3 @c gnutls_cipher_algorithm_t
5 @item GNUTLS_@-CIPHER_@-UNKNOWN
7 @item GNUTLS_@-CIPHER_@-NULL
9 @item GNUTLS_@-CIPHER_@-ARCFOUR_@-128
10 ARCFOUR stream cipher with 128-bit keys.
11 @item GNUTLS_@-CIPHER_@-3DES_@-CBC
13 @item GNUTLS_@-CIPHER_@-AES_@-128_@-CBC
14 AES in CBC mode with 128-bit keys.
15 @item GNUTLS_@-CIPHER_@-AES_@-256_@-CBC
16 AES in CBC mode with 256-bit keys.
17 @item GNUTLS_@-CIPHER_@-ARCFOUR_@-40
18 ARCFOUR stream cipher with 40-bit keys.
19 @item GNUTLS_@-CIPHER_@-CAMELLIA_@-128_@-CBC
20 Camellia in CBC mode with 128-bit keys.
21 @item GNUTLS_@-CIPHER_@-CAMELLIA_@-256_@-CBC
22 Camellia in CBC mode with 256-bit keys.
23 @item GNUTLS_@-CIPHER_@-RC2_@-40_@-CBC
24 RC2 in CBC mode with 40-bit keys.
25 @item GNUTLS_@-CIPHER_@-DES_@-CBC
26 DES in CBC mode (56-bit keys).
27 @item GNUTLS_@-CIPHER_@-AES_@-192_@-CBC
28 AES in CBC mode with 192-bit keys.
29 @item GNUTLS_@-CIPHER_@-AES_@-128_@-GCM
30 AES in GCM mode with 128-bit keys.
31 @item GNUTLS_@-CIPHER_@-AES_@-256_@-GCM
32 AES in GCM mode with 256-bit keys.
33 @item GNUTLS_@-CIPHER_@-CAMELLIA_@-192_@-CBC
34 Camellia in CBC mode with 192-bit keys.
35 @item GNUTLS_@-CIPHER_@-SALSA20_@-256
36 Salsa20 with 256-bit keys.
37 @item GNUTLS_@-CIPHER_@-ESTREAM_@-SALSA20_@-256
38 Estream's Salsa20 variant with 256-bit keys.
39 @item GNUTLS_@-CIPHER_@-CAMELLIA_@-128_@-GCM
40 CAMELLIA in GCM mode with 128-bit keys.
41 @item GNUTLS_@-CIPHER_@-CAMELLIA_@-256_@-GCM
42 CAMELLIA in GCM mode with 256-bit keys.
43 @item GNUTLS_@-CIPHER_@-IDEA_@-PGP_@-CFB
45 @item GNUTLS_@-CIPHER_@-3DES_@-PGP_@-CFB
47 @item GNUTLS_@-CIPHER_@-CAST5_@-PGP_@-CFB
49 @item GNUTLS_@-CIPHER_@-BLOWFISH_@-PGP_@-CFB
51 @item GNUTLS_@-CIPHER_@-SAFER_@-SK128_@-PGP_@-CFB
52 Safer-SK in CFB mode with 128-bit keys.
53 @item GNUTLS_@-CIPHER_@-AES128_@-PGP_@-CFB
54 AES in CFB mode with 128-bit keys.
55 @item GNUTLS_@-CIPHER_@-AES192_@-PGP_@-CFB
56 AES in CFB mode with 192-bit keys.
57 @item GNUTLS_@-CIPHER_@-AES256_@-PGP_@-CFB
58 AES in CFB mode with 256-bit keys.
59 @item GNUTLS_@-CIPHER_@-TWOFISH_@-PGP_@-CFB
63 @c gnutls_kx_algorithm_t
65 @item GNUTLS_@-KX_@-UNKNOWN
66 Unknown key-exchange algorithm.
67 @item GNUTLS_@-KX_@-RSA
68 RSA key-exchange algorithm.
69 @item GNUTLS_@-KX_@-DHE_@-DSS
70 DHE-DSS key-exchange algorithm.
71 @item GNUTLS_@-KX_@-DHE_@-RSA
72 DHE-RSA key-exchange algorithm.
73 @item GNUTLS_@-KX_@-ANON_@-DH
74 Anon-DH key-exchange algorithm.
75 @item GNUTLS_@-KX_@-SRP
76 SRP key-exchange algorithm.
77 @item GNUTLS_@-KX_@-RSA_@-EXPORT
78 RSA-EXPORT key-exchange algorithm (defunc).
79 @item GNUTLS_@-KX_@-SRP_@-RSA
80 SRP-RSA key-exchange algorithm.
81 @item GNUTLS_@-KX_@-SRP_@-DSS
82 SRP-DSS key-exchange algorithm.
83 @item GNUTLS_@-KX_@-PSK
84 PSK key-exchange algorithm.
85 @item GNUTLS_@-KX_@-DHE_@-PSK
86 DHE-PSK key-exchange algorithm.
87 @item GNUTLS_@-KX_@-ANON_@-ECDH
88 Anon-ECDH key-exchange algorithm.
89 @item GNUTLS_@-KX_@-ECDHE_@-RSA
90 ECDHE-RSA key-exchange algorithm.
91 @item GNUTLS_@-KX_@-ECDHE_@-ECDSA
92 ECDHE-ECDSA key-exchange algorithm.
93 @item GNUTLS_@-KX_@-ECDHE_@-PSK
94 ECDHE-PSK key-exchange algorithm.
95 @item GNUTLS_@-KX_@-RSA_@-PSK
96 RSA-PSK key-exchange algorithm.
99 @c gnutls_params_type_t
101 @item GNUTLS_@-PARAMS_@-RSA_@-EXPORT
102 Session RSA-EXPORT parameters (defunc).
103 @item GNUTLS_@-PARAMS_@-DH
104 Session Diffie-Hellman parameters.
105 @item GNUTLS_@-PARAMS_@-ECDH
106 Session Elliptic-Curve Diffie-Hellman parameters.
109 @c gnutls_credentials_type_t
111 @item GNUTLS_@-CRD_@-CERTIFICATE
112 Certificate credential.
113 @item GNUTLS_@-CRD_@-ANON
114 Anonymous credential.
115 @item GNUTLS_@-CRD_@-SRP
117 @item GNUTLS_@-CRD_@-PSK
119 @item GNUTLS_@-CRD_@-IA
123 @c gnutls_mac_algorithm_t
125 @item GNUTLS_@-MAC_@-UNKNOWN
126 Unknown MAC algorithm.
127 @item GNUTLS_@-MAC_@-NULL
128 NULL MAC algorithm (empty output).
129 @item GNUTLS_@-MAC_@-MD5
131 @item GNUTLS_@-MAC_@-SHA1
132 HMAC-SHA-1 algorithm.
133 @item GNUTLS_@-MAC_@-RMD160
134 HMAC-RMD160 algorithm.
135 @item GNUTLS_@-MAC_@-MD2
137 @item GNUTLS_@-MAC_@-SHA256
138 HMAC-SHA-256 algorithm.
139 @item GNUTLS_@-MAC_@-SHA384
140 HMAC-SHA-384 algorithm.
141 @item GNUTLS_@-MAC_@-SHA512
142 HMAC-SHA-512 algorithm.
143 @item GNUTLS_@-MAC_@-SHA224
144 HMAC-SHA-224 algorithm.
145 @item GNUTLS_@-MAC_@-AEAD
146 MAC implicit through AEAD cipher.
147 @item GNUTLS_@-MAC_@-UMAC_@-96
148 The UMAC-96 MAC algorithm.
149 @item GNUTLS_@-MAC_@-UMAC_@-128
150 The UMAC-128 MAC algorithm.
153 @c gnutls_digest_algorithm_t
155 @item GNUTLS_@-DIG_@-UNKNOWN
156 Unknown hash algorithm.
157 @item GNUTLS_@-DIG_@-NULL
158 NULL hash algorithm (empty output).
159 @item GNUTLS_@-DIG_@-MD5
161 @item GNUTLS_@-DIG_@-SHA1
163 @item GNUTLS_@-DIG_@-RMD160
165 @item GNUTLS_@-DIG_@-MD2
167 @item GNUTLS_@-DIG_@-SHA256
169 @item GNUTLS_@-DIG_@-SHA384
171 @item GNUTLS_@-DIG_@-SHA512
173 @item GNUTLS_@-DIG_@-SHA224
177 @c gnutls_compression_method_t
179 @item GNUTLS_@-COMP_@-UNKNOWN
180 Unknown compression method.
181 @item GNUTLS_@-COMP_@-NULL
182 The NULL compression method (no compression).
183 @item GNUTLS_@-COMP_@-DEFLATE
184 The DEFLATE compression method from zlib.
185 @item GNUTLS_@-COMP_@-ZLIB
186 Same as @code{GNUTLS_COMP_DEFLATE} .
189 @c gnutls_alert_level_t
191 @item GNUTLS_@-AL_@-WARNING
192 Alert of warning severity.
193 @item GNUTLS_@-AL_@-FATAL
194 Alert of fatal severity.
197 @c gnutls_alert_description_t
199 @item GNUTLS_@-A_@-CLOSE_@-NOTIFY
201 @item GNUTLS_@-A_@-UNEXPECTED_@-MESSAGE
203 @item GNUTLS_@-A_@-BAD_@-RECORD_@-MAC
205 @item GNUTLS_@-A_@-DECRYPTION_@-FAILED
207 @item GNUTLS_@-A_@-RECORD_@-OVERFLOW
209 @item GNUTLS_@-A_@-DECOMPRESSION_@-FAILURE
210 Decompression failed.
211 @item GNUTLS_@-A_@-HANDSHAKE_@-FAILURE
213 @item GNUTLS_@-A_@-SSL3_@-NO_@-CERTIFICATE
215 @item GNUTLS_@-A_@-BAD_@-CERTIFICATE
217 @item GNUTLS_@-A_@-UNSUPPORTED_@-CERTIFICATE
218 Certificate is not supported.
219 @item GNUTLS_@-A_@-CERTIFICATE_@-REVOKED
220 Certificate was revoked.
221 @item GNUTLS_@-A_@-CERTIFICATE_@-EXPIRED
222 Certificate is expired.
223 @item GNUTLS_@-A_@-CERTIFICATE_@-UNKNOWN
225 @item GNUTLS_@-A_@-ILLEGAL_@-PARAMETER
227 @item GNUTLS_@-A_@-UNKNOWN_@-CA
229 @item GNUTLS_@-A_@-ACCESS_@-DENIED
231 @item GNUTLS_@-A_@-DECODE_@-ERROR
233 @item GNUTLS_@-A_@-DECRYPT_@-ERROR
235 @item GNUTLS_@-A_@-EXPORT_@-RESTRICTION
237 @item GNUTLS_@-A_@-PROTOCOL_@-VERSION
238 Error in protocol version.
239 @item GNUTLS_@-A_@-INSUFFICIENT_@-SECURITY
240 Insufficient security.
241 @item GNUTLS_@-A_@-INTERNAL_@-ERROR
243 @item GNUTLS_@-A_@-USER_@-CANCELED
245 @item GNUTLS_@-A_@-NO_@-RENEGOTIATION
246 No renegotiation is allowed.
247 @item GNUTLS_@-A_@-UNSUPPORTED_@-EXTENSION
248 An unsupported extension was
250 @item GNUTLS_@-A_@-CERTIFICATE_@-UNOBTAINABLE
251 Could not retrieve the
252 specified certificate.
253 @item GNUTLS_@-A_@-UNRECOGNIZED_@-NAME
254 The server name sent was not
256 @item GNUTLS_@-A_@-UNKNOWN_@-PSK_@-IDENTITY
257 The SRP/PSK username is missing
259 @item GNUTLS_@-A_@-NO_@-APPLICATION_@-PROTOCOL
260 The ALPN protocol requested is
261 not supported by the peer.
264 @c gnutls_handshake_description_t
266 @item GNUTLS_@-HANDSHAKE_@-HELLO_@-REQUEST
268 @item GNUTLS_@-HANDSHAKE_@-CLIENT_@-HELLO
270 @item GNUTLS_@-HANDSHAKE_@-SERVER_@-HELLO
272 @item GNUTLS_@-HANDSHAKE_@-HELLO_@-VERIFY_@-REQUEST
273 DTLS Hello verify request.
274 @item GNUTLS_@-HANDSHAKE_@-NEW_@-SESSION_@-TICKET
276 @item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-PKT
278 @item GNUTLS_@-HANDSHAKE_@-SERVER_@-KEY_@-EXCHANGE
280 @item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-REQUEST
282 @item GNUTLS_@-HANDSHAKE_@-SERVER_@-HELLO_@-DONE
284 @item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-VERIFY
286 @item GNUTLS_@-HANDSHAKE_@-CLIENT_@-KEY_@-EXCHANGE
288 @item GNUTLS_@-HANDSHAKE_@-FINISHED
290 @item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-STATUS
291 Certificate status (OCSP).
292 @item GNUTLS_@-HANDSHAKE_@-SUPPLEMENTAL
294 @item GNUTLS_@-HANDSHAKE_@-CHANGE_@-CIPHER_@-SPEC
296 @item GNUTLS_@-HANDSHAKE_@-CLIENT_@-HELLO_@-V2
300 @c gnutls_certificate_status_t
302 @item GNUTLS_@-CERT_@-INVALID
303 The certificate is not signed by one of the
304 known authorities or the signature is invalid (deprecated by the flags
305 @code{GNUTLS_CERT_SIGNATURE_FAILURE} and @code{GNUTLS_CERT_SIGNER_NOT_FOUND} ).
306 @item GNUTLS_@-CERT_@-REVOKED
307 Certificate is revoked by its authority. In X.509 this will be
308 set only if CRLs are checked.
309 @item GNUTLS_@-CERT_@-SIGNER_@-NOT_@-FOUND
310 The certificate's issuer is not known.
311 This is the case if the issuer is not included in the trusted certificate list.
312 @item GNUTLS_@-CERT_@-SIGNER_@-NOT_@-CA
313 The certificate's signer was not a CA. This
314 may happen if this was a version 1 certificate, which is common with
315 some CAs, or a version 3 certificate without the basic constrains extension.
316 @item GNUTLS_@-CERT_@-INSECURE_@-ALGORITHM
317 The certificate was signed using an insecure
318 algorithm such as MD2 or MD5. These algorithms have been broken and
319 should not be trusted.
320 @item GNUTLS_@-CERT_@-NOT_@-ACTIVATED
321 The certificate is not yet activated.
322 @item GNUTLS_@-CERT_@-EXPIRED
323 The certificate has expired.
324 @item GNUTLS_@-CERT_@-SIGNATURE_@-FAILURE
325 The signature verification failed.
326 @item GNUTLS_@-CERT_@-REVOCATION_@-DATA_@-SUPERSEDED
327 The revocation data are old and have been superseded.
328 @item GNUTLS_@-CERT_@-UNEXPECTED_@-OWNER
329 The owner is not the expected one.
330 @item GNUTLS_@-CERT_@-REVOCATION_@-DATA_@-ISSUED_@-IN_@-FUTURE
331 The revocation data have a future issue date.
332 @item GNUTLS_@-CERT_@-SIGNER_@-CONSTRAINTS_@-FAILURE
333 The certificate's signer constraints were
335 @item GNUTLS_@-CERT_@-MISMATCH
336 The certificate presented isn't the expected one (TOFU)
339 @c gnutls_certificate_request_t
341 @item GNUTLS_@-CERT_@-IGNORE
343 @item GNUTLS_@-CERT_@-REQUEST
345 @item GNUTLS_@-CERT_@-REQUIRE
349 @c gnutls_openpgp_crt_status_t
351 @item GNUTLS_@-OPENPGP_@-CERT
352 Send entire certificate.
353 @item GNUTLS_@-OPENPGP_@-CERT_@-FINGERPRINT
354 Send only certificate fingerprint.
357 @c gnutls_close_request_t
359 @item GNUTLS_@-SHUT_@-RDWR
360 Disallow further receives/sends.
361 @item GNUTLS_@-SHUT_@-WR
362 Disallow further sends.
369 @item GNUTLS_@-TLS1_@-0
372 Same as @code{GNUTLS_TLS1_0} .
373 @item GNUTLS_@-TLS1_@-1
375 @item GNUTLS_@-TLS1_@-2
377 @item GNUTLS_@-DTLS0_@-9
378 DTLS version 0.9 (Cisco AnyConnect / OpenSSL 0.9.8e).
379 @item GNUTLS_@-DTLS1_@-0
381 @item GNUTLS_@-DTLS1_@-2
383 @item GNUTLS_@-DTLS_@-VERSION_@-MIN
385 @item GNUTLS_@-DTLS_@-VERSION_@-MAX
387 @item GNUTLS_@-TLS_@-VERSION_@-MAX
389 @item GNUTLS_@-VERSION_@-UNKNOWN
390 Unknown SSL/TLS version.
393 @c gnutls_certificate_type_t
395 @item GNUTLS_@-CRT_@-UNKNOWN
396 Unknown certificate type.
397 @item GNUTLS_@-CRT_@-X509
399 @item GNUTLS_@-CRT_@-OPENPGP
401 @item GNUTLS_@-CRT_@-RAW
402 Raw public key (SubjectPublicKey)
405 @c gnutls_x509_crt_fmt_t
407 @item GNUTLS_@-X509_@-FMT_@-DER
408 X.509 certificate in DER format (binary).
409 @item GNUTLS_@-X509_@-FMT_@-PEM
410 X.509 certificate in PEM format (text).
413 @c gnutls_certificate_print_formats_t
415 @item GNUTLS_@-CRT_@-PRINT_@-FULL
416 Full information about certificate.
417 @item GNUTLS_@-CRT_@-PRINT_@-ONELINE
418 Information about certificate in one line.
419 @item GNUTLS_@-CRT_@-PRINT_@-UNSIGNED_@-FULL
420 All info for an unsigned certificate.
421 @item GNUTLS_@-CRT_@-PRINT_@-COMPACT
422 Information about certificate name in one line, plus identification of the public key.
423 @item GNUTLS_@-CRT_@-PRINT_@-FULL_@-NUMBERS
424 Full information about certificate and include easy to parse public key parameters.
427 @c gnutls_pk_algorithm_t
429 @item GNUTLS_@-PK_@-UNKNOWN
430 Unknown public-key algorithm.
431 @item GNUTLS_@-PK_@-RSA
432 RSA public-key algorithm.
433 @item GNUTLS_@-PK_@-DSA
434 DSA public-key algorithm.
435 @item GNUTLS_@-PK_@-DH
436 Diffie-Hellman algorithm. Used to generate parameters.
437 @item GNUTLS_@-PK_@-EC
438 Elliptic curve algorithm. Used to generate parameters.
441 @c gnutls_sign_algorithm_t
443 @item GNUTLS_@-SIGN_@-UNKNOWN
444 Unknown signature algorithm.
445 @item GNUTLS_@-SIGN_@-RSA_@-SHA1
446 Digital signature algorithm RSA with SHA-1
447 @item GNUTLS_@-SIGN_@-RSA_@-SHA
448 Same as @code{GNUTLS_SIGN_RSA_SHA1} .
449 @item GNUTLS_@-SIGN_@-DSA_@-SHA1
450 Digital signature algorithm DSA with SHA-1
451 @item GNUTLS_@-SIGN_@-DSA_@-SHA
452 Same as @code{GNUTLS_SIGN_DSA_SHA1} .
453 @item GNUTLS_@-SIGN_@-RSA_@-MD5
454 Digital signature algorithm RSA with MD5.
455 @item GNUTLS_@-SIGN_@-RSA_@-MD2
456 Digital signature algorithm RSA with MD2.
457 @item GNUTLS_@-SIGN_@-RSA_@-RMD160
458 Digital signature algorithm RSA with RMD-160.
459 @item GNUTLS_@-SIGN_@-RSA_@-SHA256
460 Digital signature algorithm RSA with SHA-256.
461 @item GNUTLS_@-SIGN_@-RSA_@-SHA384
462 Digital signature algorithm RSA with SHA-384.
463 @item GNUTLS_@-SIGN_@-RSA_@-SHA512
464 Digital signature algorithm RSA with SHA-512.
465 @item GNUTLS_@-SIGN_@-RSA_@-SHA224
466 Digital signature algorithm RSA with SHA-224.
467 @item GNUTLS_@-SIGN_@-DSA_@-SHA224
468 Digital signature algorithm DSA with SHA-224
469 @item GNUTLS_@-SIGN_@-DSA_@-SHA256
470 Digital signature algorithm DSA with SHA-256
471 @item GNUTLS_@-SIGN_@-ECDSA_@-SHA1
473 @item GNUTLS_@-SIGN_@-ECDSA_@-SHA224
474 Digital signature algorithm ECDSA with SHA-224.
475 @item GNUTLS_@-SIGN_@-ECDSA_@-SHA256
476 Digital signature algorithm ECDSA with SHA-256.
477 @item GNUTLS_@-SIGN_@-ECDSA_@-SHA384
478 Digital signature algorithm ECDSA with SHA-384.
479 @item GNUTLS_@-SIGN_@-ECDSA_@-SHA512
480 Digital signature algorithm ECDSA with SHA-512.
481 @item GNUTLS_@-SIGN_@-DSA_@-SHA384
482 Digital signature algorithm DSA with SHA-384
483 @item GNUTLS_@-SIGN_@-DSA_@-SHA512
484 Digital signature algorithm DSA with SHA-512
487 @c gnutls_ecc_curve_t
489 @item GNUTLS_@-ECC_@-CURVE_@-INVALID
491 @item GNUTLS_@-ECC_@-CURVE_@-SECP224R1
493 @item GNUTLS_@-ECC_@-CURVE_@-SECP256R1
495 @item GNUTLS_@-ECC_@-CURVE_@-SECP384R1
497 @item GNUTLS_@-ECC_@-CURVE_@-SECP521R1
499 @item GNUTLS_@-ECC_@-CURVE_@-SECP192R1
503 @c gnutls_sec_param_t
505 @item GNUTLS_@-SEC_@-PARAM_@-INSECURE
506 Less than 42 bits of security
507 @item GNUTLS_@-SEC_@-PARAM_@-EXPORT
509 @item GNUTLS_@-SEC_@-PARAM_@-VERY_@-WEAK
511 @item GNUTLS_@-SEC_@-PARAM_@-WEAK
513 @item GNUTLS_@-SEC_@-PARAM_@-UNKNOWN
515 @item GNUTLS_@-SEC_@-PARAM_@-LOW
517 @item GNUTLS_@-SEC_@-PARAM_@-LEGACY
519 @item GNUTLS_@-SEC_@-PARAM_@-MEDIUM
520 112 bits of security (used to be @code{GNUTLS_SEC_PARAM_NORMAL} )
521 @item GNUTLS_@-SEC_@-PARAM_@-HIGH
523 @item GNUTLS_@-SEC_@-PARAM_@-ULTRA
527 @c gnutls_channel_binding_t
529 @item GNUTLS_@-CB_@-TLS_@-UNIQUE
530 "tls-unique" (RFC 5929) channel binding
533 @c gnutls_server_name_type_t
535 @item GNUTLS_@-NAME_@-DNS
536 Domain Name System name type.
539 @c gnutls_supplemental_data_format_type_t
541 @item GNUTLS_@-SUPPLEMENTAL_@-USER_@-MAPPING_@-DATA
542 Supplemental user mapping data.
545 @c gnutls_srtp_profile_t
547 @item GNUTLS_@-SRTP_@-AES128_@-CM_@-HMAC_@-SHA1_@-80
548 128 bit AES with a 80 bit HMAC-SHA1
549 @item GNUTLS_@-SRTP_@-AES128_@-CM_@-HMAC_@-SHA1_@-32
550 128 bit AES with a 32 bit HMAC-SHA1
551 @item GNUTLS_@-SRTP_@-NULL_@-HMAC_@-SHA1_@-80
552 NULL cipher with a 80 bit HMAC-SHA1
553 @item GNUTLS_@-SRTP_@-NULL_@-HMAC_@-SHA1_@-32
554 NULL cipher with a 32 bit HMAC-SHA1
557 @c gnutls_psk_key_flags
559 @item GNUTLS_@-PSK_@-KEY_@-RAW
560 PSK-key in raw format.
561 @item GNUTLS_@-PSK_@-KEY_@-HEX
562 PSK-key in hex format.
565 @c gnutls_x509_subject_alt_name_t
567 @item GNUTLS_@-SAN_@-DNSNAME
569 @item GNUTLS_@-SAN_@-RFC822NAME
571 @item GNUTLS_@-SAN_@-URI
573 @item GNUTLS_@-SAN_@-IPADDRESS
575 @item GNUTLS_@-SAN_@-OTHERNAME
577 @item GNUTLS_@-SAN_@-DN
579 @item GNUTLS_@-SAN_@-OTHERNAME_@-XMPP
581 gnutls_x509_crt_get_subject_alt_othername_oid.
584 @c gnutls_privkey_type_t
586 @item GNUTLS_@-PRIVKEY_@-X509
587 X.509 private key, @code{gnutls_x509_privkey_t} .
588 @item GNUTLS_@-PRIVKEY_@-OPENPGP
589 OpenPGP private key, @code{gnutls_openpgp_privkey_t} .
590 @item GNUTLS_@-PRIVKEY_@-PKCS11
591 PKCS11 private key, @code{gnutls_pkcs11_privkey_t} .
592 @item GNUTLS_@-PRIVKEY_@-EXT
593 External private key, operating using callbacks.
596 @c gnutls_vdata_types_t
598 @item GNUTLS_@-DT_@-UNKNOWN
600 @item GNUTLS_@-DT_@-DNS_@-HOSTNAME
601 The data contain a null-terminated DNS hostname.
602 @item GNUTLS_@-DT_@-KEY_@-PURPOSE_@-OID
603 The data contain a null-terminated key purpose OID.
608 @item GNUTLS_@-PIN_@-USER
609 The PIN for the user.
610 @item GNUTLS_@-PIN_@-SO
611 The PIN for the security officer (admin).
612 @item GNUTLS_@-PIN_@-FINAL_@-TRY
613 This is the final try before blocking.
614 @item GNUTLS_@-PIN_@-COUNT_@-LOW
615 Few tries remain before token blocks.
616 @item GNUTLS_@-PIN_@-CONTEXT_@-SPECIFIC
617 The PIN is for a specific action and key like signing.
618 @item GNUTLS_@-PIN_@-WRONG
619 Last given PIN was not correct.
623 @deftypefun {typedef} {int} (* @var{gnutls_pin_callback_t})
624 @var{gnutls_pin_callback_t}: -- undescribed --
626 Callback function type for PKCS@code{11} or TPM PIN entry. It is set by
627 functions like @code{gnutls_pkcs11_set_pin_function()} .
629 The callback should provides the PIN code to unlock the token with
630 label @code{token_label} , specified by the URL @code{token_url} .
632 The PIN code, as a NUL-terminated ASCII string, should be copied
633 into the @code{pin} buffer (of maximum size @code{pin_max} ), and return 0 to
634 indicate success. Alternatively, the callback may return a
635 negative gnutls error code to indicate failure and cancel PIN entry
636 (in which case, the contents of the @code{pin} parameter are ignored).
638 When a PIN is required, the callback will be invoked repeatedly
639 (and indefinitely) until either the returned PIN code is correct,
640 the callback returns failure, or the token refuses login (e.g. when
641 the token is locked due to too many incorrect PINs!). For the
642 first such invocation, the @code{attempt} counter will have value zero;
643 it will increase by one for each subsequent attempt.
645 @strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error.
647 @strong{Since:} 2.12.0
651 @c gnutls_certificate_import_flags
653 @item GNUTLS_@-X509_@-CRT_@-LIST_@-IMPORT_@-FAIL_@-IF_@-EXCEED
655 certificates in the buffer are more than the space allocated for
656 certificates. The error code will be @code{GNUTLS_E_SHORT_MEMORY_BUFFER} .
657 @item GNUTLS_@-X509_@-CRT_@-LIST_@-FAIL_@-IF_@-UNSORTED
658 Fail if the certificates
659 in the buffer are not ordered starting from subject to issuer.
660 The error code will be @code{GNUTLS_E_CERTIFICATE_LIST_UNSORTED} .
663 @c gnutls_certificate_verify_flags
665 @item GNUTLS_@-VERIFY_@-DISABLE_@-CA_@-SIGN
666 If set a signer does not have to be
667 a certificate authority. This flag should normally be disabled,
668 unless you know what this means.
669 @item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-SAME
670 If a certificate is not signed by
671 anyone trusted but exists in the trusted CA list do not treat it
673 @item GNUTLS_@-VERIFY_@-ALLOW_@-ANY_@-X509_@-V1_@-CA_@-CRT
674 Allow CA certificates that
675 have version 1 (both root and intermediate). This might be
676 dangerous since those haven't the basicConstraints
678 @item GNUTLS_@-VERIFY_@-ALLOW_@-SIGN_@-RSA_@-MD2
679 Allow certificates to be signed
680 using the broken MD2 algorithm.
681 @item GNUTLS_@-VERIFY_@-ALLOW_@-SIGN_@-RSA_@-MD5
682 Allow certificates to be signed
683 using the broken MD5 algorithm.
684 @item GNUTLS_@-VERIFY_@-DISABLE_@-TIME_@-CHECKS
685 Disable checking of activation
686 and expiration validity periods of certificate chains. Don't set
687 this unless you understand the security implications.
688 @item GNUTLS_@-VERIFY_@-DISABLE_@-TRUSTED_@-TIME_@-CHECKS
689 If set a signer in the trusted
690 list is never checked for expiration or activation.
691 @item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-X509_@-V1_@-CA_@-CRT
692 Do not allow trusted CA
693 certificates that have version 1. This option is to be used
694 to deprecate all certificates of version 1.
695 @item GNUTLS_@-VERIFY_@-DISABLE_@-CRL_@-CHECKS
696 Disable checking for validity
697 using certificate revocation lists or the available OCSP data.
698 @item GNUTLS_@-VERIFY_@-ALLOW_@-UNSORTED_@-CHAIN
699 A certificate chain is tolerated
700 if unsorted (the case with many TLS servers out there). This is the
701 default since GnuTLS 3.1.4.
702 @item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-UNSORTED_@-CHAIN
703 Do not tolerate an unsorted
705 @item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-WILDCARDS
706 When including a hostname
707 check in the verification, do not consider any wildcards.
710 @c gnutls_certificate_verification_profiles_t
712 @item GNUTLS_@-PROFILE_@-VERY_@-WEAK
713 A verification profile that
714 corresponds to @code{GNUTLS_SEC_PARAM_VERY_WEAK} (64 bits)
715 @item GNUTLS_@-PROFILE_@-LOW
716 A verification profile that
717 corresponds to @code{GNUTLS_SEC_PARAM_LOW} (80 bits)
718 @item GNUTLS_@-PROFILE_@-LEGACY
719 A verification profile that
720 corresponds to @code{GNUTLS_SEC_PARAM_LEGACY} (96 bits)
721 @item GNUTLS_@-PROFILE_@-MEDIUM
722 A verification profile that
723 corresponds to @code{GNUTLS_SEC_PARAM_MEDIUM} (112 bits)
724 @item GNUTLS_@-PROFILE_@-HIGH
725 A verification profile that
726 corresponds to @code{GNUTLS_SEC_PARAM_HIGH} (128 bits)
727 @item GNUTLS_@-PROFILE_@-ULTRA
728 A verification profile that
729 corresponds to @code{GNUTLS_SEC_PARAM_ULTRA} (256 bits)
730 @item GNUTLS_@-PROFILE_@-SUITEB128
731 A verification profile that
732 applies the SUITEB128 rules
733 @item GNUTLS_@-PROFILE_@-SUITEB192
734 A verification profile that
735 applies the SUITEB192 rules
738 @c gnutls_pkcs_encrypt_flags_t
740 @item GNUTLS_@-PKCS_@-PLAIN
741 Unencrypted private key.
742 @item GNUTLS_@-PKCS_@-PKCS12_@-3DES
744 @item GNUTLS_@-PKCS_@-PKCS12_@-ARCFOUR
746 @item GNUTLS_@-PKCS_@-PKCS12_@-RC2_@-40
748 @item GNUTLS_@-PKCS_@-PBES2_@-3DES
750 @item GNUTLS_@-PKCS_@-PBES2_@-AES_@-128
752 @item GNUTLS_@-PKCS_@-PBES2_@-AES_@-192
754 @item GNUTLS_@-PKCS_@-PBES2_@-AES_@-256
756 @item GNUTLS_@-PKCS_@-NULL_@-PASSWORD
757 Some schemas distinguish between an empty and a NULL password.
758 @item GNUTLS_@-PKCS_@-PBES2_@-DES
762 @c gnutls_openpgp_crt_fmt_t
764 @item GNUTLS_@-OPENPGP_@-FMT_@-RAW
765 OpenPGP certificate in raw format.
766 @item GNUTLS_@-OPENPGP_@-FMT_@-BASE64
767 OpenPGP certificate in base64 format.
771 @deftypefun {typedef} {int} (* @var{gnutls_openpgp_recv_key_func})
772 @var{gnutls_openpgp_recv_key_func}: -- undescribed --
774 A callback of this type is used to retrieve OpenPGP keys. Only
775 useful on the server, and will only be used if the peer send a key
776 fingerprint instead of a full key. See also
777 @code{gnutls_openpgp_set_recv_key_function()} .
779 The variable @code{key} must be allocated using @code{gnutls_malloc()} .
781 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,
782 otherwise an error code is returned.
786 @c gnutls_pkcs12_bag_type_t
788 @item GNUTLS_@-BAG_@-EMPTY
790 @item GNUTLS_@-BAG_@-PKCS8_@-ENCRYPTED_@-KEY
791 PKCS-12 bag with PKCS-8 encrypted key.
792 @item GNUTLS_@-BAG_@-PKCS8_@-KEY
793 PKCS-12 bag with PKCS-8 key.
794 @item GNUTLS_@-BAG_@-CERTIFICATE
795 PKCS-12 bag with certificate.
796 @item GNUTLS_@-BAG_@-CRL
797 PKCS-12 bag with CRL.
798 @item GNUTLS_@-BAG_@-SECRET
799 PKCS-12 bag with secret PKCS-9 keys.
800 @item GNUTLS_@-BAG_@-ENCRYPTED
801 Encrypted PKCS-12 bag.
802 @item GNUTLS_@-BAG_@-UNKNOWN
807 @deftypefun {typedef} {int} (* @var{gnutls_pkcs11_token_callback_t})
808 @var{gnutls_pkcs11_token_callback_t}: -- undescribed --
810 Token callback function. The callback will be used to ask the user
811 to re-insert the token with given (null terminated) label. The
812 callback should return zero if token has been inserted by user and
813 a negative error code otherwise. It might be called multiple times
814 if the token is not detected and the retry counter will be
817 @strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code
820 @strong{Since:} 2.12.0
824 @c gnutls_pkcs11_obj_flags
826 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-LOGIN
827 Force login in the token for the operation.
828 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-TRUSTED
829 object marked as trusted.
830 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-SENSITIVE
831 object marked as sensitive (unexportable).
832 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-LOGIN_@-SO
833 force login as a security officer in the token for the operation.
834 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-PRIVATE
835 marked as private (requires PIN to access).
836 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-NOT_@-PRIVATE
837 marked as not private.
838 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-ANY
839 When retrieving an object, do not set any requirements.
840 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-TRUSTED
841 When retrieving an object, only retrieve the marked as trusted.
842 In @code{gnutls_pkcs11_crt_is_known()} it implies @code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_COMPARE} if @code{GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY} is not given.
843 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-DISTRUSTED
844 When retrieving an object, only retrieve the marked as distrusted.
845 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-COMPARE
846 When checking an object's presence, fully compare it before returning any result.
847 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PRESENT_@-IN_@-TRUSTED_@-MODULE
848 The object must be present in a marked as trusted module.
849 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-CA
850 Mark the object as a CA.
851 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-KEY_@-WRAP
852 Mark the generated key pair as wrapping and unwrapping keys.
853 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-COMPARE_@-KEY
854 When checking an object's presence, compare the key before returning any result.
855 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-OVERWRITE_@-TRUSTMOD_@-EXT
856 When an issuer is requested, override its extensions with the ones present in the trust module.
857 @item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-NO_@-STORE_@-PUBKEY
858 When generating a keypair don't store the public key (store).
861 @c gnutls_pkcs11_url_type_t
863 @item GNUTLS_@-PKCS11_@-URL_@-GENERIC
864 A generic-purpose URL.
865 @item GNUTLS_@-PKCS11_@-URL_@-LIB
866 A URL that specifies the library used as well.
867 @item GNUTLS_@-PKCS11_@-URL_@-LIB_@-VERSION
868 A URL that specifies the library and its version.
871 @c gnutls_pkcs11_obj_info_t
873 @item GNUTLS_@-PKCS11_@-OBJ_@-ID_@-HEX
874 The object ID in hex.
875 @item GNUTLS_@-PKCS11_@-OBJ_@-LABEL
877 @item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-LABEL
879 @item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-SERIAL
880 The token's serial number.
881 @item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-MANUFACTURER
882 The token's manufacturer.
883 @item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-MODEL
885 @item GNUTLS_@-PKCS11_@-OBJ_@-ID
887 @item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-VERSION
888 The library's used to access the object version.
889 @item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-DESCRIPTION
890 The library's used to access the object description (name).
891 @item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-MANUFACTURER
892 The library's used to access the object manufacturer name.
895 @c gnutls_pkcs11_obj_attr_t
897 @item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-CRT_@-ALL
898 Specify all certificates in the specified token.
899 @item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-CRT_@-TRUSTED
900 Specify all certificates marked as trusted in the specified token.
901 @item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-CRT_@-WITH_@-PRIVKEY
902 Specify all certificates with a corresponding private key in the specified token.
903 @item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-PUBKEY
904 Specify all public keys in the specified token.
905 @item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-PRIVKEY
906 Specify all private keys in the specified token.
907 @item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-ALL
908 Specify all objects in the specified token.
909 @item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-CRT_@-TRUSTED_@-CA
910 Specify all certificates marked as trusted and are CAs in the specified token.
911 @item GNUTLS_@-PKCS11_@-OBJ_@-ATTR_@-MATCH
912 Only the objects that match the URL.
915 @c gnutls_pkcs11_token_info_t
917 @item GNUTLS_@-PKCS11_@-TOKEN_@-LABEL
918 The token's label (string)
919 @item GNUTLS_@-PKCS11_@-TOKEN_@-SERIAL
920 The token's serial number (string)
921 @item GNUTLS_@-PKCS11_@-TOKEN_@-MANUFACTURER
922 The token's manufacturer (string)
923 @item GNUTLS_@-PKCS11_@-TOKEN_@-MODEL
924 The token's model (string)
927 @c gnutls_pkcs11_obj_type_t
929 @item GNUTLS_@-PKCS11_@-OBJ_@-UNKNOWN
930 Unknown PKCS11 object.
931 @item GNUTLS_@-PKCS11_@-OBJ_@-X509_@-CRT
933 @item GNUTLS_@-PKCS11_@-OBJ_@-PUBKEY
935 @item GNUTLS_@-PKCS11_@-OBJ_@-PRIVKEY
937 @item GNUTLS_@-PKCS11_@-OBJ_@-SECRET_@-KEY
939 @item GNUTLS_@-PKCS11_@-OBJ_@-DATA
941 @item GNUTLS_@-PKCS11_@-OBJ_@-X509_@-CRT_@-EXTENSION
942 X.509 certificate extension (supported by p11-kit trust module only).
945 @c gnutls_pubkey_flags_t
947 @item GNUTLS_@-PUBKEY_@-VERIFY_@-FLAG_@-TLS1_@-RSA
948 This indicates that a (raw) RSA signature is provided
949 as in the TLS 1.0 protocol.
950 @item GNUTLS_@-PUBKEY_@-DISABLE_@-CALLBACKS
951 The following flag disables call to PIN callbacks. Only
952 relevant to TPM keys.
953 @item GNUTLS_@-PUBKEY_@-GET_@-OPENPGP_@-FINGERPRINT
954 request an OPENPGP fingerprint instead of the default.
957 @c gnutls_privkey_flags_t
959 @item GNUTLS_@-PRIVKEY_@-IMPORT_@-AUTO_@-RELEASE
960 When importing a private key, automatically
961 release it when the structure it was imported is released.
962 @item GNUTLS_@-PRIVKEY_@-IMPORT_@-COPY
963 Copy required values during import.
964 @item GNUTLS_@-PRIVKEY_@-DISABLE_@-CALLBACKS
965 The following flag disables call to PIN callbacks etc.
966 Only relevant to TPM keys.
967 @item GNUTLS_@-PRIVKEY_@-SIGN_@-FLAG_@-TLS1_@-RSA
968 Make an RSA signature on the hashed data as in the TLS protocol.
971 @c gnutls_rnd_level_t
973 @item GNUTLS_@-RND_@-NONCE
974 Non-predictable random number. Fatal in parts
975 of session if broken, i.e., vulnerable to statistical analysis.
976 @item GNUTLS_@-RND_@-RANDOM
977 Pseudo-random cryptographic random number.
978 Fatal in session if broken.
979 @item GNUTLS_@-RND_@-KEY
980 Fatal in many sessions if broken.
983 @c gnutls_ocsp_print_formats_t
985 @item GNUTLS_@-OCSP_@-PRINT_@-FULL
986 Full information about OCSP request/response.
987 @item GNUTLS_@-OCSP_@-PRINT_@-COMPACT
988 More compact information about OCSP request/response.
991 @c gnutls_ocsp_resp_status_t
993 @item GNUTLS_@-OCSP_@-RESP_@-SUCCESSFUL
994 Response has valid confirmations.
995 @item GNUTLS_@-OCSP_@-RESP_@-MALFORMEDREQUEST
996 Illegal confirmation request
997 @item GNUTLS_@-OCSP_@-RESP_@-INTERNALERROR
998 Internal error in issuer
999 @item GNUTLS_@-OCSP_@-RESP_@-TRYLATER
1001 @item GNUTLS_@-OCSP_@-RESP_@-SIGREQUIRED
1002 Must sign the request
1003 @item GNUTLS_@-OCSP_@-RESP_@-UNAUTHORIZED
1004 Request unauthorized
1007 @c gnutls_ocsp_cert_status_t
1009 @item GNUTLS_@-OCSP_@-CERT_@-GOOD
1010 Positive response to status inquiry.
1011 @item GNUTLS_@-OCSP_@-CERT_@-REVOKED
1012 Certificate has been revoked.
1013 @item GNUTLS_@-OCSP_@-CERT_@-UNKNOWN
1014 The responder doesn't know about the
1018 @c gnutls_x509_crl_reason_t
1020 @item GNUTLS_@-X509_@-CRLREASON_@-UNSPECIFIED
1022 @item GNUTLS_@-X509_@-CRLREASON_@-KEYCOMPROMISE
1023 Private key compromised.
1024 @item GNUTLS_@-X509_@-CRLREASON_@-CACOMPROMISE
1026 @item GNUTLS_@-X509_@-CRLREASON_@-AFFILIATIONCHANGED
1027 Affiliation has changed.
1028 @item GNUTLS_@-X509_@-CRLREASON_@-SUPERSEDED
1029 Certificate superseded.
1030 @item GNUTLS_@-X509_@-CRLREASON_@-CESSATIONOFOPERATION
1031 Operation has ceased.
1032 @item GNUTLS_@-X509_@-CRLREASON_@-CERTIFICATEHOLD
1033 Certificate is on hold.
1034 @item GNUTLS_@-X509_@-CRLREASON_@-REMOVEFROMCRL
1035 Will be removed from delta CRL.
1036 @item GNUTLS_@-X509_@-CRLREASON_@-PRIVILEGEWITHDRAWN
1037 Privilege withdrawn.
1038 @item GNUTLS_@-X509_@-CRLREASON_@-AACOMPROMISE
1042 @c gnutls_ocsp_verify_reason_t
1044 @item GNUTLS_@-OCSP_@-VERIFY_@-SIGNER_@-NOT_@-FOUND
1045 Signer cert not found.
1046 @item GNUTLS_@-OCSP_@-VERIFY_@-SIGNER_@-KEYUSAGE_@-ERROR
1047 Signer keyusage bits incorrect.
1048 @item GNUTLS_@-OCSP_@-VERIFY_@-UNTRUSTED_@-SIGNER
1049 Signer is not trusted.
1050 @item GNUTLS_@-OCSP_@-VERIFY_@-INSECURE_@-ALGORITHM
1051 Signature using insecure algorithm.
1052 @item GNUTLS_@-OCSP_@-VERIFY_@-SIGNATURE_@-FAILURE
1054 @item GNUTLS_@-OCSP_@-VERIFY_@-CERT_@-NOT_@-ACTIVATED
1055 Signer cert is not yet activated.
1056 @item GNUTLS_@-OCSP_@-VERIFY_@-CERT_@-EXPIRED
1057 Signer cert has expired.
1060 @c gnutls_tpmkey_fmt_t
1062 @item GNUTLS_@-TPMKEY_@-FMT_@-RAW
1063 The portable data format.
1064 @item GNUTLS_@-TPMKEY_@-FMT_@-DER
1065 An alias for the raw format.
1066 @item GNUTLS_@-TPMKEY_@-FMT_@-CTK_@-PEM
1067 A custom data format used by some TPM tools.
1070 @c dane_cert_usage_t
1072 @item DANE_@-CERT_@-USAGE_@-CA
1073 CA constraint. The certificate/key
1074 presented must have signed the verified key.
1075 @item DANE_@-CERT_@-USAGE_@-EE
1076 The key or the certificate of the end
1078 @item DANE_@-CERT_@-USAGE_@-LOCAL_@-CA
1079 The remote CA is local and possibly
1080 untrusted by the verifier.
1081 @item DANE_@-CERT_@-USAGE_@-LOCAL_@-EE
1082 The remote end-entity key is local
1083 and possibly untrusted by the verifier (not signed by a CA).
1088 @item DANE_@-CERT_@-X509
1089 An X.509 certificate.
1090 @item DANE_@-CERT_@-PK
1094 @c dane_match_type_t
1096 @item DANE_@-MATCH_@-EXACT
1098 @item DANE_@-MATCH_@-SHA2_@-256
1099 A SHA-256 hash of the content.
1100 @item DANE_@-MATCH_@-SHA2_@-512
1101 A SHA-512 hash of the content.
1104 @c dane_query_status_t
1106 @item DANE_@-QUERY_@-UNKNOWN
1108 @item DANE_@-QUERY_@-DNSSEC_@-VERIFIED
1109 The query was verified using DNSSEC.
1110 @item DANE_@-QUERY_@-BOGUS
1111 The query has wrong DNSSEC signature.
1112 @item DANE_@-QUERY_@-NO_@-DNSSEC
1113 The query has no DNSSEC data.
1116 @c dane_state_flags_t
1118 @item DANE_@-F_@-IGNORE_@-LOCAL_@-RESOLVER
1119 Many systems are not DNSSEC-ready. In that case the local resolver is ignored, and a direct recursive resolve occurs.
1120 @item DANE_@-F_@-INSECURE
1121 Ignore any DNSSEC signature verification errors.
1122 @item DANE_@-F_@-IGNORE_@-DNSSEC
1123 Do not try to initialize DNSSEC as we will not use it (will then not try to load the DNSSEC root certificate). Useful if the TLSA data does not come from DNS.
1126 @c dane_verify_flags_t
1128 @item DANE_@-VFLAG_@-FAIL_@-IF_@-NOT_@-CHECKED
1129 If irrelevant to this certificate DANE entries are received fail instead of succeeding.
1130 @item DANE_@-VFLAG_@-ONLY_@-CHECK_@-EE_@-USAGE
1131 The provided certificates will be verified only against any EE field. Combine with @code{DANE_VFLAG_FAIL_IF_NOT_CHECKED} to fail if EE entries are not present.
1132 @item DANE_@-VFLAG_@-ONLY_@-CHECK_@-CA_@-USAGE
1133 The provided certificates will be verified only against any CA field. Combine with @code{DANE_VFLAG_FAIL_IF_NOT_CHECKED} to fail if CA entries are not present.
1136 @c dane_verify_status_t
1138 @item DANE_@-VERIFY_@-CA_@-CONSTRAINTS_@-VIOLATED
1139 The CA constraints were violated.
1140 @item DANE_@-VERIFY_@-CERT_@-DIFFERS
1141 The certificate obtained via DNS differs.
1142 @item DANE_@-VERIFY_@-UNKNOWN_@-DANE_@-INFO
1143 No known DANE data was found in the DNS record.