ -1545,7 +1400,7 @@ integers indicating the available compression methods. @subheading gnutls_credentials_clear @anchor{gnutls_credentials_clear} @deftypefun {void} {gnutls_credentials_clear} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Clears all the credentials previously set in this session. @end deftypefun @@ -1553,11 +1408,11 @@ Clears all the credentials previously set in this session. @subheading gnutls_credentials_get @anchor{gnutls_credentials_get} @deftypefun {int} {gnutls_credentials_get} (gnutls_session_t @var{session}, gnutls_credentials_type_t @var{type}, void ** @var{cred}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{type}: is the type of the credentials to return -@var{cred}: will contain the credentials. +@var{cred}: will contain the pointer to the credentials structure. Returns the previously provided credentials structures. @@ -1574,20 +1429,18 @@ For @code{GNUTLS_CRD_CERTIFICATE} , @code{cred} will be @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error code is returned. - -@strong{Since:} 3.3.3 @end deftypefun @subheading gnutls_credentials_set @anchor{gnutls_credentials_set} @deftypefun {int} {gnutls_credentials_set} (gnutls_session_t @var{session}, gnutls_credentials_type_t @var{type}, void * @var{cred}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{type}: is the type of the credentials -@var{cred}: the credentials to set +@var{cred}: is a pointer to a structure. -Sets the needed credentials for the specified type. E.g. username, +Sets the needed credentials for the specified type. Eg username, password - or public and private keys etc. The @code{cred} parameter is a structure that depends on the specified type and on the current session (client or server). @@ -1615,7 +1468,7 @@ otherwise a negative error code is returned. @subheading gnutls_db_check_entry @anchor{gnutls_db_check_entry} @deftypefun {int} {gnutls_db_check_entry} (gnutls_session_t @var{session}, gnutls_datum_t @var{session_entry}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{session_entry}: is the session data (not key) @@ -1628,7 +1481,7 @@ expired or 0 otherwise. @subheading gnutls_db_check_entry_time @anchor{gnutls_db_check_entry_time} @deftypefun {time_t} {gnutls_db_check_entry_time} (gnutls_datum_t * @var{entry}) -@var{entry}: is a pointer to a @code{gnutls_datum_t} type. +@var{entry}: is a pointer to a @code{gnutls_datum_t} structure. This function returns the time that this entry was active. It can be used for database entry expiration. @@ -1646,7 +1499,7 @@ Returns the expiration time (in seconds) of stored sessions for resumption. @subheading gnutls_db_get_ptr @anchor{gnutls_db_get_ptr} @deftypefun {void *} {gnutls_db_get_ptr} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get db function pointer. @@ -1657,7 +1510,7 @@ delete functions, as the first argument. @subheading gnutls_db_remove_session @anchor{gnutls_db_remove_session} @deftypefun {void} {gnutls_db_remove_session} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function will remove the current session data from the session database. This will prevent future handshakes reusing @@ -1671,7 +1524,7 @@ sessions. @subheading gnutls_db_set_cache_expiration @anchor{gnutls_db_set_cache_expiration} @deftypefun {void} {gnutls_db_set_cache_expiration} (gnutls_session_t @var{session}, int @var{seconds}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{seconds}: is the number of seconds. @@ -1682,7 +1535,7 @@ Set the expiration time for resumed sessions. The default is 3600 @subheading gnutls_db_set_ptr @anchor{gnutls_db_set_ptr} @deftypefun {void} {gnutls_db_set_ptr} (gnutls_session_t @var{session}, void * @var{ptr}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{ptr}: is the pointer @@ -1693,7 +1546,7 @@ delete functions, as the first argument. @subheading gnutls_db_set_remove_function @anchor{gnutls_db_set_remove_function} @deftypefun {void} {gnutls_db_set_remove_function} (gnutls_session_t @var{session}, gnutls_db_remove_func @var{rem_func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{rem_func}: is the function. @@ -1707,7 +1560,7 @@ The first argument to @code{rem_func} will be null unless @subheading gnutls_db_set_retrieve_function @anchor{gnutls_db_set_retrieve_function} @deftypefun {void} {gnutls_db_set_retrieve_function} (gnutls_session_t @var{session}, gnutls_db_retr_func @var{retr_func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{retr_func}: is the function. @@ -1726,7 +1579,7 @@ The first argument to @code{retr_func} will be null unless @subheading gnutls_db_set_store_function @anchor{gnutls_db_set_store_function} @deftypefun {void} {gnutls_db_set_store_function} (gnutls_session_t @var{session}, gnutls_db_store_func @var{store_func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{store_func}: is the function @@ -1740,7 +1593,7 @@ The first argument to @code{store_func} will be null unless @subheading gnutls_deinit @anchor{gnutls_deinit} @deftypefun {void} {gnutls_deinit} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function clears all buffers associated with the @code{session} . This function will also remove session data from the session @@ -1762,9 +1615,6 @@ the generator used. This function should be used for both anonymous and ephemeral Diffie-Hellman. The output parameters must be freed with @code{gnutls_free()} . -Note, that the prime and generator are exported as non-negative -integers and may include a leading zero byte. - @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise an error code is returned. @end deftypefun @@ -1809,9 +1659,6 @@ Diffie-Hellman key exchange. This function should be used for both anonymous and ephemeral Diffie-Hellman. The output parameters must be freed with @code{gnutls_free()} . -Note, that public key is exported as non-negative -integer and may include a leading zero byte. - @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise an error code is returned. @end deftypefun @@ -1832,9 +1679,9 @@ an error code is returned. @subheading gnutls_dh_params_cpy @anchor{gnutls_dh_params_cpy} @deftypefun {int} {gnutls_dh_params_cpy} (gnutls_dh_params_t @var{dst}, gnutls_dh_params_t @var{src}) -@var{dst}: Is the destination parameters, which should be initialized. +@var{dst}: Is the destination structure, which should be initialized. -@var{src}: Is the source parameters +@var{src}: Is the source structure This function will copy the DH parameters structure from source to destination. @@ -1846,9 +1693,9 @@ otherwise a negative error code is returned. @subheading gnutls_dh_params_deinit @anchor{gnutls_dh_params_deinit} @deftypefun {void} {gnutls_dh_params_deinit} (gnutls_dh_params_t @var{dh_params}) -@var{dh_params}: The parameters +@var{dh_params}: Is a structure that holds the prime numbers -This function will deinitialize the DH parameters type. +This function will deinitialize the DH parameters structure. @end deftypefun @subheading gnutls_dh_params_export2_pkcs3 @@ -1919,7 +1766,7 @@ otherwise a negative error code is returned. @subheading gnutls_dh_params_generate2 @anchor{gnutls_dh_params_generate2} @deftypefun {int} {gnutls_dh_params_generate2} (gnutls_dh_params_t @var{dparams}, unsigned int @var{bits}) -@var{dparams}: The parameters +@var{dparams}: Is the structure that the DH parameters will be stored @var{bits}: is the prime's number of bits @@ -1941,7 +1788,7 @@ otherwise a negative error code is returned. @subheading gnutls_dh_params_import_pkcs3 @anchor{gnutls_dh_params_import_pkcs3} @deftypefun {int} {gnutls_dh_params_import_pkcs3} (gnutls_dh_params_t @var{params}, const gnutls_datum_t * @var{pkcs3_params}, gnutls_x509_crt_fmt_t @var{format}) -@var{params}: The parameters +@var{params}: A structure where the parameters will be copied to @var{pkcs3_params}: should contain a PKCS3 DHParams structure PEM or DER encoded @@ -1960,31 +1807,12 @@ otherwise a negative error code is returned. @subheading gnutls_dh_params_import_raw @anchor{gnutls_dh_params_import_raw} @deftypefun {int} {gnutls_dh_params_import_raw} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}) -@var{dh_params}: The parameters - -@var{prime}: holds the new prime - -@var{generator}: holds the new generator - -This function will replace the pair of prime and generator for use -in the Diffie-Hellman key exchange. The new parameters should be -stored in the appropriate gnutls_datum. - -@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, -otherwise a negative error code is returned. -@end deftypefun - -@subheading gnutls_dh_params_import_raw2 -@anchor{gnutls_dh_params_import_raw2} -@deftypefun {int} {gnutls_dh_params_import_raw2} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}, unsigned @var{key_bits}) -@var{dh_params}: The parameters +@var{dh_params}: Is a structure that will hold the prime numbers @var{prime}: holds the new prime @var{generator}: holds the new generator -@var{key_bits}: the private key bits (set to zero when unknown) - This function will replace the pair of prime and generator for use in the Diffie-Hellman key exchange. The new parameters should be stored in the appropriate gnutls_datum. @@ -1996,9 +1824,9 @@ otherwise a negative error code is returned. @subheading gnutls_dh_params_init @anchor{gnutls_dh_params_init} @deftypefun {int} {gnutls_dh_params_init} (gnutls_dh_params_t * @var{dh_params}) -@var{dh_params}: The parameters +@var{dh_params}: Is a structure that will hold the prime numbers -This function will initialize the DH parameters type. +This function will initialize the DH parameters structure. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error code is returned. @@ -2007,7 +1835,7 @@ otherwise a negative error code is returned. @subheading gnutls_dh_set_prime_bits @anchor{gnutls_dh_set_prime_bits} @deftypefun {void} {gnutls_dh_set_prime_bits} (gnutls_session_t @var{session}, unsigned int @var{bits}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{bits}: is the number of bits @@ -2020,8 +1848,8 @@ In the client side it sets the minimum accepted number of bits. If a server sends a prime with less bits than that @code{GNUTLS_E_DH_PRIME_UNACCEPTABLE} will be returned by the handshake. -Note that this function will warn via the audit log for value that -are believed to be weak. +Note that values lower than 512 bits may allow decryption of the +exchanged data. The function has no effect in server side. @@ -2040,7 +1868,7 @@ Convert a string to a @code{gnutls_digest_algorithm_t} value. The names are compared in a case insensitive way. @strong{Returns:} a @code{gnutls_digest_algorithm_t} id of the specified MAC -algorithm string, or @code{GNUTLS_DIG_UNKNOWN} on failure. +algorithm string, or @code{GNUTLS_DIG_UNKNOWN} on failures. @end deftypefun @subheading gnutls_digest_get_name @@ -2054,19 +1882,6 @@ Convert a @code{gnutls_digest_algorithm_t} value to a string. algorithm, or @code{NULL} . @end deftypefun -@subheading gnutls_digest_get_oid -@anchor{gnutls_digest_get_oid} -@deftypefun {const char *} {gnutls_digest_get_oid} (gnutls_digest_algorithm_t @var{algorithm}) -@var{algorithm}: is a digest algorithm - -Convert a @code{gnutls_digest_algorithm_t} value to its object identifier. - -@strong{Returns:} a string that contains the object identifier of the specified digest -algorithm, or @code{NULL} . - -@strong{Since:} 3.4.3 -@end deftypefun - @subheading gnutls_digest_list @anchor{gnutls_digest_list} @deftypefun {const gnutls_digest_algorithm_t *} {gnutls_digest_list} ( @var{void}) @@ -2082,7 +1897,7 @@ integers indicating the available digests. @subheading gnutls_ecc_curve_get @anchor{gnutls_ecc_curve_get} @deftypefun {gnutls_ecc_curve_t} {gnutls_ecc_curve_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Returns the currently used elliptic curve. Only valid when using an elliptic curve ciphersuite. @@ -2093,19 +1908,6 @@ type. @strong{Since:} 3.0 @end deftypefun -@subheading gnutls_ecc_curve_get_id -@anchor{gnutls_ecc_curve_get_id} -@deftypefun {gnutls_ecc_curve_t} {gnutls_ecc_curve_get_id} (const char * @var{name}) -@var{name}: is a curve name - -The names are compared in a case insensitive way. - -@strong{Returns:} return a @code{gnutls_ecc_curve_t} value corresponding to -the specified curve, or @code{GNUTLS_ECC_CURVE_INVALID} on error. - -@strong{Since:} 3.4.3 -@end deftypefun - @subheading gnutls_ecc_curve_get_name @anchor{gnutls_ecc_curve_get_name} @deftypefun {const char *} {gnutls_ecc_curve_get_name} (gnutls_ecc_curve_t @var{curve}) @@ -2119,19 +1921,6 @@ curve or @code{NULL} . @strong{Since:} 3.0 @end deftypefun -@subheading gnutls_ecc_curve_get_oid -@anchor{gnutls_ecc_curve_get_oid} -@deftypefun {const char *} {gnutls_ecc_curve_get_oid} (gnutls_ecc_curve_t @var{curve}) -@var{curve}: is an ECC curve - -Convert a @code{gnutls_ecc_curve_t} value to its object identifier. - -@strong{Returns:} a string that contains the OID of the specified -curve or @code{NULL} . - -@strong{Since:} 3.4.3 -@end deftypefun - @subheading gnutls_ecc_curve_get_size @anchor{gnutls_ecc_curve_get_size} @deftypefun {int} {gnutls_ecc_curve_get_size} (gnutls_ecc_curve_t @var{curve}) @@ -2173,7 +1962,8 @@ This function is only useful if you are dealing with errors from functions that relate to a TLS session (e.g., record layer or handshake layer handling functions). -@strong{Returns:} Non-zero value on fatal errors or zero on non-fatal. +@strong{Returns:} zero on non fatal errors or positive @code{error} values. Non-zero +on fatal error codes. @end deftypefun @subheading gnutls_error_to_alert @@ -2219,72 +2009,6 @@ after a completed handshake. @strong{Since:} 3.2.2 @end deftypefun -@subheading gnutls_ext_get_data -@anchor{gnutls_ext_get_data} -@deftypefun {int} {gnutls_ext_get_data} (gnutls_session_t @var{session}, unsigned @var{type}, gnutls_ext_priv_data_t * @var{data}) -@var{session}: a @code{gnutls_session_t} opaque pointer - -@var{type}: the numeric id of the extension - -@var{data}: a pointer to the private data to retrieve - -This function retrieves any data previously stored with @code{gnutls_ext_set_data()} . - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_ext_register -@anchor{gnutls_ext_register} -@deftypefun {int} {gnutls_ext_register} (const char * @var{name}, int @var{type}, gnutls_ext_parse_type_t @var{parse_type}, gnutls_ext_recv_func @var{recv_func}, gnutls_ext_send_func @var{send_func}, gnutls_ext_deinit_data_func @var{deinit_func}, gnutls_ext_pack_func @var{pack_func}, gnutls_ext_unpack_func @var{unpack_func}) -@var{name}: the name of the extension to register - -@var{type}: the numeric id of the extension - -@var{parse_type}: the parse type of the extension (see gnutls_ext_parse_type_t) - -@var{recv_func}: a function to receive the data - -@var{send_func}: a function to send the data - -@var{deinit_func}: a function deinitialize any private data - -@var{pack_func}: a function which serializes the extension's private data (used on session packing for resumption) - -@var{unpack_func}: a function which will deserialize the extension's private data - -This function will register a new extension type. The extension will remain -registered until @code{gnutls_global_deinit()} is called. If the extension type -is already registered then @code{GNUTLS_E_ALREADY_REGISTERED} will be returned. - -Each registered extension can store temporary data into the gnutls_session_t -structure using @code{gnutls_ext_set_data()} , and they can be retrieved using -@code{gnutls_ext_get_data()} . - -This function is not thread safe. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_ext_set_data -@anchor{gnutls_ext_set_data} -@deftypefun {void} {gnutls_ext_set_data} (gnutls_session_t @var{session}, unsigned @var{type}, gnutls_ext_priv_data_t @var{data}) -@var{session}: a @code{gnutls_session_t} opaque pointer - -@var{type}: the numeric id of the extension - -@var{data}: the private data to set - -This function allows an extension handler to store data in the current session -and retrieve them later on. The set data will be deallocated using -the gnutls_ext_deinit_data_func. - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_fingerprint @anchor{gnutls_fingerprint} @deftypefun {int} {gnutls_fingerprint} (gnutls_digest_algorithm_t @var{algo}, const gnutls_datum_t * @var{data}, void * @var{result}, size_t * @var{result_size}) @@ -2346,10 +2070,9 @@ GnuTLS is used by more than one library in an application. This function can be called many times, but will only do something the first time. -Since GnuTLS 3.3.0 this function is automatically called on library -constructor. Since the same version this function is also thread safe. -The automatic initialization can be avoided if the environment variable -@code{GNUTLS_NO_EXPLICIT_INIT} is set to be 1. +Since GnuTLS 3.3.0 this function is only required in systems that +do not support library constructors and static linking. This +function also became thread safe. A subsequent call of this function if the initial has failed will return the same error code. @@ -2416,7 +2139,7 @@ Use a log level over 10 to enable all debugging options. With this function you are allowed to override the default mutex locks used in some parts of gnutls and dependent libraries. This function should be used if you have complete control of your program and libraries. -Do not call this function from a library, or preferably from any application +Do not call this function from a library, or preferrably from any application unless really needed to. GnuTLS will use the appropriate locks for the running system. @@ -2440,7 +2163,7 @@ as the standard function. @subheading gnutls_handshake @anchor{gnutls_handshake} @deftypefun {int} {gnutls_handshake} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function does the handshake of the TLS/SSL protocol, and initializes the TLS connection. @@ -2450,28 +2173,19 @@ return a negative error code. In case of a client, if the client has asked to resume a session, but the server couldn't, then a full handshake will be performed. -The non-fatal errors expected by this function are: -@code{GNUTLS_E_INTERRUPTED} , @code{GNUTLS_E_AGAIN} , -@code{GNUTLS_E_WARNING_ALERT_RECEIVED} , and @code{GNUTLS_E_GOT_APPLICATION_DATA} , -the latter only in a case of rehandshake. - -The former two interrupt the handshake procedure due to the lower -layer being interrupted, and the latter because of an alert that -may be sent by a server (it is always a good idea to check any -received alerts). On these errors call this function again, until it +The non-fatal errors such as @code{GNUTLS_E_AGAIN} and +@code{GNUTLS_E_INTERRUPTED} interrupt the handshake procedure, which +should be resumed later. Call this function again, until it returns 0; cf. @code{gnutls_record_get_direction()} and -@code{gnutls_error_is_fatal()} . In DTLS sessions the non-fatal error -@code{GNUTLS_E_LARGE_PACKET} is also possible, and indicates that -the MTU should be adjusted. +@code{gnutls_error_is_fatal()} . If this function is called by a server after a rehandshake request then @code{GNUTLS_E_GOT_APPLICATION_DATA} or @code{GNUTLS_E_WARNING_ALERT_RECEIVED} may be returned. Note that these are non fatal errors, only in the specific case of a rehandshake. Their meaning is that the client rejected the rehandshake request or -in the case of @code{GNUTLS_E_GOT_APPLICATION_DATA} it could also mean that -some data were pending. A client may receive that error code if -it initiates the handshake and the server doesn't agreed. +in the case of @code{GNUTLS_E_GOT_APPLICATION_DATA} it might also mean that +some data were pending. @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. @end deftypefun @@ -2490,7 +2204,7 @@ message or @code{NULL} . @subheading gnutls_handshake_get_last_in @anchor{gnutls_handshake_get_last_in} @deftypefun {gnutls_handshake_description_t} {gnutls_handshake_get_last_in} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function is only useful to check where the last performed handshake failed. If the previous handshake succeed or was not @@ -2506,7 +2220,7 @@ available handshake descriptions. @subheading gnutls_handshake_get_last_out @anchor{gnutls_handshake_get_last_out} @deftypefun {gnutls_handshake_description_t} {gnutls_handshake_get_last_out} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function is only useful to check where the last performed handshake failed. If the previous handshake succeed or was not @@ -2522,7 +2236,7 @@ available handshake descriptions. @subheading gnutls_handshake_set_hook_function @anchor{gnutls_handshake_set_hook_function} @deftypefun {void} {gnutls_handshake_set_hook_function} (gnutls_session_t @var{session}, unsigned int @var{htype}, int @var{post}, gnutls_handshake_hook_func @var{func}) -@var{session}: is a @code{gnutls_session_t} type +@var{session}: is a @code{gnutls_session_t} structure @var{htype}: the @code{gnutls_handshake_description_t} of the message to hook at @@ -2552,7 +2266,7 @@ there is a man-in-the-middle attack being performed. @subheading gnutls_handshake_set_max_packet_length @anchor{gnutls_handshake_set_max_packet_length} @deftypefun {void} {gnutls_handshake_set_max_packet_length} (gnutls_session_t @var{session}, size_t @var{max}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{max}: is the maximum number. @@ -2569,7 +2283,7 @@ limit Denial of Service attacks. @subheading gnutls_handshake_set_post_client_hello_function @anchor{gnutls_handshake_set_post_client_hello_function} @deftypefun {void} {gnutls_handshake_set_post_client_hello_function} (gnutls_session_t @var{session}, gnutls_handshake_post_client_hello_func @var{func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{func}: is the function to be called @@ -2598,7 +2312,7 @@ there is a man-in-the-middle attack being performed. @subheading gnutls_handshake_set_private_extensions @anchor{gnutls_handshake_set_private_extensions} @deftypefun {void} {gnutls_handshake_set_private_extensions} (gnutls_session_t @var{session}, int @var{allow}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{allow}: is an integer (0 or 1) @@ -2615,7 +2329,7 @@ gnutls servers and clients may cause interoperability problems. @subheading gnutls_handshake_set_random @anchor{gnutls_handshake_set_random} @deftypefun {int} {gnutls_handshake_set_random} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{random}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{random}: a random value of 32-bytes @@ -2636,18 +2350,13 @@ Since 3.1.9 @subheading gnutls_handshake_set_timeout @anchor{gnutls_handshake_set_timeout} @deftypefun {void} {gnutls_handshake_set_timeout} (gnutls_session_t @var{session}, unsigned int @var{ms}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{ms}: is a timeout value in milliseconds -This function sets the timeout for the TLS handshake process +This function sets the timeout for the handshake process to the provided value. Use an @code{ms} value of zero to disable -timeout, or @code{GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT} for a reasonable -default value. For the DTLS protocol, the more detailed -@code{gnutls_dtls_set_timeouts()} is provided. - -This function requires to set a pull timeout callback. See -@code{gnutls_transport_set_pull_timeout_function()} . +timeout. @strong{Since:} 3.1.0 @end deftypefun @@ -2655,7 +2364,7 @@ This function requires to set a pull timeout callback. See @subheading gnutls_heartbeat_allowed @anchor{gnutls_heartbeat_allowed} @deftypefun {int} {gnutls_heartbeat_allowed} (gnutls_session_t @var{session}, unsigned int @var{type}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{type}: one of @code{GNUTLS_HB_LOCAL_ALLOWED_TO_SEND} and @code{GNUTLS_HB_PEER_ALLOWED_TO_SEND} @@ -2670,7 +2379,7 @@ to be sent or received in this session. @subheading gnutls_heartbeat_enable @anchor{gnutls_heartbeat_enable} @deftypefun {void} {gnutls_heartbeat_enable} (gnutls_session_t @var{session}, unsigned int @var{type}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{type}: one of the GNUTLS_HB_* flags @@ -2690,7 +2399,7 @@ locally generated heartbeat messages can be accepted by the peer. @subheading gnutls_heartbeat_get_timeout @anchor{gnutls_heartbeat_get_timeout} @deftypefun {unsigned int} {gnutls_heartbeat_get_timeout} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function will return the milliseconds remaining for a retransmission of the previously sent ping @@ -2706,7 +2415,7 @@ if no packets have been received. @subheading gnutls_heartbeat_ping @anchor{gnutls_heartbeat_ping} @deftypefun {int} {gnutls_heartbeat_ping} (gnutls_session_t @var{session}, size_t @var{data_size}, unsigned int @var{max_tries}, unsigned int @var{flags}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{data_size}: is the length of the ping payload. @@ -2729,7 +2438,7 @@ and timeouts manually. @subheading gnutls_heartbeat_pong @anchor{gnutls_heartbeat_pong} @deftypefun {int} {gnutls_heartbeat_pong} (gnutls_session_t @var{session}, unsigned int @var{flags}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{flags}: should be zero @@ -2743,7 +2452,7 @@ This function replies to a ping by sending a pong to the peer. @subheading gnutls_heartbeat_set_timeouts @anchor{gnutls_heartbeat_set_timeouts} @deftypefun {void} {gnutls_heartbeat_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{retrans_timeout}: The time at which a retransmission will occur in milliseconds @@ -2755,6 +2464,9 @@ message from the peer is not received, the previous request will be retransmitted. The total timeout is the time after which the handshake will be aborted with @code{GNUTLS_E_TIMEDOUT} . +If the retransmission timeout is zero then the handshake will operate +in a non-blocking way, i.e., return @code{GNUTLS_E_AGAIN} . + @strong{Since:} 3.1.2 @end deftypefun @@ -2770,9 +2482,7 @@ handshake will be aborted with @code{GNUTLS_E_TIMEDOUT} . @var{bin_size}: when calling should hold maximum size of @code{bin_data} , on return will hold actual length of @code{bin_data} . -Convert a buffer with hex data to binary data. This function -unlike @code{gnutls_hex_decode()} can parse hex data with separators -between numbers. That is, it ignores any non-hex characters. +Convert a buffer with hex data to binary data. @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. @@ -2791,24 +2501,10 @@ between numbers. That is, it ignores any non-hex characters. This function will decode the given encoded data, using the hex encoding used by PSK password files. -Initially @code{result_size} must hold the maximum size available in - @code{result} , and on return it will contain the number of bytes written. +Note that hex_data should be null terminated. @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not -long enough, @code{GNUTLS_E_PARSING_ERROR} on invalid hex data, or 0 on success. -@end deftypefun - -@subheading gnutls_hex_decode2 -@anchor{gnutls_hex_decode2} -@deftypefun {int} {gnutls_hex_decode2} (const gnutls_datum_t * @var{hex_data}, gnutls_datum_t * @var{result}) -@var{hex_data}: contain the encoded data - -@var{result}: the result in an allocated string - -This function will decode the given encoded data, using the hex -encoding used by PSK password files. - -@strong{Returns:} @code{GNUTLS_E_PARSING_ERROR} on invalid hex data, or 0 on success. +long enough, or 0 on success. @end deftypefun @subheading gnutls_hex_encode @@ -2829,25 +2525,10 @@ Note that the size of the result includes the null terminator. long enough, or 0 on success. @end deftypefun -@subheading gnutls_hex_encode2 -@anchor{gnutls_hex_encode2} -@deftypefun {int} {gnutls_hex_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) -@var{data}: contain the raw data - -@var{result}: the result in an allocated string - -This function will convert the given data to printable data, using -the hex encoding, as used in the PSK password files. - -Note that the size of the result does NOT include the null terminator. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. -@end deftypefun - @subheading gnutls_init @anchor{gnutls_init} @deftypefun {int} {gnutls_init} (gnutls_session_t * @var{session}, unsigned int @var{flags}) -@var{session}: is a pointer to a @code{gnutls_session_t} type. +@var{session}: is a pointer to a @code{gnutls_session_t} structure. @var{flags}: indicate if this session is to be used for server or client. @@ -2856,8 +2537,10 @@ session must be initialized before use, so internal structures can be allocated. This function allocates structures which can only be free'd by calling @code{gnutls_deinit()} . Returns @code{GNUTLS_E_SUCCESS} (0) on success. - @code{flags} can be one of @code{GNUTLS_CLIENT} , @code{GNUTLS_SERVER} , @code{GNUTLS_DATAGRAM} , -@code{GNUTLS_NONBLOCK} or @code{GNUTLS_NOSIGNAL} (since 3.4.2). + @code{flags} can be one of @code{GNUTLS_CLIENT} and @code{GNUTLS_SERVER} . For a DTLS +entity, the flags @code{GNUTLS_DATAGRAM} and @code{GNUTLS_NONBLOCK} are +also available. The latter flag will enable a non-blocking +operation of the DTLS timers. The flag @code{GNUTLS_NO_REPLAY_PROTECTION} will disable any replay protection in DTLS mode. That must only used when @@ -2875,9 +2558,9 @@ flag. @anchor{gnutls_key_generate} @deftypefun {int} {gnutls_key_generate} (gnutls_datum_t * @var{key}, unsigned int @var{key_size}) @var{key}: is a pointer to a @code{gnutls_datum_t} which will contain a newly -created key +created key. -@var{key_size}: the number of bytes of the key +@var{key_size}: The number of bytes of the key. Generates a random key of @code{key_size} bytes. @@ -2890,7 +2573,7 @@ error code. @subheading gnutls_kx_get @anchor{gnutls_kx_get} @deftypefun {gnutls_kx_algorithm_t} {gnutls_kx_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get currently used key exchange algorithm. @@ -2953,7 +2636,7 @@ Since 3.1.0 @subheading gnutls_mac_get @anchor{gnutls_mac_get} @deftypefun {gnutls_mac_algorithm_t} {gnutls_mac_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get currently used MAC algorithm. @@ -2970,7 +2653,7 @@ Convert a string to a @code{gnutls_mac_algorithm_t} value. The names are compared in a case insensitive way. @strong{Returns:} a @code{gnutls_mac_algorithm_t} id of the specified MAC -algorithm string, or @code{GNUTLS_MAC_UNKNOWN} on failure. +algorithm string, or @code{GNUTLS_MAC_UNKNOWN} on failures. @end deftypefun @subheading gnutls_mac_get_key_size @@ -3007,45 +2690,10 @@ This function is not thread safe. integers indicating the available MACs. @end deftypefun -@subheading gnutls_memcmp -@anchor{gnutls_memcmp} -@deftypefun {int} {gnutls_memcmp} (const void * @var{s1}, const void * @var{s2}, size_t @var{n}) -@var{s1}: the first address to compare - -@var{s2}: the second address to compare - -@var{n}: the size of memory to compare - -This function will operate similarly to @code{memcmp()} , but will operate -on time that depends only on the size of the string. That is will -not return early if the strings don't match on the first byte. - -@strong{Returns:} non zero on difference and zero if the buffers are identical. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_memset -@anchor{gnutls_memset} -@deftypefun {void} {gnutls_memset} (void * @var{data}, int @var{c}, size_t @var{size}) -@var{data}: the memory to set - -@var{c}: the constant byte to fill the memory with - -@var{size}: the size of memory - -This function will operate similarly to @code{memset()} , but will -not be optimized out by the compiler. - -@strong{Returns:} void. - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_ocsp_status_request_enable_client @anchor{gnutls_ocsp_status_request_enable_client} @deftypefun {int} {gnutls_ocsp_status_request_enable_client} (gnutls_session_t @var{session}, gnutls_datum_t * @var{responder_id}, size_t @var{responder_id_size}, gnutls_datum_t * @var{extensions}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{responder_id}: array with @code{gnutls_datum_t} with DER data of responder id @@ -3067,7 +2715,7 @@ otherwise a negative error code is returned. @subheading gnutls_ocsp_status_request_get @anchor{gnutls_ocsp_status_request_get} @deftypefun {int} {gnutls_ocsp_status_request_get} (gnutls_session_t @var{session}, gnutls_datum_t * @var{response}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{response}: a @code{gnutls_datum_t} with DER encoded OCSP response @@ -3087,77 +2735,22 @@ otherwise a negative error code is returned. @deftypefun {int} {gnutls_ocsp_status_request_is_checked} (gnutls_session_t @var{session}, unsigned int @var{flags}) @var{session}: is a gnutls session -@var{flags}: should be zero or @code{GNUTLS_OCSP_SR_IS_AVAIL} +@var{flags}: should be zero Check whether an OCSP status response was included in the handshake and whether it was checked and valid (not too old or superseded). This is a helper function when needing to decide whether to perform an -OCSP validity check on the peer's certificate. Should be called after -any of gnutls_certificate_verify_peers*() are called. - -If the flag @code{GNUTLS_OCSP_SR_IS_AVAIL} is specified, the return -value of the function indicates whether an OCSP status response have -been received (even if invalid). The flag was introduced in GnuTLS 3.4.0. +OCSP validity check on the peer's certificate. Must be called after +@code{gnutls_certificate_verify_peers3()} is called. -@strong{Returns:} non zero if the response was valid, or a zero if it wasn't sent, +@strong{Returns:} non zero it was valid, or a zero if it wasn't sent, or sent and was invalid. @end deftypefun -@subheading gnutls_oid_to_digest -@anchor{gnutls_oid_to_digest} -@deftypefun {gnutls_digest_algorithm_t} {gnutls_oid_to_digest} (const char * @var{oid}) -@var{oid}: is an object identifier - -Converts a textual object identifier to a @code{gnutls_digest_algorithm_t} value. - -@strong{Returns:} a @code{gnutls_digest_algorithm_t} id of the specified digest -algorithm, or @code{GNUTLS_DIG_UNKNOWN} on failure. - -@strong{Since:} 3.4.3 -@end deftypefun - -@subheading gnutls_oid_to_ecc_curve -@anchor{gnutls_oid_to_ecc_curve} -@deftypefun {gnutls_ecc_curve_t} {gnutls_oid_to_ecc_curve} (const char * @var{oid}) -@var{oid}: is a curve's OID - - -@strong{Returns:} return a @code{gnutls_ecc_curve_t} value corresponding to -the specified OID, or @code{GNUTLS_ECC_CURVE_INVALID} on error. - -@strong{Since:} 3.4.3 -@end deftypefun - -@subheading gnutls_oid_to_pk -@anchor{gnutls_oid_to_pk} -@deftypefun {gnutls_pk_algorithm_t} {gnutls_oid_to_pk} (const char * @var{oid}) -@var{oid}: is an object identifier - -Converts a textual object identifier to a @code{gnutls_pk_algorithm_t} value. - -@strong{Returns:} a @code{gnutls_pk_algorithm_t} id of the specified digest -algorithm, or @code{GNUTLS_PK_UNKNOWN} on failure. - -@strong{Since:} 3.4.3 -@end deftypefun - -@subheading gnutls_oid_to_sign -@anchor{gnutls_oid_to_sign} -@deftypefun {gnutls_sign_algorithm_t} {gnutls_oid_to_sign} (const char * @var{oid}) -@var{oid}: is an object identifier - -Converts a textual object identifier to a @code{gnutls_sign_algorithm_t} value. - -@strong{Returns:} a @code{gnutls_sign_algorithm_t} id of the specified digest -algorithm, or @code{GNUTLS_SIGN_UNKNOWN} on failure. - -@strong{Since:} 3.4.3 -@end deftypefun - @subheading gnutls_openpgp_send_cert @anchor{gnutls_openpgp_send_cert} @deftypefun {void} {gnutls_openpgp_send_cert} (gnutls_session_t @var{session}, gnutls_openpgp_crt_status_t @var{status}) -@var{session}: a @code{gnutls_session_t} type. +@var{session}: is a pointer to a @code{gnutls_session_t} structure. @var{status}: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT @@ -3181,7 +2774,7 @@ the received packet. @subheading gnutls_packet_get @anchor{gnutls_packet_get} @deftypefun {void} {gnutls_packet_get} (gnutls_packet_t @var{packet}, gnutls_datum_t * @var{data}, unsigned char * @var{sequence}) -@var{packet}: is a @code{gnutls_packet_t} type. +@var{packet}: is a @code{gnutls_packet_t} structure. @var{data}: will contain the data present in the @code{packet} structure (may be @code{NULL} ) @@ -3214,9 +2807,9 @@ packet found. not long enough, or 0 on success. @end deftypefun -@subheading gnutls_pem_base64_decode2 -@anchor{gnutls_pem_base64_decode2} -@deftypefun {int} {gnutls_pem_base64_decode2} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) +@subheading gnutls_pem_base64_decode_alloc +@anchor{gnutls_pem_base64_decode_alloc} +@deftypefun {int} {gnutls_pem_base64_decode_alloc} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) @var{header}: The PEM header (eg. CERTIFICATE) @var{b64_data}: contains the encoded data @@ -3257,9 +2850,9 @@ not include the terminating null. not long enough, or 0 on success. @end deftypefun -@subheading gnutls_pem_base64_encode2 -@anchor{gnutls_pem_base64_encode2} -@deftypefun {int} {gnutls_pem_base64_encode2} (const char * @var{msg}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@subheading gnutls_pem_base64_encode_alloc +@anchor{gnutls_pem_base64_encode_alloc} +@deftypefun {int} {gnutls_pem_base64_encode_alloc} (const char * @var{msg}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) @var{msg}: is a message to be put in the encoded header @var{data}: contains the raw data @@ -3341,19 +2934,6 @@ specified public key algorithm, or @code{NULL} . @strong{Since:} 2.6.0 @end deftypefun -@subheading gnutls_pk_get_oid -@anchor{gnutls_pk_get_oid} -@deftypefun {const char *} {gnutls_pk_get_oid} (gnutls_pk_algorithm_t @var{algorithm}) -@var{algorithm}: is a public key algorithm - -Convert a @code{gnutls_pk_algorithm_t} value to its object identifier string. - -@strong{Returns:} a pointer to a string that contains the object identifier of the -specified public key algorithm, or @code{NULL} . - -@strong{Since:} 3.4.3 -@end deftypefun - @subheading gnutls_pk_list @anchor{gnutls_pk_list} @deftypefun {const gnutls_pk_algorithm_t *} {gnutls_pk_list} ( @var{void}) @@ -3384,13 +2964,13 @@ to signature algorithms. @subheading gnutls_prf @anchor{gnutls_prf} @deftypefun {int} {gnutls_prf} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, int @var{server_random_first}, size_t @var{extra_size}, const char * @var{extra}, size_t @var{outsize}, char * @var{out}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{label_size}: length of the @code{label} variable. @var{label}: label used in PRF computation, typically a short string. -@var{server_random_first}: non-zero if server random field should be first in seed +@var{server_random_first}: non-0 if server random field should be first in seed @var{extra_size}: length of the @code{extra} variable. @@ -3401,13 +2981,13 @@ to signature algorithms. @var{out}: pre-allocated buffer to hold the generated data. Applies the TLS Pseudo-Random-Function (PRF) on the master secret -and the provided data, seeded with the client and server random fields. -For the key expansion specified in RFC5705 see @code{gnutls_prf_rfc5705()} . +and the provided data, seeded with the client and server random fields, +as specified in RFC5705. The @code{label} variable usually contains a string denoting the purpose for the generated data. The @code{server_random_first} indicates whether the client random field or the server random field should be first -in the seed. Non-zero indicates that the server random field is first, +in the seed. Non-0 indicates that the server random field is first, 0 that the client random field is first. The @code{extra} variable can be used to add more data to the seed, after @@ -3423,7 +3003,7 @@ The output is placed in @code{out} , which must be pre-allocated. @subheading gnutls_prf_raw @anchor{gnutls_prf_raw} @deftypefun {int} {gnutls_prf_raw} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{seed_size}, const char * @var{seed}, size_t @var{outsize}, char * @var{out}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{label_size}: length of the @code{label} variable. @@ -3457,52 +3037,10 @@ want to generate pseudo random data unique for each session. @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. @end deftypefun -@subheading gnutls_prf_rfc5705 -@anchor{gnutls_prf_rfc5705} -@deftypefun {int} {gnutls_prf_rfc5705} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{context_size}, const char * @var{context}, size_t @var{outsize}, char * @var{out}) -@var{session}: is a @code{gnutls_session_t} type. - -@var{label_size}: length of the @code{label} variable. - -@var{label}: label used in PRF computation, typically a short string. - -@var{context_size}: length of the @code{extra} variable. - -@var{context}: optional extra data to seed the PRF with. - -@var{outsize}: size of pre-allocated output buffer to hold the output. - -@var{out}: pre-allocated buffer to hold the generated data. - -Applies the TLS Pseudo-Random-Function (PRF) on the master secret -and the provided data, seeded with the client and server random fields, -as specified in RFC5705. - -The @code{label} variable usually contains a string denoting the purpose -for the generated data. The @code{server_random_first} indicates whether -the client random field or the server random field should be first -in the seed. Non-zero indicates that the server random field is first, -0 that the client random field is first. - -The @code{context} variable can be used to add more data to the seed, after -the random variables. It can be used to make sure the -generated output is strongly connected to some additional data -(e.g., a string used in user authentication). - -The output is placed in @code{out} , which must be pre-allocated. - -Note that, to provide the RFC5705 context, the @code{contect} variable -must be non-null. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. - -@strong{Since:} 3.4.4 -@end deftypefun - @subheading gnutls_priority_certificate_type_list @anchor{gnutls_priority_certificate_type_list} @deftypefun {int} {gnutls_priority_certificate_type_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list @@ -3517,7 +3055,7 @@ structure. @subheading gnutls_priority_cipher_list @anchor{gnutls_priority_cipher_list} @deftypefun {int} {gnutls_priority_cipher_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list @@ -3532,7 +3070,7 @@ structure. @subheading gnutls_priority_compression_list @anchor{gnutls_priority_compression_list} @deftypefun {int} {gnutls_priority_compression_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list @@ -3547,7 +3085,7 @@ structure. @subheading gnutls_priority_deinit @anchor{gnutls_priority_deinit} @deftypefun {void} {gnutls_priority_deinit} (gnutls_priority_t @var{priority_cache}) -@var{priority_cache}: is a @code{gnutls_prioritity_t} type. +@var{priority_cache}: is a @code{gnutls_prioritity_t} structure. Deinitializes the priority cache. @end deftypefun @@ -3555,7 +3093,7 @@ Deinitializes the priority cache. @subheading gnutls_priority_ecc_curve_list @anchor{gnutls_priority_ecc_curve_list} @deftypefun {int} {gnutls_priority_ecc_curve_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list @@ -3570,7 +3108,7 @@ structure. @subheading gnutls_priority_get_cipher_suite_index @anchor{gnutls_priority_get_cipher_suite_index} @deftypefun {int} {gnutls_priority_get_cipher_suite_index} (gnutls_priority_t @var{pcache}, unsigned int @var{idx}, unsigned int * @var{sidx}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{idx}: is an index number. @@ -3585,22 +3123,19 @@ Once the last available index is crossed then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. @strong{Returns:} On success it returns @code{GNUTLS_E_SUCCESS} (0), or a negative error value otherwise. - -@strong{Since:} 3.0.9 @end deftypefun @subheading gnutls_priority_init @anchor{gnutls_priority_init} @deftypefun {int} {gnutls_priority_init} (gnutls_priority_t * @var{priority_cache}, const char * @var{priorities}, const char ** @var{err_pos}) -@var{priority_cache}: is a @code{gnutls_prioritity_t} type. +@var{priority_cache}: is a @code{gnutls_prioritity_t} structure. -@var{priorities}: is a string describing priorities (may be @code{NULL} ) +@var{priorities}: is a string describing priorities -@var{err_pos}: In case of an error this will have the position in the string the error occurred +@var{err_pos}: In case of an error this will have the position in the string the error occured Sets priorities for the ciphers, key exchange methods, macs and -compression methods. The @code{priority_cache} should be deinitialized -using @code{gnutls_priority_deinit()} . +compression methods. The @code{priorities} option allows you to specify a colon separated list of the cipher priorities to enable. @@ -3638,6 +3173,9 @@ of 128. "SUITEB192" means all the NSA SuiteB ciphersuites with security level of 192. +"EXPORT" means all ciphersuites are enabled, including the +low-security 40 bit ciphers. + "NONE" means nothing is enabled. This disables even protocols and compression methods. @@ -3646,7 +3184,7 @@ will be expanded from a configuration-time provided file - default is: /etc/gnutls/default-priorities. Any keywords that follow it, will be appended to the expanded string. If there is no system string, then the function will fail. The system file should be formatted -as "KEYWORD=VALUE", e.g., "SYSTEM=NORMAL:+ARCFOUR-128". +as "KEYWORD=VALUE", e.g., "SYSTEM=NORMAL:-ARCFOUR-128". Special keywords are "!", "-" and "+". "!" or "-" appended with an algorithm will remove this algorithm. @@ -3658,7 +3196,7 @@ information. @strong{Examples:} "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL" -"NORMAL:+ARCFOUR-128" means normal ciphers plus ARCFOUR-128. +"NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128. "SECURE128:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are enabled, SSL3.0 is disabled, and libz compression enabled. @@ -3671,9 +3209,6 @@ enabled, SSL3.0 is disabled, and libz compression enabled. Note that "NORMAL:@code{COMPAT} " is the most compatible mode. -A @code{NULL} @code{priorities} string indicates the default priorities to be -used (this is available since GnuTLS 3.3.0). - @strong{Returns:} On syntax error @code{GNUTLS_E_INVALID_REQUEST} is returned, @code{GNUTLS_E_SUCCESS} on success, or an error code. @end deftypefun @@ -3681,7 +3216,7 @@ used (this is available since GnuTLS 3.3.0). @subheading gnutls_priority_kx_list @anchor{gnutls_priority_kx_list} @deftypefun {int} {gnutls_priority_kx_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list @@ -3696,7 +3231,7 @@ structure. @subheading gnutls_priority_mac_list @anchor{gnutls_priority_mac_list} @deftypefun {int} {gnutls_priority_mac_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list @@ -3711,7 +3246,7 @@ structure. @subheading gnutls_priority_protocol_list @anchor{gnutls_priority_protocol_list} @deftypefun {int} {gnutls_priority_protocol_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list @@ -3726,9 +3261,9 @@ structure. @subheading gnutls_priority_set @anchor{gnutls_priority_set} @deftypefun {int} {gnutls_priority_set} (gnutls_session_t @var{session}, gnutls_priority_t @var{priority}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. -@var{priority}: is a @code{gnutls_priority_t} type. +@var{priority}: is a @code{gnutls_priority_t} structure. Sets the priorities to use on the ciphers, key exchange methods, macs and compression methods. @@ -3739,11 +3274,11 @@ macs and compression methods. @subheading gnutls_priority_set_direct @anchor{gnutls_priority_set_direct} @deftypefun {int} {gnutls_priority_set_direct} (gnutls_session_t @var{session}, const char * @var{priorities}, const char ** @var{err_pos}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{priorities}: is a string describing priorities -@var{err_pos}: In case of an error this will have the position in the string the error occurred +@var{err_pos}: In case of an error this will have the position in the string the error occured Sets the priorities to use on the ciphers, key exchange methods, macs and compression methods. This function avoids keeping a @@ -3759,7 +3294,7 @@ To simply use a reasonable default, consider using @code{gnutls_set_default_prio @subheading gnutls_priority_sign_list @anchor{gnutls_priority_sign_list} @deftypefun {int} {gnutls_priority_sign_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) -@var{pcache}: is a @code{gnutls_prioritity_t} type. +@var{pcache}: is a @code{gnutls_prioritity_t} structure. @var{list}: will point to an integer list @@ -3771,23 +3306,6 @@ structure. @strong{Since:} 3.0 @end deftypefun -@subheading gnutls_priority_string_list -@anchor{gnutls_priority_string_list} -@deftypefun {const char *} {gnutls_priority_string_list} (unsigned @var{iter}, unsigned int @var{flags}) -@var{iter}: an integer counter starting from zero - -@var{flags}: one of @code{GNUTLS_PRIORITY_LIST_INIT_KEYWORDS} , @code{GNUTLS_PRIORITY_LIST_SPECIAL} - -Can be used to iterate all available priority strings. -Due to internal implementation details, there are cases where this -function can return the empty string. In that case that string should be ignored. -When no strings are available it returns @code{NULL} . - -@strong{Returns:} a priority string - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_protocol_get_id @anchor{gnutls_protocol_get_id} @deftypefun {gnutls_protocol_t} {gnutls_protocol_get_id} (const char * @var{name}) @@ -3813,7 +3331,7 @@ version (e.g., "TLS1.0"), or @code{NULL} . @subheading gnutls_protocol_get_version @anchor{gnutls_protocol_get_version} @deftypefun {gnutls_protocol_t} {gnutls_protocol_get_version} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get TLS version, a @code{gnutls_protocol_t} value. @@ -3835,7 +3353,7 @@ indicating the available protocols. @subheading gnutls_psk_allocate_client_credentials @anchor{gnutls_psk_allocate_client_credentials} @deftypefun {int} {gnutls_psk_allocate_client_credentials} (gnutls_psk_client_credentials_t * @var{sc}) -@var{sc}: is a pointer to a @code{gnutls_psk_server_credentials_t} type. +@var{sc}: is a pointer to a @code{gnutls_psk_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to allocate it. @@ -3847,7 +3365,7 @@ an error code is returned. @subheading gnutls_psk_allocate_server_credentials @anchor{gnutls_psk_allocate_server_credentials} @deftypefun {int} {gnutls_psk_allocate_server_credentials} (gnutls_psk_server_credentials_t * @var{sc}) -@var{sc}: is a pointer to a @code{gnutls_psk_server_credentials_t} type. +@var{sc}: is a pointer to a @code{gnutls_psk_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to allocate it. @@ -3873,7 +3391,7 @@ authentication and in case of a client. @subheading gnutls_psk_free_client_credentials @anchor{gnutls_psk_free_client_credentials} @deftypefun {void} {gnutls_psk_free_client_credentials} (gnutls_psk_client_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_psk_client_credentials_t} type. +@var{sc}: is a @code{gnutls_psk_client_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to free (deallocate) it. @@ -3882,7 +3400,7 @@ helper function is provided in order to free (deallocate) it. @subheading gnutls_psk_free_server_credentials @anchor{gnutls_psk_free_server_credentials} @deftypefun {void} {gnutls_psk_free_server_credentials} (gnutls_psk_server_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_psk_server_credentials_t} type. +@var{sc}: is a @code{gnutls_psk_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to free (deallocate) it. @@ -3902,7 +3420,7 @@ case of a server. @subheading gnutls_psk_set_client_credentials @anchor{gnutls_psk_set_client_credentials} @deftypefun {int} {gnutls_psk_set_client_credentials} (gnutls_psk_client_credentials_t @var{res}, const char * @var{username}, const gnutls_datum_t * @var{key}, gnutls_psk_key_flags @var{flags}) -@var{res}: is a @code{gnutls_psk_client_credentials_t} type. +@var{res}: is a @code{gnutls_psk_client_credentials_t} structure. @var{username}: is the user's zero-terminated userid @@ -3912,7 +3430,7 @@ case of a server. @code{GNUTLS_PSK_KEY_RAW} or @code{GNUTLS_PSK_KEY_HEX} . This function sets the username and password, in a -gnutls_psk_client_credentials_t type. Those will be used in +gnutls_psk_client_credentials_t structure. Those will be used in PSK authentication. @code{username} should be an ASCII string or UTF-8 strings prepared using the "SASLprep" profile of "stringprep". The key can be either in raw byte format or in Hex format (without the @@ -3925,7 +3443,7 @@ an error code is returned. @subheading gnutls_psk_set_client_credentials_function @anchor{gnutls_psk_set_client_credentials_function} @deftypefun {void} {gnutls_psk_set_client_credentials_function} (gnutls_psk_client_credentials_t @var{cred}, gnutls_psk_client_credentials_function * @var{func}) -@var{cred}: is a @code{gnutls_psk_server_credentials_t} type. +@var{cred}: is a @code{gnutls_psk_server_credentials_t} structure. @var{func}: is the callback function @@ -3948,7 +3466,7 @@ The callback function should return 0 on success. @subheading gnutls_psk_set_params_function @anchor{gnutls_psk_set_params_function} @deftypefun {void} {gnutls_psk_set_params_function} (gnutls_psk_server_credentials_t @var{res}, gnutls_params_function * @var{func}) -@var{res}: is a gnutls_psk_server_credentials_t type +@var{res}: is a gnutls_psk_server_credentials_t structure @var{func}: is the function to be called @@ -3960,12 +3478,12 @@ callback should return @code{GNUTLS_E_SUCCESS} (0) on success. @subheading gnutls_psk_set_server_credentials_file @anchor{gnutls_psk_set_server_credentials_file} @deftypefun {int} {gnutls_psk_set_server_credentials_file} (gnutls_psk_server_credentials_t @var{res}, const char * @var{password_file}) -@var{res}: is a @code{gnutls_psk_server_credentials_t} type. +@var{res}: is a @code{gnutls_psk_server_credentials_t} structure. @var{password_file}: is the PSK password file (passwd.psk) This function sets the password file, in a -@code{gnutls_psk_server_credentials_t} type. This password file +@code{gnutls_psk_server_credentials_t} structure. This password file holds usernames and keys and will be used for PSK authentication. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise @@ -3975,7 +3493,7 @@ an error code is returned. @subheading gnutls_psk_set_server_credentials_function @anchor{gnutls_psk_set_server_credentials_function} @deftypefun {void} {gnutls_psk_set_server_credentials_function} (gnutls_psk_server_credentials_t @var{cred}, gnutls_psk_server_credentials_function * @var{func}) -@var{cred}: is a @code{gnutls_psk_server_credentials_t} type. +@var{cred}: is a @code{gnutls_psk_server_credentials_t} structure. @var{func}: is the callback function @@ -3998,12 +3516,12 @@ an error. @subheading gnutls_psk_set_server_credentials_hint @anchor{gnutls_psk_set_server_credentials_hint} @deftypefun {int} {gnutls_psk_set_server_credentials_hint} (gnutls_psk_server_credentials_t @var{res}, const char * @var{hint}) -@var{res}: is a @code{gnutls_psk_server_credentials_t} type. +@var{res}: is a @code{gnutls_psk_server_credentials_t} structure. @var{hint}: is the PSK identity hint string This function sets the identity hint, in a -@code{gnutls_psk_server_credentials_t} type. This hint is sent to +@code{gnutls_psk_server_credentials_t} structure. This hint is sent to the client to help it chose a good PSK credential (i.e., username and password). @@ -4016,7 +3534,7 @@ an error code is returned. @subheading gnutls_psk_set_server_dh_params @anchor{gnutls_psk_set_server_dh_params} @deftypefun {void} {gnutls_psk_set_server_dh_params} (gnutls_psk_server_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) -@var{res}: is a gnutls_psk_server_credentials_t type +@var{res}: is a gnutls_psk_server_credentials_t structure @var{dh_params}: is a structure that holds Diffie-Hellman parameters. @@ -4028,7 +3546,7 @@ Diffie-Hellman exchange with PSK cipher suites. @subheading gnutls_psk_set_server_params_function @anchor{gnutls_psk_set_server_params_function} @deftypefun {void} {gnutls_psk_set_server_params_function} (gnutls_psk_server_credentials_t @var{res}, gnutls_params_function * @var{func}) -@var{res}: is a @code{gnutls_certificate_credentials_t} type +@var{res}: is a @code{gnutls_certificate_credentials_t} structure @var{func}: is the function to be called @@ -4040,7 +3558,7 @@ should return @code{GNUTLS_E_SUCCESS} (0) on success. @subheading gnutls_random_art @anchor{gnutls_random_art} @deftypefun {int} {gnutls_random_art} (gnutls_random_art_t @var{type}, const char * @var{key_type}, unsigned int @var{key_size}, void * @var{fpr}, size_t @var{fpr_size}, gnutls_datum_t * @var{art}) -@var{type}: The type of the random art (for now only @code{GNUTLS_RANDOM_ART_OPENSSH} is supported) +@var{type}: The type of the random art @var{key_type}: The type of the key (RSA, DSA etc.) @@ -4053,7 +3571,7 @@ should return @code{GNUTLS_E_SUCCESS} (0) on success. @var{art}: The returned random art This function will convert a given fingerprint to an "artistic" -image. The returned image is allocated using @code{gnutls_malloc()} . +image. The returned image is allocated using @code{gnutls_malloc()} @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise an error code is returned. @@ -4062,7 +3580,7 @@ an error code is returned. @subheading gnutls_range_split @anchor{gnutls_range_split} @deftypefun {int} {gnutls_range_split} (gnutls_session_t @var{session}, const gnutls_range_st * @var{orig}, gnutls_range_st * @var{next}, gnutls_range_st * @var{remainder}) -@var{session}: is a @code{gnutls_session_t} type +@var{session}: is a @code{gnutls_session_t} structure @var{orig}: is the original range provided by the user @@ -4084,7 +3602,7 @@ Note that @code{orig} is not changed, while the values of @code{next} and @co @subheading gnutls_record_can_use_length_hiding @anchor{gnutls_record_can_use_length_hiding} @deftypefun {int} {gnutls_record_can_use_length_hiding} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. If the session supports length-hiding padding, you can invoke @code{gnutls_range_send_message()} to send a message whose @@ -4101,10 +3619,10 @@ padding, false (0) if the current session does not. @subheading gnutls_record_check_corked @anchor{gnutls_record_check_corked} @deftypefun {size_t} {gnutls_record_check_corked} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function checks if there pending corked -data in the gnutls buffers --see @code{gnutls_record_cork()} . +data in the gnutls buffers --see @code{gnutls_cork()} . @strong{Returns:} Returns the size of the corked data or zero. @@ -4114,7 +3632,7 @@ data in the gnutls buffers --see @code{gnutls_record_cork()} . @subheading gnutls_record_check_pending @anchor{gnutls_record_check_pending} @deftypefun {size_t} {gnutls_record_check_pending} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function checks if there are unread data in the gnutls buffers. If the return value is @@ -4127,10 +3645,11 @@ is guaranteed not to block. @subheading gnutls_record_cork @anchor{gnutls_record_cork} @deftypefun {void} {gnutls_record_cork} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. -If called, @code{gnutls_record_send()} will no longer send any records. -Any sent records will be cached until @code{gnutls_record_uncork()} is called. +If called @code{gnutls_record_send()} will no longer send partial records. +All queued records will be sent when @code{gnutls_uncork()} is called, or +when the maximum record size is reached. This function is safe to use with DTLS after GnuTLS 3.3.0. @@ -4140,7 +3659,7 @@ This function is safe to use with DTLS after GnuTLS 3.3.0. @subheading gnutls_record_disable_padding @anchor{gnutls_record_disable_padding} @deftypefun {void} {gnutls_record_disable_padding} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Used to disabled padding in TLS 1.0 and above. Normally you do not need to use this function, but there are buggy clients that @@ -4151,41 +3670,29 @@ This functions is defunt since 3.1.7. Random padding is disabled by default unless requested using @code{gnutls_range_send_message()} . @end deftypefun -@subheading gnutls_record_discard_queued -@anchor{gnutls_record_discard_queued} -@deftypefun {size_t} {gnutls_record_discard_queued} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. - -This function discards all queued to be sent packets in a TLS or DTLS session. -These are the packets queued after an interrupted @code{gnutls_record_send()} . - -@strong{Returns:} The number of bytes discarded. - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_record_get_direction @anchor{gnutls_record_get_direction} @deftypefun {int} {gnutls_record_get_direction} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function provides information about the internals of the -record protocol and is only useful if a prior gnutls function call, -e.g. @code{gnutls_handshake()} , was interrupted for some reason. That +record protocol and is only useful if a prior gnutls function call +(e.g. @code{gnutls_handshake()} ) was interrupted for some reason, that is, if a function returned @code{GNUTLS_E_INTERRUPTED} or -@code{GNUTLS_E_AGAIN} . In such a case, you might want to call @code{select()} -or @code{poll()} before restoring the interrupted gnutls function. - -This function's output is unreliable if you are using the same - @code{session} in different threads, for sending and receiving. +@code{GNUTLS_E_AGAIN} . In such a case, you might want to call @code{select()} +or @code{poll()} before calling the interrupted gnutls function again. To +tell you whether a file descriptor should be selected for either +reading or writing, @code{gnutls_record_get_direction()} returns 0 if the +interrupted function was trying to read data, and 1 if it was +trying to write data. -@strong{Returns:} 0 if interrupted while trying to read data, or 1 while trying to write data. +@strong{Returns:} 0 if trying to read data, 1 if trying to write data. @end deftypefun @subheading gnutls_record_get_max_size @anchor{gnutls_record_get_max_size} @deftypefun {size_t} {gnutls_record_get_max_size} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get the record size. The maximum record size is negotiated by the client after the first handshake message. @@ -4193,32 +3700,6 @@ client after the first handshake message. @strong{Returns:} The maximum record packet size in this connection. @end deftypefun -@subheading gnutls_record_get_state -@anchor{gnutls_record_get_state} -@deftypefun {int} {gnutls_record_get_state} (gnutls_session_t @var{session}, unsigned @var{read}, gnutls_datum_t * @var{mac_key}, gnutls_datum_t * @var{IV}, gnutls_datum_t * @var{cipher_key}, unsigned char @var{seq_number[8]}) -@var{session}: is a @code{gnutls_session_t} type - -@var{read}: if non-zero the read parameters are returned, otherwise the write - -@var{mac_key}: the key used for MAC (if a MAC is used) - -@var{IV}: the initialization vector or nonce used - -@var{cipher_key}: the cipher key - -@var{seq_number[8]}: -- undescribed -- - -This function will return the parameters of the current record state. -These are only useful to be provided to an external off-loading device -or subsystem. - -In that case, to sync the state you must call @code{gnutls_record_set_state()} . - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. - -Since 3.4.0 -@end deftypefun - @subheading gnutls_record_overhead_size @anchor{gnutls_record_overhead_size} @deftypefun {size_t} {gnutls_record_overhead_size} (gnutls_session_t @var{session}) @@ -4233,7 +3714,7 @@ due to TLS (or DTLS) per record. @subheading gnutls_record_recv @anchor{gnutls_record_recv} @deftypefun {ssize_t} {gnutls_record_recv} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{data}: the buffer that the data will be read into @@ -4242,18 +3723,19 @@ due to TLS (or DTLS) per record. This function has the similar semantics with @code{recv()} . The only difference is that it accepts a GnuTLS session, and uses different error codes. -In the special case that the peer requests a renegotiation, the -caller will receive an error code of @code{GNUTLS_E_REHANDSHAKE} . In case -of a client, this message may be simply ignored, replied with an alert +In the special case that a server requests a renegotiation, the +client may receive an error code of @code{GNUTLS_E_REHANDSHAKE} . This +message may be simply ignored, replied with an alert @code{GNUTLS_A_NO_RENEGOTIATION} , or replied with a new handshake, -depending on the client's will. A server receiving this error code -can only initiate a new handshake or terminate the session. - +depending on the client's will. If @code{EINTR} is returned by the internal push function (the default is @code{recv()} ) then @code{GNUTLS_E_INTERRUPTED} will be returned. If @code{GNUTLS_E_INTERRUPTED} or @code{GNUTLS_E_AGAIN} is returned, you must call this function again to get the data. See also @code{gnutls_record_get_direction()} . +A server may also receive @code{GNUTLS_E_REHANDSHAKE} when a client has +initiated a handshake. In that case the server can only initiate a +handshake or terminate the connection. @strong{Returns:} The number of bytes received and zero on EOF (for stream connections). A negative error code is returned in case of an error. @@ -4263,13 +3745,13 @@ The number of bytes received might be less than the requested @code{data_size} @subheading gnutls_record_recv_packet @anchor{gnutls_record_recv_packet} @deftypefun {ssize_t} {gnutls_record_recv_packet} (gnutls_session_t @var{session}, gnutls_packet_t * @var{packet}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{packet}: the structure that will hold the packet data -This is a lower-level function than @code{gnutls_record_recv()} and allows +This is a lower-level function thatn @code{gnutls_record_recv()} and allows to directly receive the whole decrypted packet. That avoids a -memory copy, and is intended to be used by applications seeking high +memory copy, and is mostly applicable to applications seeking high performance. The received packet is accessed using @code{gnutls_packet_get()} and @@ -4285,7 +3767,7 @@ connections). A negative error code is returned in case of an error. @subheading gnutls_record_recv_seq @anchor{gnutls_record_recv_seq} @deftypefun {ssize_t} {gnutls_record_recv_seq} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}, unsigned char * @var{seq}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{data}: the buffer that the data will be read into @@ -4310,7 +3792,7 @@ received might be less than @code{data_size} . @subheading gnutls_record_send @anchor{gnutls_record_send} @deftypefun {ssize_t} {gnutls_record_send} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{data}: contains the data to send @@ -4349,7 +3831,7 @@ on the negotiated maximum record size. @subheading gnutls_record_send_range @anchor{gnutls_record_send_range} @deftypefun {ssize_t} {gnutls_record_send_range} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}, const gnutls_range_st * @var{range}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{data}: contains the data to send. @@ -4372,10 +3854,26 @@ function. or a negative error code. @end deftypefun +@subheading gnutls_record_set_max_empty_records +@anchor{gnutls_record_set_max_empty_records} +@deftypefun {void} {gnutls_record_set_max_empty_records} (gnutls_session_t @var{session}, const unsigned int @var{i}) +@var{session}: is a @code{gnutls_session_t} structure. + +@var{i}: is the desired value of maximum empty records that can be accepted in a row. + +Used to set the maximum number of empty fragments that can be accepted +in a row. Accepting many empty fragments is useful for receiving length-hidden +content, where empty fragments filled with pad are sent to hide the real +length of a message. However, a malicious peer could send empty fragments to +mount a DoS attack, so as a safety measure, a maximum number of empty fragments +is accepted by default. If you know your application must accept a given number +of empty fragments in a row, you can use this function to set the desired value. +@end deftypefun + @subheading gnutls_record_set_max_size @anchor{gnutls_record_set_max_size} @deftypefun {ssize_t} {gnutls_record_set_max_size} (gnutls_session_t @var{session}, size_t @var{size}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{size}: is the new size @@ -4395,28 +3893,10 @@ all TLS implementations use or even understand this extension. otherwise a negative error code is returned. @end deftypefun -@subheading gnutls_record_set_state -@anchor{gnutls_record_set_state} -@deftypefun {int} {gnutls_record_set_state} (gnutls_session_t @var{session}, unsigned @var{read}, unsigned char @var{seq_number[8]}) -@var{session}: is a @code{gnutls_session_t} type - -@var{read}: if non-zero the read parameters are returned, otherwise the write - -@var{seq_number[8]}: -- undescribed -- - -This function will set the sequence number in the current record state. -This function is useful if sending and receiving are offloaded from -gnutls. That is, if @code{gnutls_record_get_state()} was used. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. - -Since 3.4.0 -@end deftypefun - @subheading gnutls_record_set_timeout @anchor{gnutls_record_set_timeout} @deftypefun {void} {gnutls_record_set_timeout} (gnutls_session_t @var{session}, unsigned int @var{ms}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{ms}: is a timeout value in milliseconds @@ -4424,20 +3904,17 @@ This function sets the receive timeout for the record layer to the provided value. Use an @code{ms} value of zero to disable timeout (the default). -This function requires to set a pull timeout callback. See -@code{gnutls_transport_set_pull_timeout_function()} . - @strong{Since:} 3.1.7 @end deftypefun @subheading gnutls_record_uncork @anchor{gnutls_record_uncork} @deftypefun {int} {gnutls_record_uncork} (gnutls_session_t @var{session}, unsigned int @var{flags}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{flags}: Could be zero or @code{GNUTLS_RECORD_WAIT} -This resets the effect of @code{gnutls_record_cork()} , and flushes any pending +This resets the effect of @code{gnutls_cork()} , and flushes any pending data. If the @code{GNUTLS_RECORD_WAIT} flag is specified then this function will block until the data is sent or a fatal error occurs (i.e., the function will retry on @code{GNUTLS_E_AGAIN} and @@ -4457,7 +3934,7 @@ otherwise a negative error code. @subheading gnutls_rehandshake @anchor{gnutls_rehandshake} @deftypefun {int} {gnutls_rehandshake} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function will renegotiate security parameters with the client. This should only be called in case of a server. @@ -4472,8 +3949,8 @@ parameters. Since TLS is full duplex some application data might have been sent during peer's processing of this message. In that case one should call @code{gnutls_record_recv()} until GNUTLS_E_REHANDSHAKE -is returned to clear any pending data. Care must be taken, if -rehandshake is mandatory, to terminate if it does not start after +is returned to clear any pending data. Care must be taken if +rehandshake is mandatory to terminate if it does not start after some threshold. If the client does not wish to renegotiate parameters he @@ -4488,7 +3965,7 @@ this message. @subheading gnutls_safe_renegotiation_status @anchor{gnutls_safe_renegotiation_status} @deftypefun {int} {gnutls_safe_renegotiation_status} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Can be used to check whether safe renegotiation is being used in the current session. @@ -4546,7 +4023,7 @@ symmetric cipher strength for the given security parameter. @subheading gnutls_server_name_get @anchor{gnutls_server_name_get} @deftypefun {int} {gnutls_server_name_get} (gnutls_session_t @var{session}, void * @var{data}, size_t * @var{data_length}, unsigned int * @var{type}, unsigned int @var{indx}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{data}: will hold the data @@ -4562,7 +4039,7 @@ gnutls_server_name_type_t. If @code{type} is GNUTLS_NAME_DNS, then this function is to be used by servers that support virtual hosting, and the data will be a null -terminated IDNA ACE string (prior to GnuTLS 3.4.0 it was a UTF-8 string). +terminated UTF-8 string. If @code{data} has not enough size to hold the server name GNUTLS_E_SHORT_MEMORY_BUFFER is returned, and @code{data_length} will @@ -4580,7 +4057,7 @@ otherwise a negative error code is returned. @subheading gnutls_server_name_set @anchor{gnutls_server_name_set} @deftypefun {int} {gnutls_server_name_set} (gnutls_session_t @var{session}, gnutls_server_name_type_t @var{type}, const void * @var{name}, size_t @var{name_length}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{type}: specifies the indicator type @@ -4594,10 +4071,9 @@ This should be used by clients that connect to servers that do virtual hosting. The value of @code{name} depends on the @code{type} type. In case of -@code{GNUTLS_NAME_DNS} , a UTF-8 null-terminated domain name string, -without the trailing dot, is expected. - -IPv4 or IPv6 addresses are not permitted. +@code{GNUTLS_NAME_DNS} , an ASCII (0)-terminated domain name string, +without the trailing dot, is expected. IPv4 or IPv6 addresses are +not permitted. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error code is returned. @@ -4606,7 +4082,7 @@ otherwise a negative error code is returned. @subheading gnutls_session_channel_binding @anchor{gnutls_session_channel_binding} @deftypefun {int} {gnutls_session_channel_binding} (gnutls_session_t @var{session}, gnutls_channel_binding_t @var{cbtype}, gnutls_datum_t * @var{cb}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{cbtype}: an @code{gnutls_channel_binding_t} enumeration type @@ -4626,7 +4102,7 @@ currently available, or an error code. @subheading gnutls_session_enable_compatibility_mode @anchor{gnutls_session_enable_compatibility_mode} @deftypefun {void} {gnutls_session_enable_compatibility_mode} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. This function can be used to disable certain (security) features in TLS in order to maintain maximum compatibility with buggy @@ -4640,32 +4116,10 @@ Note that this function must be called after any call to gnutls_priority functions. @end deftypefun -@subheading gnutls_session_etm_status -@anchor{gnutls_session_etm_status} -@deftypefun {unsigned} {gnutls_session_etm_status} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. - -Get the status of the encrypt-then-mac extension negotiation. -This is in accordance to rfc7366 - -@strong{Returns:} Non-zero if the negotiation was successful or zero otherwise. -@end deftypefun - -@subheading gnutls_session_ext_master_secret_status -@anchor{gnutls_session_ext_master_secret_status} -@deftypefun {unsigned} {gnutls_session_ext_master_secret_status} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. - -Get the status of the extended master secret extension negotiation. -This is in accordance to draft-ietf-tls-session-hash-01 - -@strong{Returns:} Non-zero if the negotiation was successful or zero otherwise. -@end deftypefun - @subheading gnutls_session_force_valid @anchor{gnutls_session_force_valid} @deftypefun {void} {gnutls_session_force_valid} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Clears the invalid flag in a session. That means that sessions were corrupt or invalid data were received @@ -4677,7 +4131,7 @@ applications. @subheading gnutls_session_get_data @anchor{gnutls_session_get_data} @deftypefun {int} {gnutls_session_get_data} (gnutls_session_t @var{session}, void * @var{session_data}, size_t * @var{session_data_size}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{session_data}: is a pointer to space to hold the session. @@ -4686,8 +4140,7 @@ applications. Returns all session parameters needed to be stored to support resumption. The client should call this, and store the returned session data. A session may be resumed later by calling @code{gnutls_session_set_data()} . -This function must be called after a successful (full) handshake. It should -not be used in already resumed sessions --see @code{gnutls_session_is_resumed()} . +This function must be called after a successful handshake. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise an error code is returned. @@ -4696,16 +4149,14 @@ an error code is returned. @subheading gnutls_session_get_data2 @anchor{gnutls_session_get_data2} @deftypefun {int} {gnutls_session_get_data2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{data}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{data}: is a pointer to a datum that will hold the session. Returns all session parameters needed to be stored to support resumption. The client should call this, and store the returned session data. A session may be resumed later by calling @code{gnutls_session_set_data()} . -This function must be called after a successful (full) handshake. It should -not be used in already resumed sessions --see @code{gnutls_session_is_resumed()} . - +This function must be called after a successful handshake. The returned @code{data} are allocated and must be released using @code{gnutls_free()} . @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise @@ -4720,9 +4171,6 @@ an error code is returned. This function returns a string describing the current session. The string is null terminated and allocated using @code{gnutls_malloc()} . -If initial negotiation is not complete when this function is called, -@code{NULL} will be returned. - @strong{Returns:} a description of the protocols and algorithms in the current session. @strong{Since:} 3.1.10 @@ -4731,7 +4179,7 @@ If initial negotiation is not complete when this function is called, @subheading gnutls_session_get_id @anchor{gnutls_session_get_id} @deftypefun {int} {gnutls_session_get_id} (gnutls_session_t @var{session}, void * @var{session_id}, size_t * @var{session_id_size}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{session_id}: is a pointer to space to hold the session id. @@ -4743,8 +4191,8 @@ resumed. That is because resumed sessions share the same session ID with the original session. The session ID is selected by the server, that identify the -current session. In all supported TLS protocols, the session id -is less than @code{GNUTLS_MAX_SESSION_ID_SIZE} . +current session. In TLS 1.0 and SSL 3.0 session id is always less +than 32 bytes. @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise an error code is returned. @@ -4753,7 +4201,7 @@ an error code is returned. @subheading gnutls_session_get_id2 @anchor{gnutls_session_get_id2} @deftypefun {int} {gnutls_session_get_id2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{session_id}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{session_id}: will point to the session ID. @@ -4769,7 +4217,7 @@ an error code is returned. @subheading gnutls_session_get_ptr @anchor{gnutls_session_get_ptr} @deftypefun {void *} {gnutls_session_get_ptr} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Get user pointer for session. Useful in callbacks. This is the pointer set with @code{gnutls_session_set_ptr()} . @@ -4781,7 +4229,7 @@ pointer set with @code{gnutls_session_set_ptr()} . @subheading gnutls_session_get_random @anchor{gnutls_session_get_random} @deftypefun {void} {gnutls_session_get_random} (gnutls_session_t @var{session}, gnutls_datum_t * @var{client}, gnutls_datum_t * @var{server}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{client}: the client part of the random @@ -4797,27 +4245,10 @@ will be garbage. @strong{Since:} 3.0 @end deftypefun -@subheading gnutls_session_get_verify_cert_status -@anchor{gnutls_session_get_verify_cert_status} -@deftypefun {unsigned int} {gnutls_session_get_verify_cert_status} (gnutls_session_t @var{session}) -@var{session}: is a gnutls session - -This function returns the status of the verification when initiated -via auto-verification, i.e., by @code{gnutls_session_set_verify_cert2()} or -@code{gnutls_session_set_verify_cert()} . If no certificate verification -was occurred then the return value would be set to ((unsigned int)-1). - -The certificate verification status is the same as in @code{gnutls_certificate_verify_peers()} . - -@strong{Returns:} the certificate verification status. - -@strong{Since:} 3.4.6 -@end deftypefun - @subheading gnutls_session_is_resumed @anchor{gnutls_session_is_resumed} @deftypefun {int} {gnutls_session_is_resumed} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Check whether session is resumed or not. @@ -4828,7 +4259,7 @@ a new session. @subheading gnutls_session_resumption_requested @anchor{gnutls_session_resumption_requested} @deftypefun {int} {gnutls_session_resumption_requested} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Check whether the client has asked for session resumption. This function is valid only on server side. @@ -4839,7 +4270,7 @@ This function is valid only on server side. @subheading gnutls_session_set_data @anchor{gnutls_session_set_data} @deftypefun {int} {gnutls_session_set_data} (gnutls_session_t @var{session}, const void * @var{session_data}, size_t @var{session_data_size}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{session_data}: is a pointer to space to hold the session. @@ -4861,7 +4292,7 @@ an error code is returned. @subheading gnutls_session_set_id @anchor{gnutls_session_set_id} @deftypefun {int} {gnutls_session_set_id} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{sid}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{sid}: the session identifier @@ -4878,7 +4309,7 @@ an error code is returned. @subheading gnutls_session_set_premaster @anchor{gnutls_session_set_premaster} @deftypefun {int} {gnutls_session_set_premaster} (gnutls_session_t @var{session}, unsigned int @var{entity}, gnutls_protocol_t @var{version}, gnutls_kx_algorithm_t @var{kx}, gnutls_cipher_algorithm_t @var{cipher}, gnutls_mac_algorithm_t @var{mac}, gnutls_compression_method_t @var{comp}, const gnutls_datum_t * @var{master}, const gnutls_datum_t * @var{session_id}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{entity}: GNUTLS_SERVER or GNUTLS_CLIENT @@ -4908,7 +4339,7 @@ an error code is returned. @subheading gnutls_session_set_ptr @anchor{gnutls_session_set_ptr} @deftypefun {void} {gnutls_session_set_ptr} (gnutls_session_t @var{session}, void * @var{ptr}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{ptr}: is the user pointer @@ -4917,86 +4348,10 @@ the session structure. This pointer can be accessed with @code{gnutls_session_get_ptr()} . @end deftypefun -@subheading gnutls_session_set_verify_cert -@anchor{gnutls_session_set_verify_cert} -@deftypefun {void} {gnutls_session_set_verify_cert} (gnutls_session_t @var{session}, const char * @var{hostname}, unsigned @var{flags}) -@var{session}: is a gnutls session - -@var{hostname}: is the expected name of the peer; may be @code{NULL} - -@var{flags}: flags for certificate verification -- @code{gnutls_certificate_verify_flags} - -This function instructs GnuTLS to verify the peer's certificate -using the provided hostname. If the verification fails the handshake -will also fail with @code{GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR} . In that -case the verification result can be obtained using @code{gnutls_session_get_verify_cert_status()} . - -The @code{hostname} pointer provided must remain valid for the lifetime -of the session. More precisely it should be available during any subsequent -handshakes. If no hostname is provided, no hostname verification -will be performed. For a more advanced verification function check -@code{gnutls_session_set_verify_cert2()} . - -The @code{gnutls_session_set_verify_cert()} function is intended to be used by TLS -clients to verify the server's certificate. - -@strong{Since:} 3.4.6 -@end deftypefun - -@subheading gnutls_session_set_verify_cert2 -@anchor{gnutls_session_set_verify_cert2} -@deftypefun {void} {gnutls_session_set_verify_cert2} (gnutls_session_t @var{session}, gnutls_typed_vdata_st * @var{data}, unsigned @var{elements}, unsigned @var{flags}) -@var{session}: is a gnutls session - -@var{data}: an array of typed data - -@var{elements}: the number of data elements - -@var{flags}: flags for certificate verification -- @code{gnutls_certificate_verify_flags} - -This function instructs GnuTLS to verify the peer's certificate -using the provided typed data information. If the verification fails the handshake -will also fail with @code{GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR} . In that -case the verification result can be obtained using @code{gnutls_session_get_verify_cert_status()} . - -The acceptable typed data are the same as in @code{gnutls_certificate_verify_peers()} , -and once set must remain valid for the lifetime of the session. More precisely -they should be available during any subsequent handshakes. - -@strong{Since:} 3.4.6 -@end deftypefun - -@subheading gnutls_session_set_verify_function -@anchor{gnutls_session_set_verify_function} -@deftypefun {void} {gnutls_session_set_verify_function} (gnutls_session_t @var{session}, gnutls_certificate_verify_function * @var{func}) -@var{session}: is a @code{gnutls_session_t} type. - -@var{func}: is the callback function - -This function sets a callback to be called when peer's certificate -has been received in order to verify it on receipt rather than -doing after the handshake is completed. This overrides any callback -set using @code{gnutls_certificate_set_verify_function()} . - -The callback's function prototype is: -int (*callback)(gnutls_session_t); - -If the callback function is provided then gnutls will call it, in the -handshake, just after the certificate message has been received. -To verify or obtain the certificate the @code{gnutls_certificate_verify_peers2()} , -@code{gnutls_certificate_type_get()} , @code{gnutls_certificate_get_peers()} functions -can be used. - -The callback function should return 0 for the handshake to continue -or non-zero to terminate. - -@strong{Since:} 3.4.6 -@end deftypefun - @subheading gnutls_session_ticket_enable_client @anchor{gnutls_session_ticket_enable_client} @deftypefun {int} {gnutls_session_ticket_enable_client} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Request that the client should attempt session resumption using SessionTicket. @@ -5010,14 +4365,13 @@ error code. @subheading gnutls_session_ticket_enable_server @anchor{gnutls_session_ticket_enable_server} @deftypefun {int} {gnutls_session_ticket_enable_server} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{key}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{key}: key to encrypt session parameters. Request that the server should attempt session resumption using SessionTicket. @code{key} must be initialized with -@code{gnutls_session_ticket_key_generate()} , and should be overwritten -using @code{gnutls_memset()} before being released. +@code{gnutls_session_ticket_key_generate()} . @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an error code. @@ -5043,11 +4397,19 @@ error code. @subheading gnutls_set_default_priority @anchor{gnutls_set_default_priority} @deftypefun {int} {gnutls_set_default_priority} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. + +Sets some default priority on the ciphers, key exchange methods, +macs and compression methods. + +This typically sets a default priority that is considered +sufficiently secure to establish encrypted sessions. -Sets the default priority on the ciphers, key exchange methods, -macs and compression methods. For more fine-tuning you could -use @code{gnutls_priority_set_direct()} or @code{gnutls_priority_set()} instead. +This function is kept around for backwards compatibility, but +because of its wide use it is still fully supported. If you wish +to allow users to provide a string that specify which ciphers to +use (which is recommended), you should use +@code{gnutls_priority_set_direct()} or @code{gnutls_priority_set()} instead. @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. @end deftypefun @@ -5055,7 +4417,7 @@ use @code{gnutls_priority_set_direct()} or @code{gnutls_priority_set()} instea @subheading gnutls_sign_algorithm_get @anchor{gnutls_sign_algorithm_get} @deftypefun {int} {gnutls_sign_algorithm_get} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Returns the signature algorithm that is (or will be) used in this session by the server to sign data. @@ -5068,7 +4430,7 @@ session by the server to sign data. @subheading gnutls_sign_algorithm_get_client @anchor{gnutls_sign_algorithm_get_client} @deftypefun {int} {gnutls_sign_algorithm_get_client} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Returns the signature algorithm that is (or will be) used in this session by the client to sign data. @@ -5081,7 +4443,7 @@ session by the client to sign data. @subheading gnutls_sign_algorithm_get_requested @anchor{gnutls_sign_algorithm_get_requested} @deftypefun {int} {gnutls_sign_algorithm_get_requested} (gnutls_session_t @var{session}, size_t @var{indx}, gnutls_sign_algorithm_t * @var{algo}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{indx}: is an index of the signature algorithm to return @@ -5138,19 +4500,6 @@ Convert a @code{gnutls_sign_algorithm_t} value to a string. algorithm, or @code{NULL} . @end deftypefun -@subheading gnutls_sign_get_oid -@anchor{gnutls_sign_get_oid} -@deftypefun {const char *} {gnutls_sign_get_oid} (gnutls_sign_algorithm_t @var{sign}) -@var{sign}: is a sign algorithm - -Convert a @code{gnutls_sign_algorithm_t} value to its object identifier. - -@strong{Returns:} a string that contains the object identifier of the specified sign -algorithm, or @code{NULL} . - -@strong{Since:} 3.4.3 -@end deftypefun - @subheading gnutls_sign_get_pk_algorithm @anchor{gnutls_sign_get_pk_algorithm} @deftypefun {gnutls_pk_algorithm_t} {gnutls_sign_get_pk_algorithm} (gnutls_sign_algorithm_t @var{sign}) @@ -5186,7 +4535,7 @@ integers indicating the available ciphers. @subheading gnutls_srp_allocate_client_credentials @anchor{gnutls_srp_allocate_client_credentials} @deftypefun {int} {gnutls_srp_allocate_client_credentials} (gnutls_srp_client_credentials_t * @var{sc}) -@var{sc}: is a pointer to a @code{gnutls_srp_server_credentials_t} type. +@var{sc}: is a pointer to a @code{gnutls_srp_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to allocate it. @@ -5198,7 +4547,7 @@ error code. @subheading gnutls_srp_allocate_server_credentials @anchor{gnutls_srp_allocate_server_credentials} @deftypefun {int} {gnutls_srp_allocate_server_credentials} (gnutls_srp_server_credentials_t * @var{sc}) -@var{sc}: is a pointer to a @code{gnutls_srp_server_credentials_t} type. +@var{sc}: is a pointer to a @code{gnutls_srp_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to allocate it. @@ -5228,9 +4577,9 @@ do not use it for non-SRP purposes. long enough, or 0 on success. @end deftypefun -@subheading gnutls_srp_base64_decode2 -@anchor{gnutls_srp_base64_decode2} -@deftypefun {int} {gnutls_srp_base64_decode2} (const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) +@subheading gnutls_srp_base64_decode_alloc +@anchor{gnutls_srp_base64_decode_alloc} +@deftypefun {int} {gnutls_srp_base64_decode_alloc} (const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) @var{b64_data}: contains the encoded data @var{result}: the place where decoded data lie @@ -5268,9 +4617,9 @@ do not use it for non-SRP purposes. long enough, or 0 on success. @end deftypefun -@subheading gnutls_srp_base64_encode2 -@anchor{gnutls_srp_base64_encode2} -@deftypefun {int} {gnutls_srp_base64_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@subheading gnutls_srp_base64_encode_alloc +@anchor{gnutls_srp_base64_encode_alloc} +@deftypefun {int} {gnutls_srp_base64_encode_alloc} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) @var{data}: contains the raw data @var{result}: will hold the newly allocated encoded data @@ -5291,7 +4640,7 @@ do not use it for non-SRP purposes. @subheading gnutls_srp_free_client_credentials @anchor{gnutls_srp_free_client_credentials} @deftypefun {void} {gnutls_srp_free_client_credentials} (gnutls_srp_client_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_srp_client_credentials_t} type. +@var{sc}: is a @code{gnutls_srp_client_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to free (deallocate) it. @@ -5300,7 +4649,7 @@ this helper function is provided in order to free (deallocate) it. @subheading gnutls_srp_free_server_credentials @anchor{gnutls_srp_free_server_credentials} @deftypefun {void} {gnutls_srp_free_server_credentials} (gnutls_srp_server_credentials_t @var{sc}) -@var{sc}: is a @code{gnutls_srp_server_credentials_t} type. +@var{sc}: is a @code{gnutls_srp_server_credentials_t} structure. This structure is complex enough to manipulate directly thus this helper function is provided in order to free (deallocate) it. @@ -5321,14 +4670,14 @@ server. Returns NULL in case of an error. @subheading gnutls_srp_set_client_credentials @anchor{gnutls_srp_set_client_credentials} @deftypefun {int} {gnutls_srp_set_client_credentials} (gnutls_srp_client_credentials_t @var{res}, const char * @var{username}, const char * @var{password}) -@var{res}: is a @code{gnutls_srp_client_credentials_t} type. +@var{res}: is a @code{gnutls_srp_client_credentials_t} structure. @var{username}: is the user's userid @var{password}: is the user's password This function sets the username and password, in a -@code{gnutls_srp_client_credentials_t} type. Those will be used in +@code{gnutls_srp_client_credentials_t} structure. Those will be used in SRP authentication. @code{username} and @code{password} should be ASCII strings or UTF-8 strings prepared using the "SASLprep" profile of "stringprep". @@ -5340,7 +4689,7 @@ error code. @subheading gnutls_srp_set_client_credentials_function @anchor{gnutls_srp_set_client_credentials_function} @deftypefun {void} {gnutls_srp_set_client_credentials_function} (gnutls_srp_client_credentials_t @var{cred}, gnutls_srp_client_credentials_function * @var{func}) -@var{cred}: is a @code{gnutls_srp_server_credentials_t} type. +@var{cred}: is a @code{gnutls_srp_server_credentials_t} structure. @var{func}: is the callback function @@ -5368,7 +4717,7 @@ The callback function should return 0 on success. @subheading gnutls_srp_set_prime_bits @anchor{gnutls_srp_set_prime_bits} @deftypefun {void} {gnutls_srp_set_prime_bits} (gnutls_session_t @var{session}, unsigned int @var{bits}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{bits}: is the number of bits @@ -5388,14 +4737,14 @@ This function has no effect in server side. @subheading gnutls_srp_set_server_credentials_file @anchor{gnutls_srp_set_server_credentials_file} @deftypefun {int} {gnutls_srp_set_server_credentials_file} (gnutls_srp_server_credentials_t @var{res}, const char * @var{password_file}, const char * @var{password_conf_file}) -@var{res}: is a @code{gnutls_srp_server_credentials_t} type. +@var{res}: is a @code{gnutls_srp_server_credentials_t} structure. @var{password_file}: is the SRP password file (tpasswd) @var{password_conf_file}: is the SRP password conf file (tpasswd.conf) This function sets the password files, in a -@code{gnutls_srp_server_credentials_t} type. Those password files +@code{gnutls_srp_server_credentials_t} structure. Those password files hold usernames and verifiers and will be used for SRP authentication. @@ -5406,7 +4755,7 @@ error code. @subheading gnutls_srp_set_server_credentials_function @anchor{gnutls_srp_set_server_credentials_function} @deftypefun {void} {gnutls_srp_set_server_credentials_function} (gnutls_srp_server_credentials_t @var{cred}, gnutls_srp_server_credentials_function * @var{func}) -@var{cred}: is a @code{gnutls_srp_server_credentials_t} type. +@var{cred}: is a @code{gnutls_srp_server_credentials_t} structure. @var{func}: is the callback function @@ -5414,18 +4763,13 @@ This function can be used to set a callback to retrieve the user's SRP credentials. The callback's function form is: int (*callback)(gnutls_session_t, const char* username, -gnutls_datum_t *salt, gnutls_datum_t *verifier, gnutls_datum_t *generator, -gnutls_datum_t *prime); +gnutls_datum_t* salt, gnutls_datum_t *verifier, gnutls_datum_t* generator, +gnutls_datum_t* prime); @code{username} contains the actual username. The @code{salt} , @code{verifier} , @code{generator} and @code{prime} must be filled in using the @code{gnutls_malloc()} . For convenience @code{prime} and @code{generator} may also be one of the static parameters defined in gnutls.h. -Initially, the data field is NULL in every @code{gnutls_datum_t} -structure that the callback has to fill in. When the -callback is done GnuTLS deallocates all of those buffers -which are non-NULL, regardless of the return value. - In order to prevent attackers from guessing valid usernames, if a user does not exist, g and n values should be filled in using a random user's parameters. In that case the callback must @@ -5442,7 +4786,7 @@ The callback function should return 0 on success, while @subheading gnutls_srp_set_server_fake_salt_seed @anchor{gnutls_srp_set_server_fake_salt_seed} @deftypefun {void} {gnutls_srp_set_server_fake_salt_seed} (gnutls_srp_server_credentials_t @var{cred}, const gnutls_datum_t * @var{seed}, unsigned int @var{salt_length}) -@var{cred}: is a @code{gnutls_srp_server_credentials_t} type +@var{cred}: is a @code{gnutls_srp_server_credentials_t} structure @var{seed}: is the seed data, only needs to be valid until the function returns; size of the seed must be greater than zero @@ -5502,7 +4846,7 @@ error code. @subheading gnutls_srtp_get_keys @anchor{gnutls_srtp_get_keys} @deftypefun {int} {gnutls_srtp_get_keys} (gnutls_session_t @var{session}, void * @var{key_material}, unsigned int @var{key_material_size}, gnutls_datum_t * @var{client_key}, gnutls_datum_t * @var{client_salt}, gnutls_datum_t * @var{server_key}, gnutls_datum_t * @var{server_salt}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{key_material}: Space to hold the generated key material @@ -5531,7 +4875,7 @@ Since 3.1.4 @subheading gnutls_srtp_get_mki @anchor{gnutls_srtp_get_mki} @deftypefun {int} {gnutls_srtp_get_mki} (gnutls_session_t @var{session}, gnutls_datum_t * @var{mki}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{mki}: will hold the MKI @@ -5577,7 +4921,7 @@ Since 3.1.4 @subheading gnutls_srtp_get_selected_profile @anchor{gnutls_srtp_get_selected_profile} @deftypefun {int} {gnutls_srtp_get_selected_profile} (gnutls_session_t @var{session}, gnutls_srtp_profile_t * @var{profile}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{profile}: will hold the profile @@ -5592,7 +4936,7 @@ Since 3.1.4 @subheading gnutls_srtp_set_mki @anchor{gnutls_srtp_set_mki} @deftypefun {int} {gnutls_srtp_set_mki} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{mki}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{mki}: holds the MKI @@ -5608,7 +4952,7 @@ Since 3.1.4 @subheading gnutls_srtp_set_profile @anchor{gnutls_srtp_set_profile} @deftypefun {int} {gnutls_srtp_set_profile} (gnutls_session_t @var{session}, gnutls_srtp_profile_t @var{profile}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{profile}: is the profile id to add. @@ -5624,12 +4968,12 @@ Since 3.1.4 @subheading gnutls_srtp_set_profile_direct @anchor{gnutls_srtp_set_profile_direct} @deftypefun {int} {gnutls_srtp_set_profile_direct} (gnutls_session_t @var{session}, const char * @var{profiles}, const char ** @var{err_pos}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{profiles}: is a string that contains the supported SRTP profiles, separated by colons. -@var{err_pos}: In case of an error this will have the position in the string the error occurred, may be NULL. +@var{err_pos}: In case of an error this will have the position in the string the error occured, may be NULL. This function is to be used by both clients and servers, to declare what SRTP profiles they support, to negotiate with the peer. @@ -5749,77 +5093,6 @@ string. supplemental data format type, or @code{NULL} for unknown types. @end deftypefun -@subheading gnutls_supplemental_recv -@anchor{gnutls_supplemental_recv} -@deftypefun {void} {gnutls_supplemental_recv} (gnutls_session_t @var{session}, unsigned @var{do_recv_supplemental}) -@var{session}: is a @code{gnutls_session_t} type. - -@var{do_recv_supplemental}: non-zero in order to expect supplemental data - -This function is to be called by an extension handler to -instruct gnutls to attempt to receive supplemental data -during the handshake process. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_supplemental_register -@anchor{gnutls_supplemental_register} -@deftypefun {int} {gnutls_supplemental_register} (const char * @var{name}, gnutls_supplemental_data_format_type_t @var{type}, gnutls_supp_recv_func @var{recv_func}, gnutls_supp_send_func @var{send_func}) -@var{name}: the name of the supplemental data to register - -@var{type}: the type of the supplemental data format - -@var{recv_func}: the function to receive the data - -@var{send_func}: the function to send the data - -This function will register a new supplemental data type (rfc4680). -The registered data will remain until @code{gnutls_global_deinit()} -is called. The provided @code{type} must be an unassigned type in -@code{gnutls_supplemental_data_format_type_t} . If the type is already -registered or handled by GnuTLS internally @code{GNUTLS_E_ALREADY_REGISTERED} -will be returned. - -This function is not thread safe. - -@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_supplemental_send -@anchor{gnutls_supplemental_send} -@deftypefun {void} {gnutls_supplemental_send} (gnutls_session_t @var{session}, unsigned @var{do_send_supplemental}) -@var{session}: is a @code{gnutls_session_t} type. - -@var{do_send_supplemental}: -- undescribed -- - -This function is to be called by an extension handler to -instruct gnutls to send supplemental data during the handshake process. - -@strong{Since:} 3.4.0 -@end deftypefun - -@subheading gnutls_system_recv_timeout -@anchor{gnutls_system_recv_timeout} -@deftypefun {int} {gnutls_system_recv_timeout} (gnutls_transport_ptr_t @var{ptr}, unsigned int @var{ms}) -@var{ptr}: A gnutls_transport_ptr_t pointer - -@var{ms}: The number of milliseconds to wait. - -Wait for data to be received from the provided socket ( @code{ptr} ) within a -timeout period in milliseconds, using @code{select()} on the provided @code{ptr} . - -This function is provided as a helper for constructing custom -callbacks for @code{gnutls_transport_set_pull_timeout_function()} , -which can be used if you rely on socket file descriptors. - -Returns -1 on error, 0 on timeout, positive value if data are available for reading. - -@strong{Since:} 3.4.0 -@end deftypefun - @subheading gnutls_tdb_deinit @anchor{gnutls_tdb_deinit} @deftypefun {void} {gnutls_tdb_deinit} (gnutls_tdb_t @var{tdb}) @@ -5831,7 +5104,7 @@ This function will deinitialize a public key trust storage structure. @subheading gnutls_tdb_init @anchor{gnutls_tdb_init} @deftypefun {int} {gnutls_tdb_init} (gnutls_tdb_t * @var{tdb}) -@var{tdb}: A pointer to the type to be initialized +@var{tdb}: The structure to be initialized This function will initialize a public key trust storage structure. @@ -5849,11 +5122,9 @@ negative error value. This function will associate a commitment (hash) storage function with the trust storage structure. The function is of the following form. -int gnutls_tdb_store_commitment_func(const char* db_name, const char* host, +gnutls_tdb_store_commitment_func(const char* db_name, const char* host, const char* service, time_t expiration, gnutls_digest_algorithm_t, const gnutls_datum_t* hash); - -The @code{db_name} should be used to pass any private data to this function. @end deftypefun @subheading gnutls_tdb_set_store_func @@ -5866,11 +5137,9 @@ The @code{db_name} should be used to pass any private data to this function. This function will associate a storage function with the trust storage structure. The function is of the following form. -int gnutls_tdb_store_func(const char* db_name, const char* host, +gnutls_tdb_store_func(const char* db_name, const char* host, const char* service, time_t expiration, const gnutls_datum_t* pubkey); - -The @code{db_name} should be used to pass any private data to this function. @end deftypefun @subheading gnutls_tdb_set_verify_func @@ -5883,19 +5152,14 @@ The @code{db_name} should be used to pass any private data to this function. This function will associate a retrieval function with the trust storage structure. The function is of the following form. -int gnutls_tdb_verify_func(const char* db_name, const char* host, +gnutls_tdb_verify_func(const char* db_name, const char* host, const char* service, const gnutls_datum_t* pubkey); - -The verify function should return zero on a match, @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} -if there is a mismatch and any other negative error code otherwise. - -The @code{db_name} should be used to pass any private data to this function. @end deftypefun @subheading gnutls_transport_get_int @anchor{gnutls_transport_get_int} @deftypefun {int} {gnutls_transport_get_int} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Used to get the first argument of the transport function (like PUSH and PULL). This must have been set using @@ -5909,7 +5173,7 @@ PUSH and PULL). This must have been set using @subheading gnutls_transport_get_int2 @anchor{gnutls_transport_get_int2} @deftypefun {void} {gnutls_transport_get_int2} (gnutls_session_t @var{session}, int * @var{recv_int}, int * @var{send_int}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{recv_int}: will hold the value for the pull function @@ -5925,7 +5189,7 @@ and PULL). These should have been set using @subheading gnutls_transport_get_ptr @anchor{gnutls_transport_get_ptr} @deftypefun {gnutls_transport_ptr_t} {gnutls_transport_get_ptr} (gnutls_session_t @var{session}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. Used to get the first argument of the transport function (like PUSH and PULL). This must have been set using @@ -5937,7 +5201,7 @@ PUSH and PULL). This must have been set using @subheading gnutls_transport_get_ptr2 @anchor{gnutls_transport_get_ptr2} @deftypefun {void} {gnutls_transport_get_ptr2} (gnutls_session_t @var{session}, gnutls_transport_ptr_t * @var{recv_ptr}, gnutls_transport_ptr_t * @var{send_ptr}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{recv_ptr}: will hold the value for the pull function @@ -5951,12 +5215,12 @@ and PULL). These should have been set using @subheading gnutls_transport_set_errno @anchor{gnutls_transport_set_errno} @deftypefun {void} {gnutls_transport_set_errno} (gnutls_session_t @var{session}, int @var{err}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{err}: error value to store in session-specific errno variable. Store @code{err} in the session-specific errno variable. Useful values -for @code{err} are EINTR, EAGAIN and EMSGSIZE, other values are treated will be +for @code{err} is EAGAIN and EINTR, other values are treated will be treated as real errors in the push/pull function. This function is useful in replacement push and pull functions set by @@ -5969,7 +5233,7 @@ msvcr71.dll and gnutls is linked to msvcrt.dll). @subheading gnutls_transport_set_errno_function @anchor{gnutls_transport_set_errno_function} @deftypefun {void} {gnutls_transport_set_errno_function} (gnutls_session_t @var{session}, gnutls_errno_func @var{errno_func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{errno_func}: a callback function similar to @code{write()} @@ -5986,7 +5250,7 @@ and should return the errno. @subheading gnutls_transport_set_int @anchor{gnutls_transport_set_int} @deftypefun {void} {gnutls_transport_set_int} (gnutls_session_t @var{session}, int @var{i}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{i}: is the value. @@ -5999,7 +5263,7 @@ and pull callbacks) for berkeley style sockets. @subheading gnutls_transport_set_int2 @anchor{gnutls_transport_set_int2} @deftypefun {void} {gnutls_transport_set_int2} (gnutls_session_t @var{session}, int @var{recv_int}, int @var{send_int}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{recv_int}: is the value for the pull function @@ -6016,7 +5280,7 @@ pointers for receiving and sending. @subheading gnutls_transport_set_ptr @anchor{gnutls_transport_set_ptr} @deftypefun {void} {gnutls_transport_set_ptr} (gnutls_session_t @var{session}, gnutls_transport_ptr_t @var{ptr}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{ptr}: is the value. @@ -6028,7 +5292,7 @@ connection descriptor. @subheading gnutls_transport_set_ptr2 @anchor{gnutls_transport_set_ptr2} @deftypefun {void} {gnutls_transport_set_ptr2} (gnutls_session_t @var{session}, gnutls_transport_ptr_t @var{recv_ptr}, gnutls_transport_ptr_t @var{send_ptr}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{recv_ptr}: is the value for the pull function @@ -6043,7 +5307,7 @@ pointers for receiving and sending. @subheading gnutls_transport_set_pull_function @anchor{gnutls_transport_set_pull_function} @deftypefun {void} {gnutls_transport_set_pull_function} (gnutls_session_t @var{session}, gnutls_pull_func @var{pull_func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{pull_func}: a callback function similar to @code{read()} @@ -6060,7 +5324,7 @@ ssize_t (*gnutls_pull_func)(gnutls_transport_ptr_t, void*, size_t); @subheading gnutls_transport_set_pull_timeout_function @anchor{gnutls_transport_set_pull_timeout_function} @deftypefun {void} {gnutls_transport_set_pull_timeout_function} (gnutls_session_t @var{session}, gnutls_pull_timeout_func @var{func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{func}: a callback function @@ -6077,23 +5341,13 @@ zero if no data are immediately available. @code{gnutls_pull_timeout_func} is of the form, int (*gnutls_pull_timeout_func)(gnutls_transport_ptr_t, unsigned int ms); -This callback is necessary when @code{gnutls_handshake_set_timeout()} or -@code{gnutls_record_set_timeout()} are set. It will not be used when -non-blocking sockets are in use. That is, this function will -not operate when @code{GNUTLS_NONBLOCK} is specified in @code{gnutls_init()} , -or a custom pull function is registered without updating the -pull timeout function. - -The helper function @code{gnutls_system_recv_timeout()} is provided to -simplify writing callbacks. - @strong{Since:} 3.0 @end deftypefun @subheading gnutls_transport_set_push_function @anchor{gnutls_transport_set_push_function} @deftypefun {void} {gnutls_transport_set_push_function} (gnutls_session_t @var{session}, gnutls_push_func @var{push_func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{push_func}: a callback function similar to @code{write()} @@ -6112,7 +5366,7 @@ ssize_t (*gnutls_push_func)(gnutls_transport_ptr_t, const void*, size_t); @subheading gnutls_transport_set_vec_push_function @anchor{gnutls_transport_set_vec_push_function} @deftypefun {void} {gnutls_transport_set_vec_push_function} (gnutls_session_t @var{session}, gnutls_vec_push_func @var{vec_func}) -@var{session}: is a @code{gnutls_session_t} type. +@var{session}: is a @code{gnutls_session_t} structure. @var{vec_func}: a callback function similar to @code{writev()} diff --git a/doc/gnutls-guile.html b/doc/gnutls-guile.html index 26e6be1..c4ba107 100644 --- a/doc/gnutls-guile.html +++ b/doc/gnutls-guile.html @@ -1,7 +1,7 @@ - - + -GnuTLS-Guile 3.4.11 +GnuTLS-Guile 3.3.5 - - + + @@ -28,16 +28,16 @@ Documentation License". -->