1 This is gnutls.info, produced by makeinfo version 6.3 from gnutls.texi.
3 This manual is last updated 23 March 2015 for version 3.3.27 of GnuTLS.
5 Copyright (C) 2001-2013 Free Software Foundation, Inc.\\ Copyright (C)
6 2001-2013 Nikos Mavrogiannopoulos
8 Permission is granted to copy, distribute and/or modify this
9 document under the terms of the GNU Free Documentation License,
10 Version 1.3 or any later version published by the Free Software
11 Foundation; with no Invariant Sections, no Front-Cover Texts, and
12 no Back-Cover Texts. A copy of the license is included in the
13 section entitled "GNU Free Documentation License".
14 INFO-DIR-SECTION Software libraries
16 * GnuTLS: (gnutls). GNU Transport Layer Security Library.
19 INFO-DIR-SECTION System Administration
21 * certtool: (gnutls)Invoking certtool. Manipulate certificates and keys.
22 * gnutls-serv: (gnutls)Invoking gnutls-serv. GnuTLS test server.
23 * gnutls-cli: (gnutls)Invoking gnutls-cli. GnuTLS test client.
24 * gnutls-cli-debug: (gnutls)Invoking gnutls-cli-debug. GnuTLS debug client.
25 * psktool: (gnutls)Invoking psktool. Simple TLS-Pre-Shared-Keys manager.
26 * srptool: (gnutls)Invoking srptool. Simple SRP password tool.
30 File: gnutls.info, Node: TPM API, Next: Abstract key API, Prev: PKCS 11 API, Up: API reference
35 The following functions are to be used for TPM handling. Their
36 prototypes lie in 'gnutls/tpm.h'.
38 gnutls_tpm_get_registered
39 -------------------------
41 -- Function: int gnutls_tpm_get_registered (gnutls_tpm_key_list_t *
43 LIST: a list to store the keys
45 This function will get a list of stored keys in the TPM. The uuid
48 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
49 otherwise a negative error value.
53 gnutls_tpm_key_list_deinit
54 --------------------------
56 -- Function: void gnutls_tpm_key_list_deinit (gnutls_tpm_key_list_t
58 LIST: a list of the keys
60 This function will deinitialize the list of stored keys in the TPM.
64 gnutls_tpm_key_list_get_url
65 ---------------------------
67 -- Function: int gnutls_tpm_key_list_get_url (gnutls_tpm_key_list_t
68 LIST, unsigned int IDX, char ** URL, unsigned int FLAGS)
69 LIST: a list of the keys
71 IDX: The index of the key (starting from zero)
73 URL: The URL to be returned
77 This function will return for each given index a URL of the
78 corresponding key. If the provided index is out of bounds then
79 'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' is returned.
81 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
82 otherwise a negative error value.
86 gnutls_tpm_privkey_delete
87 -------------------------
89 -- Function: int gnutls_tpm_privkey_delete (const char * URL, const
91 URL: the URL describing the key
93 SRK_PASSWORD: a password for the SRK key
95 This function will unregister the private key from the TPM chip.
97 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
98 otherwise a negative error value.
102 gnutls_tpm_privkey_generate
103 ---------------------------
105 -- Function: int gnutls_tpm_privkey_generate (gnutls_pk_algorithm_t PK,
106 unsigned int BITS, const char * SRK_PASSWORD, const char *
107 KEY_PASSWORD, gnutls_tpmkey_fmt_t FORMAT,
108 gnutls_x509_crt_fmt_t PUB_FORMAT, gnutls_datum_t * PRIVKEY,
109 gnutls_datum_t * PUBKEY, unsigned int FLAGS)
110 PK: the public key algorithm
112 BITS: the security bits
114 SRK_PASSWORD: a password to protect the exported key (optional)
116 KEY_PASSWORD: the password for the TPM (optional)
118 FORMAT: the format of the private key
120 PUB_FORMAT: the format of the public key
122 PRIVKEY: the generated key
124 PUBKEY: the corresponding public key (may be null)
126 FLAGS: should be a list of GNUTLS_TPM_* flags
128 This function will generate a private key in the TPM chip. The
129 private key will be generated within the chip and will be exported
130 in a wrapped with TPM's master key form. Furthermore the wrapped
131 key can be protected with the provided 'password' .
133 Note that bits in TPM is quantized value. If the input value is
134 not one of the allowed values, then it will be quantized to one of
135 512, 1024, 2048, 4096, 8192 and 16384.
139 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
140 otherwise a negative error value.
145 File: gnutls.info, Node: Abstract key API, Next: DANE API, Prev: TPM API, Up: API reference
150 The following functions are to be used for abstract key handling. Their
151 prototypes lie in 'gnutls/abstract.h'.
153 gnutls_certificate_set_key
154 --------------------------
156 -- Function: int gnutls_certificate_set_key
157 (gnutls_certificate_credentials_t RES, const char ** NAMES,
158 int NAMES_SIZE, gnutls_pcert_st * PCERT_LIST, int
159 PCERT_LIST_SIZE, gnutls_privkey_t KEY)
160 RES: is a 'gnutls_certificate_credentials_t' structure.
162 NAMES: is an array of DNS name of the certificate (NULL if none)
164 NAMES_SIZE: holds the size of the names list
166 PCERT_LIST: contains a certificate list (path) for the specified
169 PCERT_LIST_SIZE: holds the size of the certificate list
171 KEY: is a 'gnutls_privkey_t' key
173 This function sets a certificate/private key pair in the
174 gnutls_certificate_credentials_t structure. This function may be
175 called more than once, in case multiple keys/certificates exist for
176 the server. For clients that wants to send more than its own end
177 entity certificate (e.g., also an intermediate CA cert) then put
178 the certificate chain in 'pcert_list' .
180 Note that the 'pcert_list' and 'key' will become part of the
181 credentials structure and must not be deallocated. They will be
182 automatically deallocated when the 'res' structure is
185 If that function fails to load the 'res' structure is at an
186 undefined state, it must not be reused to load other keys or
189 *Returns:* 'GNUTLS_E_SUCCESS' (0) on success, or a negative error
194 gnutls_certificate_set_retrieve_function2
195 -----------------------------------------
197 -- Function: void gnutls_certificate_set_retrieve_function2
198 (gnutls_certificate_credentials_t CRED,
199 gnutls_certificate_retrieve_function2 * FUNC)
200 CRED: is a 'gnutls_certificate_credentials_t' structure.
202 FUNC: is the callback function
204 This function sets a callback to be called in order to retrieve the
205 certificate to be used in the handshake.
207 The callback's function prototype is: int
208 (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int
209 nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length,
210 gnutls_pcert_st** pcert, unsigned int *pcert_length,
211 gnutls_privkey_t * pkey);
213 'req_ca_dn' is only used in X.509 certificates. Contains a list
214 with the CA names that the server considers trusted. Normally we
215 should send a certificate that is signed by one of these CAs.
216 These names are DER encoded. To get a more meaningful value use
217 the function 'gnutls_x509_rdn_get()' .
219 'pk_algos' contains a list with server's acceptable signature
220 algorithms. The certificate returned should support the server's
223 'pcert' should contain a single certificate and public key or a
226 'pcert_length' is the size of the previous list.
228 'pkey' is the private key.
230 If the callback function is provided then gnutls will call it, in
231 the handshake, after the certificate request message has been
232 received. All the provided by the callback values will not be
233 released or modified by gnutls.
235 In server side pk_algos and req_ca_dn are NULL.
237 The callback function should set the certificate list to be sent,
238 and return 0 on success. If no certificate was selected then the
239 number of certificates should be set to zero. The value (-1)
240 indicates error and the handshake will be terminated.
247 -- Function: void gnutls_pcert_deinit (gnutls_pcert_st * PCERT)
248 PCERT: The structure to be deinitialized
250 This function will deinitialize a pcert structure.
254 gnutls_pcert_import_openpgp
255 ---------------------------
257 -- Function: int gnutls_pcert_import_openpgp (gnutls_pcert_st * PCERT,
258 gnutls_openpgp_crt_t CRT, unsigned int FLAGS)
259 PCERT: The pcert structure
261 CRT: The raw certificate to be imported
265 This convenience function will import the given certificate to a
266 'gnutls_pcert_st' structure. The structure must be deinitialized
267 afterwards using 'gnutls_pcert_deinit()' ;
269 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
270 otherwise a negative error value.
274 gnutls_pcert_import_openpgp_raw
275 -------------------------------
277 -- Function: int gnutls_pcert_import_openpgp_raw (gnutls_pcert_st *
278 PCERT, const gnutls_datum_t * CERT, gnutls_openpgp_crt_fmt_t
279 FORMAT, gnutls_openpgp_keyid_t KEYID, unsigned int FLAGS)
280 PCERT: The pcert structure
282 CERT: The raw certificate to be imported
284 FORMAT: The format of the certificate
286 KEYID: The key ID to use (NULL for the master key)
290 This convenience function will import the given certificate to a
291 'gnutls_pcert_st' structure. The structure must be deinitialized
292 afterwards using 'gnutls_pcert_deinit()' ;
294 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
295 otherwise a negative error value.
299 gnutls_pcert_import_x509
300 ------------------------
302 -- Function: int gnutls_pcert_import_x509 (gnutls_pcert_st * PCERT,
303 gnutls_x509_crt_t CRT, unsigned int FLAGS)
304 PCERT: The pcert structure
306 CRT: The raw certificate to be imported
310 This convenience function will import the given certificate to a
311 'gnutls_pcert_st' structure. The structure must be deinitialized
312 afterwards using 'gnutls_pcert_deinit()' ;
314 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
315 otherwise a negative error value.
319 gnutls_pcert_import_x509_raw
320 ----------------------------
322 -- Function: int gnutls_pcert_import_x509_raw (gnutls_pcert_st * PCERT,
323 const gnutls_datum_t * CERT, gnutls_x509_crt_fmt_t FORMAT,
325 PCERT: The pcert structure
327 CERT: The raw certificate to be imported
329 FORMAT: The format of the certificate
333 This convenience function will import the given certificate to a
334 'gnutls_pcert_st' structure. The structure must be deinitialized
335 afterwards using 'gnutls_pcert_deinit()' ;
337 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
338 otherwise a negative error value.
342 gnutls_pcert_list_import_x509_raw
343 ---------------------------------
345 -- Function: int gnutls_pcert_list_import_x509_raw (gnutls_pcert_st *
346 PCERTS, unsigned int * PCERT_MAX, const gnutls_datum_t * DATA,
347 gnutls_x509_crt_fmt_t FORMAT, unsigned int FLAGS)
348 PCERTS: The structures to store the parsed certificate. Must not
351 PCERT_MAX: Initially must hold the maximum number of certs. It
352 will be updated with the number of certs available.
354 DATA: The certificates.
356 FORMAT: One of DER or PEM.
358 FLAGS: must be (0) or an OR'd sequence of
359 gnutls_certificate_import_flags.
361 This function will convert the given PEM encoded certificate list
362 to the native gnutls_x509_crt_t format. The output will be stored
363 in 'certs' . They will be automatically initialized.
365 If the Certificate is PEM encoded it should have a header of "X509
366 CERTIFICATE", or "CERTIFICATE".
368 *Returns:* the number of certificates read or a negative error
373 gnutls_privkey_decrypt_data
374 ---------------------------
376 -- Function: int gnutls_privkey_decrypt_data (gnutls_privkey_t KEY,
377 unsigned int FLAGS, const gnutls_datum_t * CIPHERTEXT,
378 gnutls_datum_t * PLAINTEXT)
383 CIPHERTEXT: holds the data to be decrypted
385 PLAINTEXT: will contain the decrypted data, allocated with
388 This function will decrypt the given data using the algorithm
389 supported by the private key.
391 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
392 otherwise a negative error value.
396 gnutls_privkey_deinit
397 ---------------------
399 -- Function: void gnutls_privkey_deinit (gnutls_privkey_t KEY)
400 KEY: The structure to be deinitialized
402 This function will deinitialize a private key structure.
406 gnutls_privkey_export_dsa_raw
407 -----------------------------
409 -- Function: int gnutls_privkey_export_dsa_raw (gnutls_privkey_t KEY,
410 gnutls_datum_t * P, gnutls_datum_t * Q, gnutls_datum_t * G,
411 gnutls_datum_t * Y, gnutls_datum_t * X)
412 KEY: Holds the public key
424 This function will export the DSA private key's parameters found in
425 the given structure. The new parameters will be allocated using
426 'gnutls_malloc()' and will be stored in the appropriate datum.
428 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise a negative
433 gnutls_privkey_export_ecc_raw
434 -----------------------------
436 -- Function: int gnutls_privkey_export_ecc_raw (gnutls_privkey_t KEY,
437 gnutls_ecc_curve_t * CURVE, gnutls_datum_t * X, gnutls_datum_t
438 * Y, gnutls_datum_t * K)
439 KEY: Holds the public key
441 CURVE: will hold the curve
443 X: will hold the x coordinate
445 Y: will hold the y coordinate
447 K: will hold the private key
449 This function will export the ECC private key's parameters found in
450 the given structure. The new parameters will be allocated using
451 'gnutls_malloc()' and will be stored in the appropriate datum.
453 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise a negative
458 gnutls_privkey_export_rsa_raw
459 -----------------------------
461 -- Function: int gnutls_privkey_export_rsa_raw (gnutls_privkey_t KEY,
462 gnutls_datum_t * M, gnutls_datum_t * E, gnutls_datum_t * D,
463 gnutls_datum_t * P, gnutls_datum_t * Q, gnutls_datum_t * U,
464 gnutls_datum_t * E1, gnutls_datum_t * E2)
465 KEY: Holds the certificate
467 M: will hold the modulus
469 E: will hold the public exponent
471 D: will hold the private exponent
473 P: will hold the first prime (p)
475 Q: will hold the second prime (q)
477 U: will hold the coefficient
479 E1: will hold e1 = d mod (p-1)
481 E2: will hold e2 = d mod (q-1)
483 This function will export the RSA private key's parameters found in
484 the given structure. The new parameters will be allocated using
485 'gnutls_malloc()' and will be stored in the appropriate datum.
487 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise a negative
492 gnutls_privkey_generate
493 -----------------------
495 -- Function: int gnutls_privkey_generate (gnutls_privkey_t PKEY,
496 gnutls_pk_algorithm_t ALGO, unsigned int BITS, unsigned int
498 PKEY: The private key
500 ALGO: is one of the algorithms in 'gnutls_pk_algorithm_t' .
502 BITS: the size of the modulus
504 FLAGS: unused for now. Must be 0.
506 This function will generate a random private key. Note that this
507 function must be called on an empty private key.
509 Note that when generating an elliptic curve key, the curve can be
510 substituted in the place of the bits parameter using the
511 'GNUTLS_CURVE_TO_BITS()' macro.
513 Do not set the number of bits directly, use
514 'gnutls_sec_param_to_pk_bits()' .
516 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
517 otherwise a negative error value.
521 gnutls_privkey_get_pk_algorithm
522 -------------------------------
524 -- Function: int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t KEY,
526 KEY: should contain a 'gnutls_privkey_t' structure
528 BITS: If set will return the number of bits of the parameters (may
531 This function will return the public key algorithm of a private key
532 and if possible will return a number of bits that indicates the
533 security parameter of the key.
535 *Returns:* a member of the 'gnutls_pk_algorithm_t' enumeration on
536 success, or a negative error code on error.
540 gnutls_privkey_get_type
541 -----------------------
543 -- Function: gnutls_privkey_type_t gnutls_privkey_get_type
544 (gnutls_privkey_t KEY)
545 KEY: should contain a 'gnutls_privkey_t' structure
547 This function will return the type of the private key. This is
548 actually the type of the subsystem used to set this private key.
550 *Returns:* a member of the 'gnutls_privkey_type_t' enumeration on
551 success, or a negative error code on error.
555 gnutls_privkey_import_dsa_raw
556 -----------------------------
558 -- Function: int gnutls_privkey_import_dsa_raw (gnutls_privkey_t KEY,
559 const gnutls_datum_t * P, const gnutls_datum_t * Q, const
560 gnutls_datum_t * G, const gnutls_datum_t * Y, const
562 KEY: The structure to store the parsed key
574 This function will convert the given DSA raw parameters to the
575 native 'gnutls_privkey_t' format. The output will be stored in
578 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
579 otherwise a negative error value.
581 gnutls_privkey_import_ecc_raw
582 -----------------------------
584 -- Function: int gnutls_privkey_import_ecc_raw (gnutls_privkey_t KEY,
585 gnutls_ecc_curve_t CURVE, const gnutls_datum_t * X, const
586 gnutls_datum_t * Y, const gnutls_datum_t * K)
587 KEY: The structure to store the parsed key
589 CURVE: holds the curve
597 This function will convert the given elliptic curve parameters to
598 the native 'gnutls_privkey_t' format. The output will be stored in
601 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
602 otherwise a negative error value.
606 gnutls_privkey_import_ext
607 -------------------------
609 -- Function: int gnutls_privkey_import_ext (gnutls_privkey_t PKEY,
610 gnutls_pk_algorithm_t PK, void * USERDATA,
611 gnutls_privkey_sign_func SIGN_FUNC,
612 gnutls_privkey_decrypt_func DECRYPT_FUNC, unsigned int FLAGS)
613 PKEY: The private key
615 PK: The public key algorithm
617 USERDATA: private data to be provided to the callbacks
619 SIGN_FUNC: callback for signature operations
621 DECRYPT_FUNC: callback for decryption operations
623 FLAGS: Flags for the import
625 This function will associate the given callbacks with the
626 'gnutls_privkey_t' structure. At least one of the two callbacks
629 See also 'gnutls_privkey_import_ext2()' .
631 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
632 otherwise a negative error value.
636 gnutls_privkey_import_ext2
637 --------------------------
639 -- Function: int gnutls_privkey_import_ext2 (gnutls_privkey_t PKEY,
640 gnutls_pk_algorithm_t PK, void * USERDATA,
641 gnutls_privkey_sign_func SIGN_FUNC,
642 gnutls_privkey_decrypt_func DECRYPT_FUNC,
643 gnutls_privkey_deinit_func DEINIT_FUNC, unsigned int FLAGS)
644 PKEY: The private key
646 PK: The public key algorithm
648 USERDATA: private data to be provided to the callbacks
650 SIGN_FUNC: callback for signature operations
652 DECRYPT_FUNC: callback for decryption operations
654 DEINIT_FUNC: a deinitialization function
656 FLAGS: Flags for the import
658 This function will associate the given callbacks with the
659 'gnutls_privkey_t' structure. At least one of the two callbacks
660 must be non-null. If a deinitialization function is provided then
661 flags is assumed to contain 'GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE' .
663 Note that the signing function is supposed to "raw" sign data,
664 i.e., without any hashing or preprocessing. In case of RSA the
665 DigestInfo will be provided, and the signing function is expected
666 to do the PKCS '1' 1.5 padding and the exponentiation.
668 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
669 otherwise a negative error value.
673 gnutls_privkey_import_openpgp
674 -----------------------------
676 -- Function: int gnutls_privkey_import_openpgp (gnutls_privkey_t PKEY,
677 gnutls_openpgp_privkey_t KEY, unsigned int FLAGS)
678 PKEY: The private key
680 KEY: The private key to be imported
682 FLAGS: Flags for the import
684 This function will import the given private key to the abstract
685 'gnutls_privkey_t' structure.
687 The 'gnutls_openpgp_privkey_t' object must not be deallocated
688 during the lifetime of this structure. The subkey set as preferred
689 will be used, or the master key otherwise.
691 'flags' might be zero or one of
692 'GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE' and
693 'GNUTLS_PRIVKEY_IMPORT_COPY' .
695 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
696 otherwise a negative error value.
700 gnutls_privkey_import_openpgp_raw
701 ---------------------------------
703 -- Function: int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t
704 PKEY, const gnutls_datum_t * DATA, gnutls_openpgp_crt_fmt_t
705 FORMAT, const gnutls_openpgp_keyid_t KEYID, const char *
707 PKEY: The private key
709 DATA: The private key data to be imported
711 FORMAT: The format of the private key
713 KEYID: The key id to use (optional)
715 PASSWORD: A password (optional)
717 This function will import the given private key to the abstract
718 'gnutls_privkey_t' structure.
720 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
721 otherwise a negative error value.
725 gnutls_privkey_import_pkcs11
726 ----------------------------
728 -- Function: int gnutls_privkey_import_pkcs11 (gnutls_privkey_t PKEY,
729 gnutls_pkcs11_privkey_t KEY, unsigned int FLAGS)
730 PKEY: The private key
732 KEY: The private key to be imported
734 FLAGS: Flags for the import
736 This function will import the given private key to the abstract
737 'gnutls_privkey_t' structure.
739 The 'gnutls_pkcs11_privkey_t' object must not be deallocated during
740 the lifetime of this structure.
742 'flags' might be zero or one of
743 'GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE' and
744 'GNUTLS_PRIVKEY_IMPORT_COPY' .
746 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
747 otherwise a negative error value.
751 gnutls_privkey_import_pkcs11_url
752 --------------------------------
754 -- Function: int gnutls_privkey_import_pkcs11_url (gnutls_privkey_t
755 KEY, const char * URL)
756 KEY: A key of type 'gnutls_pubkey_t'
760 This function will import a PKCS 11 private key to a
761 'gnutls_private_key_t' structure.
763 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
764 otherwise a negative error value.
768 gnutls_privkey_import_rsa_raw
769 -----------------------------
771 -- Function: int gnutls_privkey_import_rsa_raw (gnutls_privkey_t KEY,
772 const gnutls_datum_t * M, const gnutls_datum_t * E, const
773 gnutls_datum_t * D, const gnutls_datum_t * P, const
774 gnutls_datum_t * Q, const gnutls_datum_t * U, const
775 gnutls_datum_t * E1, const gnutls_datum_t * E2)
776 KEY: The structure to store the parsed key
780 E: holds the public exponent
782 D: holds the private exponent
784 P: holds the first prime (p)
786 Q: holds the second prime (q)
788 U: holds the coefficient (optional)
790 E1: holds e1 = d mod (p-1) (optional)
792 E2: holds e2 = d mod (q-1) (optional)
794 This function will convert the given RSA raw parameters to the
795 native 'gnutls_privkey_t' format. The output will be stored in
798 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
799 otherwise a negative error value.
801 gnutls_privkey_import_tpm_raw
802 -----------------------------
804 -- Function: int gnutls_privkey_import_tpm_raw (gnutls_privkey_t PKEY,
805 const gnutls_datum_t * FDATA, gnutls_tpmkey_fmt_t FORMAT,
806 const char * SRK_PASSWORD, const char * KEY_PASSWORD, unsigned
808 PKEY: The private key
810 FDATA: The TPM key to be imported
812 FORMAT: The format of the private key
814 SRK_PASSWORD: The password for the SRK key (optional)
816 KEY_PASSWORD: A password for the key (optional)
818 FLAGS: should be zero
820 This function will import the given private key to the abstract
821 'gnutls_privkey_t' structure.
823 With respect to passwords the same as in
824 'gnutls_privkey_import_tpm_url()' apply.
826 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
827 otherwise a negative error value.
831 gnutls_privkey_import_tpm_url
832 -----------------------------
834 -- Function: int gnutls_privkey_import_tpm_url (gnutls_privkey_t PKEY,
835 const char * URL, const char * SRK_PASSWORD, const char *
836 KEY_PASSWORD, unsigned int FLAGS)
837 PKEY: The private key
839 URL: The URL of the TPM key to be imported
841 SRK_PASSWORD: The password for the SRK key (optional)
843 KEY_PASSWORD: A password for the key (optional)
845 FLAGS: One of the GNUTLS_PRIVKEY_* flags
847 This function will import the given private key to the abstract
848 'gnutls_privkey_t' structure.
850 Note that unless 'GNUTLS_PRIVKEY_DISABLE_CALLBACKS' is specified,
851 if incorrect (or NULL) passwords are given the PKCS11 callback
852 functions will be used to obtain the correct passwords. Otherwise
853 if the SRK password is wrong 'GNUTLS_E_TPM_SRK_PASSWORD_ERROR' is
854 returned and if the key password is wrong or not provided then
855 'GNUTLS_E_TPM_KEY_PASSWORD_ERROR' is returned.
857 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
858 otherwise a negative error value.
862 gnutls_privkey_import_url
863 -------------------------
865 -- Function: int gnutls_privkey_import_url (gnutls_privkey_t KEY, const
866 char * URL, unsigned int FLAGS)
867 KEY: A key of type 'gnutls_privkey_t'
871 FLAGS: should be zero
873 This function will import a PKCS11 or TPM URL as a private key.
874 The supported URL types can be checked using
875 'gnutls_url_is_supported()' .
877 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
878 otherwise a negative error value.
882 gnutls_privkey_import_x509
883 --------------------------
885 -- Function: int gnutls_privkey_import_x509 (gnutls_privkey_t PKEY,
886 gnutls_x509_privkey_t KEY, unsigned int FLAGS)
887 PKEY: The private key
889 KEY: The private key to be imported
891 FLAGS: Flags for the import
893 This function will import the given private key to the abstract
894 'gnutls_privkey_t' structure.
896 The 'gnutls_x509_privkey_t' object must not be deallocated during
897 the lifetime of this structure.
899 'flags' might be zero or one of
900 'GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE' and
901 'GNUTLS_PRIVKEY_IMPORT_COPY' .
903 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
904 otherwise a negative error value.
908 gnutls_privkey_import_x509_raw
909 ------------------------------
911 -- Function: int gnutls_privkey_import_x509_raw (gnutls_privkey_t PKEY,
912 const gnutls_datum_t * DATA, gnutls_x509_crt_fmt_t FORMAT,
913 const char * PASSWORD, unsigned int FLAGS)
914 PKEY: The private key
916 DATA: The private key data to be imported
918 FORMAT: The format of the private key
920 PASSWORD: A password (optional)
922 FLAGS: an ORed sequence of gnutls_pkcs_encrypt_flags_t
924 This function will import the given private key to the abstract
925 'gnutls_privkey_t' structure.
927 The supported formats are basic unencrypted key, PKCS8, PKCS12, and
930 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
931 otherwise a negative error value.
938 -- Function: int gnutls_privkey_init (gnutls_privkey_t * KEY)
939 KEY: The structure to be initialized
941 This function will initialize an private key structure.
943 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
944 otherwise a negative error value.
948 gnutls_privkey_set_pin_function
949 -------------------------------
951 -- Function: void gnutls_privkey_set_pin_function (gnutls_privkey_t
952 KEY, gnutls_pin_callback_t FN, void * USERDATA)
953 KEY: A key of type 'gnutls_privkey_t'
957 USERDATA: data associated with the callback
959 This function will set a callback function to be used when required
960 to access the object. This function overrides any other global PIN
963 Note that this function must be called right after initialization
968 gnutls_privkey_sign_data
969 ------------------------
971 -- Function: int gnutls_privkey_sign_data (gnutls_privkey_t SIGNER,
972 gnutls_digest_algorithm_t HASH, unsigned int FLAGS, const
973 gnutls_datum_t * DATA, gnutls_datum_t * SIGNATURE)
974 SIGNER: Holds the key
976 HASH: should be a digest algorithm
978 FLAGS: Zero or one of 'gnutls_privkey_flags_t'
980 DATA: holds the data to be signed
982 SIGNATURE: will contain the signature allocate with
985 This function will sign the given data using a signature algorithm
986 supported by the private key. Signature algorithms are always used
987 together with a hash functions. Different hash functions may be
988 used for the RSA algorithm, but only the SHA family for the DSA
991 You may use 'gnutls_pubkey_get_preferred_hash_algorithm()' to
992 determine the hash algorithm.
994 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
995 otherwise a negative error value.
999 gnutls_privkey_sign_hash
1000 ------------------------
1002 -- Function: int gnutls_privkey_sign_hash (gnutls_privkey_t SIGNER,
1003 gnutls_digest_algorithm_t HASH_ALGO, unsigned int FLAGS, const
1004 gnutls_datum_t * HASH_DATA, gnutls_datum_t * SIGNATURE)
1005 SIGNER: Holds the signer's key
1007 HASH_ALGO: The hash algorithm used
1009 FLAGS: Zero or one of 'gnutls_privkey_flags_t'
1011 HASH_DATA: holds the data to be signed
1013 SIGNATURE: will contain newly allocated signature
1015 This function will sign the given hashed data using a signature
1016 algorithm supported by the private key. Signature algorithms are
1017 always used together with a hash functions. Different hash
1018 functions may be used for the RSA algorithm, but only SHA-XXX for
1021 You may use 'gnutls_pubkey_get_preferred_hash_algorithm()' to
1022 determine the hash algorithm.
1024 Note that if 'GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA' flag is specified
1025 this function will ignore 'hash_algo' and perform a raw PKCS1
1028 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1029 otherwise a negative error value.
1033 gnutls_privkey_status
1034 ---------------------
1036 -- Function: int gnutls_privkey_status (gnutls_privkey_t KEY)
1039 Checks the status of the private key token. This function is an
1040 actual wrapper over 'gnutls_pkcs11_privkey_status()' , and if the
1041 private key is a PKCS '11' token it will check whether it is
1044 *Returns:* this function will return non-zero if the token holding
1045 the private key is still available (inserted), and zero otherwise.
1049 gnutls_privkey_verify_params
1050 ----------------------------
1052 -- Function: int gnutls_privkey_verify_params (gnutls_privkey_t KEY)
1053 KEY: should contain a 'gnutls_privkey_t' structure
1055 This function will verify the private key parameters.
1057 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1058 otherwise a negative error value.
1062 gnutls_pubkey_deinit
1063 --------------------
1065 -- Function: void gnutls_pubkey_deinit (gnutls_pubkey_t KEY)
1066 KEY: The structure to be deinitialized
1068 This function will deinitialize a public key structure.
1072 gnutls_pubkey_encrypt_data
1073 --------------------------
1075 -- Function: int gnutls_pubkey_encrypt_data (gnutls_pubkey_t KEY,
1076 unsigned int FLAGS, const gnutls_datum_t * PLAINTEXT,
1077 gnutls_datum_t * CIPHERTEXT)
1078 KEY: Holds the public key
1080 FLAGS: should be 0 for now
1082 PLAINTEXT: The data to be encrypted
1084 CIPHERTEXT: contains the encrypted data
1086 This function will encrypt the given data, using the public key.
1088 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1089 otherwise a negative error value.
1093 gnutls_pubkey_export
1094 --------------------
1096 -- Function: int gnutls_pubkey_export (gnutls_pubkey_t KEY,
1097 gnutls_x509_crt_fmt_t FORMAT, void * OUTPUT_DATA, size_t *
1099 KEY: Holds the certificate
1101 FORMAT: the format of output params. One of PEM or DER.
1103 OUTPUT_DATA: will contain a certificate PEM or DER encoded
1105 OUTPUT_DATA_SIZE: holds the size of output_data (and will be
1106 replaced by the actual size of parameters)
1108 This function will export the public key to DER or PEM format. The
1109 contents of the exported data is the SubjectPublicKeyInfo X.509
1112 If the buffer provided is not long enough to hold the output, then
1113 *output_data_size is updated and 'GNUTLS_E_SHORT_MEMORY_BUFFER'
1116 If the structure is PEM encoded, it will have a header of "BEGIN
1119 *Returns:* In case of failure a negative error code will be
1120 returned, and 0 on success.
1124 gnutls_pubkey_export2
1125 ---------------------
1127 -- Function: int gnutls_pubkey_export2 (gnutls_pubkey_t KEY,
1128 gnutls_x509_crt_fmt_t FORMAT, gnutls_datum_t * OUT)
1129 KEY: Holds the certificate
1131 FORMAT: the format of output params. One of PEM or DER.
1133 OUT: will contain a certificate PEM or DER encoded
1135 This function will export the public key to DER or PEM format. The
1136 contents of the exported data is the SubjectPublicKeyInfo X.509
1139 The output buffer will be allocated using 'gnutls_malloc()' .
1141 If the structure is PEM encoded, it will have a header of "BEGIN
1144 *Returns:* In case of failure a negative error code will be
1145 returned, and 0 on success.
1149 gnutls_pubkey_export_dsa_raw
1150 ----------------------------
1152 -- Function: int gnutls_pubkey_export_dsa_raw (gnutls_pubkey_t KEY,
1153 gnutls_datum_t * P, gnutls_datum_t * Q, gnutls_datum_t * G,
1155 KEY: Holds the public key
1165 This function will export the DSA public key's parameters found in
1166 the given certificate. The new parameters will be allocated using
1167 'gnutls_malloc()' and will be stored in the appropriate datum.
1169 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise a negative
1174 gnutls_pubkey_export_ecc_raw
1175 ----------------------------
1177 -- Function: int gnutls_pubkey_export_ecc_raw (gnutls_pubkey_t KEY,
1178 gnutls_ecc_curve_t * CURVE, gnutls_datum_t * X, gnutls_datum_t
1180 KEY: Holds the public key
1182 CURVE: will hold the curve
1188 This function will export the ECC public key's parameters found in
1189 the given certificate. The new parameters will be allocated using
1190 'gnutls_malloc()' and will be stored in the appropriate datum.
1192 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise a negative
1197 gnutls_pubkey_export_ecc_x962
1198 -----------------------------
1200 -- Function: int gnutls_pubkey_export_ecc_x962 (gnutls_pubkey_t KEY,
1201 gnutls_datum_t * PARAMETERS, gnutls_datum_t * ECPOINT)
1202 KEY: Holds the public key
1204 PARAMETERS: DER encoding of an ANSI X9.62 parameters
1206 ECPOINT: DER encoding of ANSI X9.62 ECPoint
1208 This function will export the ECC public key's parameters found in
1209 the given certificate. The new parameters will be allocated using
1210 'gnutls_malloc()' and will be stored in the appropriate datum.
1212 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise a negative
1217 gnutls_pubkey_export_rsa_raw
1218 ----------------------------
1220 -- Function: int gnutls_pubkey_export_rsa_raw (gnutls_pubkey_t KEY,
1221 gnutls_datum_t * M, gnutls_datum_t * E)
1222 KEY: Holds the certificate
1224 M: will hold the modulus
1226 E: will hold the public exponent
1228 This function will export the RSA public key's parameters found in
1229 the given structure. The new parameters will be allocated using
1230 'gnutls_malloc()' and will be stored in the appropriate datum.
1232 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise a negative
1237 gnutls_pubkey_get_key_id
1238 ------------------------
1240 -- Function: int gnutls_pubkey_get_key_id (gnutls_pubkey_t KEY,
1241 unsigned int FLAGS, unsigned char * OUTPUT_DATA, size_t *
1243 KEY: Holds the public key
1245 FLAGS: should be 0 for now
1247 OUTPUT_DATA: will contain the key ID
1249 OUTPUT_DATA_SIZE: holds the size of output_data (and will be
1250 replaced by the actual size of parameters)
1252 This function will return a unique ID that depends on the public
1253 key parameters. This ID can be used in checking whether a
1254 certificate corresponds to the given public key.
1256 If the buffer provided is not long enough to hold the output, then
1257 *output_data_size is updated and 'GNUTLS_E_SHORT_MEMORY_BUFFER'
1258 will be returned. The output will normally be a SHA-1 hash output,
1261 *Returns:* In case of failure a negative error code will be
1262 returned, and 0 on success.
1266 gnutls_pubkey_get_key_usage
1267 ---------------------------
1269 -- Function: int gnutls_pubkey_get_key_usage (gnutls_pubkey_t KEY,
1270 unsigned int * USAGE)
1271 KEY: should contain a 'gnutls_pubkey_t' structure
1273 USAGE: If set will return the number of bits of the parameters (may
1276 This function will return the key usage of the public key.
1278 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1279 otherwise a negative error value.
1283 gnutls_pubkey_get_openpgp_key_id
1284 --------------------------------
1286 -- Function: int gnutls_pubkey_get_openpgp_key_id (gnutls_pubkey_t KEY,
1287 unsigned int FLAGS, unsigned char * OUTPUT_DATA, size_t *
1288 OUTPUT_DATA_SIZE, unsigned int * SUBKEY)
1289 KEY: Holds the public key
1291 FLAGS: should be 0 or 'GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT'
1293 OUTPUT_DATA: will contain the key ID
1295 OUTPUT_DATA_SIZE: holds the size of output_data (and will be
1296 replaced by the actual size of parameters)
1298 SUBKEY: Will be non zero if the key ID corresponds to a subkey
1300 This function returns the OpenPGP key ID of the corresponding key.
1301 The key is a unique ID that depends on the public key parameters.
1303 If the flag 'GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT' is specified
1304 this function returns the fingerprint of the master key.
1306 If the buffer provided is not long enough to hold the output, then
1307 *output_data_size is updated and 'GNUTLS_E_SHORT_MEMORY_BUFFER'
1308 will be returned. The output is 'GNUTLS_OPENPGP_KEYID_SIZE' bytes
1311 *Returns:* In case of failure a negative error code will be
1312 returned, and 0 on success.
1316 gnutls_pubkey_get_pk_algorithm
1317 ------------------------------
1319 -- Function: int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t KEY,
1320 unsigned int * BITS)
1321 KEY: should contain a 'gnutls_pubkey_t' structure
1323 BITS: If set will return the number of bits of the parameters (may
1326 This function will return the public key algorithm of a public key
1327 and if possible will return a number of bits that indicates the
1328 security parameter of the key.
1330 *Returns:* a member of the 'gnutls_pk_algorithm_t' enumeration on
1331 success, or a negative error code on error.
1335 gnutls_pubkey_get_preferred_hash_algorithm
1336 ------------------------------------------
1338 -- Function: int gnutls_pubkey_get_preferred_hash_algorithm
1339 (gnutls_pubkey_t KEY, gnutls_digest_algorithm_t * HASH,
1340 unsigned int * MAND)
1341 KEY: Holds the certificate
1343 HASH: The result of the call with the hash algorithm used for
1346 MAND: If non zero it means that the algorithm MUST use this hash.
1349 This function will read the certifcate and return the appropriate
1350 digest algorithm to use for signing with this certificate. Some
1351 certificates (i.e. DSA might not be able to sign without the
1352 preferred algorithm).
1354 To get the signature algorithm instead of just the hash use
1355 'gnutls_pk_to_sign()' with the algorithm of the certificate/key and
1356 the provided 'hash' .
1358 *Returns:* the 0 if the hash algorithm is found. A negative error
1359 code is returned on error.
1363 gnutls_pubkey_get_verify_algorithm
1364 ----------------------------------
1366 -- Function: int gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t
1367 KEY, const gnutls_datum_t * SIGNATURE,
1368 gnutls_digest_algorithm_t * HASH)
1369 KEY: Holds the certificate
1371 SIGNATURE: contains the signature
1373 HASH: The result of the call with the hash algorithm used for
1376 This function will read the certifcate and the signed data to
1377 determine the hash algorithm used to generate the signature.
1379 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1380 otherwise a negative error value.
1384 gnutls_pubkey_import
1385 --------------------
1387 -- Function: int gnutls_pubkey_import (gnutls_pubkey_t KEY, const
1388 gnutls_datum_t * DATA, gnutls_x509_crt_fmt_t FORMAT)
1389 KEY: The structure to store the parsed public key.
1391 DATA: The DER or PEM encoded certificate.
1393 FORMAT: One of DER or PEM
1395 This function will import the provided public key in a
1396 SubjectPublicKeyInfo X.509 structure to a native 'gnutls_pubkey_t'
1397 structure. The output will be stored in 'key' . If the public key
1398 is PEM encoded it should have a header of "PUBLIC KEY".
1400 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1401 otherwise a negative error value.
1405 gnutls_pubkey_import_dsa_raw
1406 ----------------------------
1408 -- Function: int gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t KEY,
1409 const gnutls_datum_t * P, const gnutls_datum_t * Q, const
1410 gnutls_datum_t * G, const gnutls_datum_t * Y)
1411 KEY: The structure to store the parsed key
1421 This function will convert the given DSA raw parameters to the
1422 native 'gnutls_pubkey_t' format. The output will be stored in
1425 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1426 otherwise a negative error value.
1430 gnutls_pubkey_import_ecc_raw
1431 ----------------------------
1433 -- Function: int gnutls_pubkey_import_ecc_raw (gnutls_pubkey_t KEY,
1434 gnutls_ecc_curve_t CURVE, const gnutls_datum_t * X, const
1436 KEY: The structure to store the parsed key
1438 CURVE: holds the curve
1444 This function will convert the given elliptic curve parameters to a
1445 'gnutls_pubkey_t' . The output will be stored in 'key' .
1447 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1448 otherwise a negative error value.
1452 gnutls_pubkey_import_ecc_x962
1453 -----------------------------
1455 -- Function: int gnutls_pubkey_import_ecc_x962 (gnutls_pubkey_t KEY,
1456 const gnutls_datum_t * PARAMETERS, const gnutls_datum_t *
1458 KEY: The structure to store the parsed key
1460 PARAMETERS: DER encoding of an ANSI X9.62 parameters
1462 ECPOINT: DER encoding of ANSI X9.62 ECPoint
1464 This function will convert the given elliptic curve parameters to a
1465 'gnutls_pubkey_t' . The output will be stored in 'key' .
1467 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1468 otherwise a negative error value.
1472 gnutls_pubkey_import_openpgp
1473 ----------------------------
1475 -- Function: int gnutls_pubkey_import_openpgp (gnutls_pubkey_t KEY,
1476 gnutls_openpgp_crt_t CRT, unsigned int FLAGS)
1479 CRT: The certificate to be imported
1481 FLAGS: should be zero
1483 Imports a public key from an openpgp key. This function will
1484 import the given public key to the abstract 'gnutls_pubkey_t'
1485 structure. The subkey set as preferred will be imported or the
1486 master key otherwise.
1488 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1489 otherwise a negative error value.
1493 gnutls_pubkey_import_openpgp_raw
1494 --------------------------------
1496 -- Function: int gnutls_pubkey_import_openpgp_raw (gnutls_pubkey_t
1497 PKEY, const gnutls_datum_t * DATA, gnutls_openpgp_crt_fmt_t
1498 FORMAT, const gnutls_openpgp_keyid_t KEYID, unsigned int
1500 PKEY: The public key
1502 DATA: The public key data to be imported
1504 FORMAT: The format of the public key
1506 KEYID: The key id to use (optional)
1508 FLAGS: Should be zero
1510 This function will import the given public key to the abstract
1511 'gnutls_pubkey_t' structure.
1513 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1514 otherwise a negative error value.
1518 gnutls_pubkey_import_pkcs11
1519 ---------------------------
1521 -- Function: int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t KEY,
1522 gnutls_pkcs11_obj_t OBJ, unsigned int FLAGS)
1525 OBJ: The parameters to be imported
1527 FLAGS: should be zero
1529 Imports a public key from a pkcs11 key. This function will import
1530 the given public key to the abstract 'gnutls_pubkey_t' structure.
1532 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1533 otherwise a negative error value.
1537 gnutls_pubkey_import_pkcs11_url
1538 -------------------------------
1540 -- Function: int gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t KEY,
1541 const char * URL, unsigned int FLAGS)
1542 KEY: A key of type 'gnutls_pubkey_t'
1546 FLAGS: One of GNUTLS_PKCS11_OBJ_* flags
1548 This function will import a PKCS 11 certificate to a
1549 'gnutls_pubkey_t' structure.
1551 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1552 otherwise a negative error value.
1556 gnutls_pubkey_import_privkey
1557 ----------------------------
1559 -- Function: int gnutls_pubkey_import_privkey (gnutls_pubkey_t KEY,
1560 gnutls_privkey_t PKEY, unsigned int USAGE, unsigned int FLAGS)
1563 PKEY: The private key
1565 USAGE: GNUTLS_KEY_* key usage flags.
1567 FLAGS: should be zero
1569 Imports the public key from a private. This function will import
1570 the given public key to the abstract 'gnutls_pubkey_t' structure.
1572 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1573 otherwise a negative error value.
1577 gnutls_pubkey_import_rsa_raw
1578 ----------------------------
1580 -- Function: int gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t KEY,
1581 const gnutls_datum_t * M, const gnutls_datum_t * E)
1582 KEY: Is a structure will hold the parameters
1584 M: holds the modulus
1586 E: holds the public exponent
1588 This function will replace the parameters in the given structure.
1589 The new parameters should be stored in the appropriate
1592 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error
1597 gnutls_pubkey_import_tpm_raw
1598 ----------------------------
1600 -- Function: int gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t PKEY,
1601 const gnutls_datum_t * FDATA, gnutls_tpmkey_fmt_t FORMAT,
1602 const char * SRK_PASSWORD, unsigned int FLAGS)
1603 PKEY: The public key
1605 FDATA: The TPM key to be imported
1607 FORMAT: The format of the private key
1609 SRK_PASSWORD: The password for the SRK key (optional)
1611 FLAGS: One of the GNUTLS_PUBKEY_* flags
1613 This function will import the public key from the provided TPM key
1616 With respect to passwords the same as in
1617 'gnutls_pubkey_import_tpm_url()' apply.
1619 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1620 otherwise a negative error value.
1624 gnutls_pubkey_import_tpm_url
1625 ----------------------------
1627 -- Function: int gnutls_pubkey_import_tpm_url (gnutls_pubkey_t PKEY,
1628 const char * URL, const char * SRK_PASSWORD, unsigned int
1630 PKEY: The public key
1632 URL: The URL of the TPM key to be imported
1634 SRK_PASSWORD: The password for the SRK key (optional)
1636 FLAGS: should be zero
1638 This function will import the given private key to the abstract
1639 'gnutls_privkey_t' structure.
1641 Note that unless 'GNUTLS_PUBKEY_DISABLE_CALLBACKS' is specified, if
1642 incorrect (or NULL) passwords are given the PKCS11 callback
1643 functions will be used to obtain the correct passwords. Otherwise
1644 if the SRK password is wrong 'GNUTLS_E_TPM_SRK_PASSWORD_ERROR' is
1647 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1648 otherwise a negative error value.
1652 gnutls_pubkey_import_url
1653 ------------------------
1655 -- Function: int gnutls_pubkey_import_url (gnutls_pubkey_t KEY, const
1656 char * URL, unsigned int FLAGS)
1657 KEY: A key of type 'gnutls_pubkey_t'
1661 FLAGS: One of GNUTLS_PKCS11_OBJ_* flags
1663 This function will import a PKCS11 certificate or a TPM key as a
1666 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1667 otherwise a negative error value.
1671 gnutls_pubkey_import_x509
1672 -------------------------
1674 -- Function: int gnutls_pubkey_import_x509 (gnutls_pubkey_t KEY,
1675 gnutls_x509_crt_t CRT, unsigned int FLAGS)
1678 CRT: The certificate to be imported
1680 FLAGS: should be zero
1682 This function will import the given public key to the abstract
1683 'gnutls_pubkey_t' structure.
1685 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1686 otherwise a negative error value.
1690 gnutls_pubkey_import_x509_crq
1691 -----------------------------
1693 -- Function: int gnutls_pubkey_import_x509_crq (gnutls_pubkey_t KEY,
1694 gnutls_x509_crq_t CRQ, unsigned int FLAGS)
1697 CRQ: The certificate to be imported
1699 FLAGS: should be zero
1701 This function will import the given public key to the abstract
1702 'gnutls_pubkey_t' structure.
1704 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1705 otherwise a negative error value.
1709 gnutls_pubkey_import_x509_raw
1710 -----------------------------
1712 -- Function: int gnutls_pubkey_import_x509_raw (gnutls_pubkey_t PKEY,
1713 const gnutls_datum_t * DATA, gnutls_x509_crt_fmt_t FORMAT,
1715 PKEY: The public key
1717 DATA: The public key data to be imported
1719 FORMAT: The format of the public key
1721 FLAGS: should be zero
1723 This function will import the given public key to the abstract
1724 'gnutls_pubkey_t' structure.
1726 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1727 otherwise a negative error value.
1734 -- Function: int gnutls_pubkey_init (gnutls_pubkey_t * KEY)
1735 KEY: The structure to be initialized
1737 This function will initialize an public key structure.
1739 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1740 otherwise a negative error value.
1747 -- Function: int gnutls_pubkey_print (gnutls_pubkey_t PUBKEY,
1748 gnutls_certificate_print_formats_t FORMAT, gnutls_datum_t *
1750 PUBKEY: The structure to be printed
1752 FORMAT: Indicate the format to use
1754 OUT: Newly allocated datum with null terminated string.
1756 This function will pretty print public key information, suitable
1757 for display to a human.
1759 Only 'GNUTLS_CRT_PRINT_FULL' and 'GNUTLS_CRT_PRINT_FULL_NUMBERS'
1762 The output 'out' needs to be deallocated using 'gnutls_free()' .
1764 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1765 otherwise a negative error value.
1769 gnutls_pubkey_set_key_usage
1770 ---------------------------
1772 -- Function: int gnutls_pubkey_set_key_usage (gnutls_pubkey_t KEY,
1774 KEY: a certificate of type 'gnutls_x509_crt_t'
1776 USAGE: an ORed sequence of the GNUTLS_KEY_* elements.
1778 This function will set the key usage flags of the public key. This
1779 is only useful if the key is to be exported to a certificate or
1780 certificate request.
1782 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1783 otherwise a negative error value.
1787 gnutls_pubkey_set_pin_function
1788 ------------------------------
1790 -- Function: void gnutls_pubkey_set_pin_function (gnutls_pubkey_t KEY,
1791 gnutls_pin_callback_t FN, void * USERDATA)
1792 KEY: A key of type 'gnutls_pubkey_t'
1796 USERDATA: data associated with the callback
1798 This function will set a callback function to be used when required
1799 to access the object. This function overrides any other global PIN
1802 Note that this function must be called right after initialization
1807 gnutls_pubkey_verify_data
1808 -------------------------
1810 -- Function: int gnutls_pubkey_verify_data (gnutls_pubkey_t PUBKEY,
1811 unsigned int FLAGS, const gnutls_datum_t * DATA, const
1812 gnutls_datum_t * SIGNATURE)
1813 PUBKEY: Holds the public key
1815 FLAGS: Zero or one of 'gnutls_pubkey_flags_t'
1817 DATA: holds the signed data
1819 SIGNATURE: contains the signature
1821 This function will verify the given signed data, using the
1822 parameters from the certificate.
1824 Deprecated. This function cannot be easily used securely. Use
1825 'gnutls_pubkey_verify_data2()' instead.
1827 *Returns:* In case of a verification failure
1828 'GNUTLS_E_PK_SIG_VERIFY_FAILED' is returned, and zero or positive
1833 gnutls_pubkey_verify_data2
1834 --------------------------
1836 -- Function: int gnutls_pubkey_verify_data2 (gnutls_pubkey_t PUBKEY,
1837 gnutls_sign_algorithm_t ALGO, unsigned int FLAGS, const
1838 gnutls_datum_t * DATA, const gnutls_datum_t * SIGNATURE)
1839 PUBKEY: Holds the public key
1841 ALGO: The signature algorithm used
1843 FLAGS: Zero or one of 'gnutls_pubkey_flags_t'
1845 DATA: holds the signed data
1847 SIGNATURE: contains the signature
1849 This function will verify the given signed data, using the
1850 parameters from the certificate.
1852 *Returns:* In case of a verification failure
1853 'GNUTLS_E_PK_SIG_VERIFY_FAILED' is returned, and zero or positive
1858 gnutls_pubkey_verify_hash
1859 -------------------------
1861 -- Function: int gnutls_pubkey_verify_hash (gnutls_pubkey_t KEY,
1862 unsigned int FLAGS, const gnutls_datum_t * HASH, const
1863 gnutls_datum_t * SIGNATURE)
1864 KEY: Holds the public key
1866 FLAGS: Zero or one of 'gnutls_pubkey_flags_t'
1868 HASH: holds the hash digest to be verified
1870 SIGNATURE: contains the signature
1872 This function will verify the given signed digest, using the
1873 parameters from the public key.
1875 Deprecated. This function cannot be easily used securely. Use
1876 'gnutls_pubkey_verify_hash2()' instead.
1878 *Returns:* In case of a verification failure
1879 'GNUTLS_E_PK_SIG_VERIFY_FAILED' is returned, and zero or positive
1884 gnutls_pubkey_verify_hash2
1885 --------------------------
1887 -- Function: int gnutls_pubkey_verify_hash2 (gnutls_pubkey_t KEY,
1888 gnutls_sign_algorithm_t ALGO, unsigned int FLAGS, const
1889 gnutls_datum_t * HASH, const gnutls_datum_t * SIGNATURE)
1890 KEY: Holds the public key
1892 ALGO: The signature algorithm used
1894 FLAGS: Zero or one of 'gnutls_pubkey_flags_t'
1896 HASH: holds the hash digest to be verified
1898 SIGNATURE: contains the signature
1900 This function will verify the given signed digest, using the
1901 parameters from the public key. Note that unlike
1902 'gnutls_privkey_sign_hash()' , this function accepts a signature
1903 algorithm instead of a digest algorithm. You can use
1904 'gnutls_pk_to_sign()' to get the appropriate value.
1906 *Returns:* In case of a verification failure
1907 'GNUTLS_E_PK_SIG_VERIFY_FAILED' is returned, and zero or positive
1912 gnutls_pubkey_verify_params
1913 ---------------------------
1915 -- Function: int gnutls_pubkey_verify_params (gnutls_pubkey_t KEY)
1916 KEY: should contain a 'gnutls_pubkey_t' structure
1918 This function will verify the private key parameters.
1920 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1921 otherwise a negative error value.
1925 gnutls_x509_crl_privkey_sign
1926 ----------------------------
1928 -- Function: int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t CRL,
1929 gnutls_x509_crt_t ISSUER, gnutls_privkey_t ISSUER_KEY,
1930 gnutls_digest_algorithm_t DIG, unsigned int FLAGS)
1931 CRL: should contain a gnutls_x509_crl_t structure
1933 ISSUER: is the certificate of the certificate issuer
1935 ISSUER_KEY: holds the issuer's private key
1937 DIG: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice
1938 unless you know what you're doing.
1942 This function will sign the CRL with the issuer's private key, and
1943 will copy the issuer's information into the CRL.
1945 This must be the last step in a certificate CRL since all the
1946 previously set parameters are now signed.
1948 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1949 otherwise a negative error value.
1953 gnutls_x509_crq_privkey_sign
1954 ----------------------------
1956 -- Function: int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t CRQ,
1957 gnutls_privkey_t KEY, gnutls_digest_algorithm_t DIG, unsigned
1959 CRQ: should contain a 'gnutls_x509_crq_t' structure
1961 KEY: holds a private key
1963 DIG: The message digest to use, i.e., 'GNUTLS_DIG_SHA1'
1967 This function will sign the certificate request with a private key.
1968 This must be the same key as the one used in
1969 'gnutls_x509_crt_set_key()' since a certificate request is self
1972 This must be the last step in a certificate request generation
1973 since all the previously set parameters are now signed.
1975 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise a negative
1976 error code. 'GNUTLS_E_ASN1_VALUE_NOT_FOUND' is returned if you
1977 didn't set all information in the certificate request (e.g., the
1978 version using 'gnutls_x509_crq_set_version()' ).
1982 gnutls_x509_crq_set_pubkey
1983 --------------------------
1985 -- Function: int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t CRQ,
1986 gnutls_pubkey_t KEY)
1987 CRQ: should contain a 'gnutls_x509_crq_t' structure
1989 KEY: holds a public key
1991 This function will set the public parameters from the given public
1994 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1995 otherwise a negative error value.
1999 gnutls_x509_crt_privkey_sign
2000 ----------------------------
2002 -- Function: int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t CRT,
2003 gnutls_x509_crt_t ISSUER, gnutls_privkey_t ISSUER_KEY,
2004 gnutls_digest_algorithm_t DIG, unsigned int FLAGS)
2005 CRT: a certificate of type 'gnutls_x509_crt_t'
2007 ISSUER: is the certificate of the certificate issuer
2009 ISSUER_KEY: holds the issuer's private key
2011 DIG: The message digest to use, 'GNUTLS_DIG_SHA1' is a safe choice
2015 This function will sign the certificate with the issuer's private
2016 key, and will copy the issuer's information into the certificate.
2018 This must be the last step in a certificate generation since all
2019 the previously set parameters are now signed.
2021 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
2022 otherwise a negative error value.
2024 gnutls_x509_crt_set_pubkey
2025 --------------------------
2027 -- Function: int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t CRT,
2028 gnutls_pubkey_t KEY)
2029 CRT: should contain a 'gnutls_x509_crt_t' structure
2031 KEY: holds a public key
2033 This function will set the public parameters from the given public
2036 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
2037 otherwise a negative error value.
2042 File: gnutls.info, Node: DANE API, Next: Cryptographic API, Prev: Abstract key API, Up: API reference
2047 The following functions are to be used for DANE certificate
2048 verification. Their prototypes lie in 'gnutls/dane.h'. Note that you
2049 need to link with the 'libgnutls-dane' library to use them.
2054 -- Function: const char * dane_cert_type_name (dane_cert_type_t TYPE)
2055 TYPE: is a DANE match type
2057 Convert a 'dane_cert_type_t' value to a string.
2059 *Returns:* a string that contains the name of the specified type,
2062 dane_cert_usage_name
2063 --------------------
2065 -- Function: const char * dane_cert_usage_name (dane_cert_usage_t
2067 USAGE: - undescribed -
2069 Convert a 'dane_cert_usage_t' value to a string.
2071 *Returns:* a string that contains the name of the specified type,
2074 dane_match_type_name
2075 --------------------
2077 -- Function: const char * dane_match_type_name (dane_match_type_t TYPE)
2078 TYPE: is a DANE match type
2080 Convert a 'dane_match_type_t' value to a string.
2082 *Returns:* a string that contains the name of the specified type,
2088 -- Function: int dane_query_data (dane_query_t Q, unsigned int IDX,
2089 unsigned int * USAGE, unsigned int * TYPE, unsigned int *
2090 MATCH, gnutls_datum_t * DATA)
2091 Q: The query result structure
2093 IDX: The index of the query response.
2095 USAGE: The certificate usage (see 'dane_cert_usage_t' )
2097 TYPE: The certificate type (see 'dane_cert_type_t' )
2099 MATCH: The DANE matching type (see 'dane_match_type_t' )
2101 DATA: The DANE data.
2103 This function will provide the DANE data from the query response.
2105 *Returns:* On success, 'DANE_E_SUCCESS' (0) is returned, otherwise
2106 a negative error value.
2111 -- Function: void dane_query_deinit (dane_query_t Q)
2112 Q: The structure to be deinitialized
2114 This function will deinitialize a DANE query result structure.
2119 -- Function: unsigned int dane_query_entries (dane_query_t Q)
2120 Q: The query result structure
2122 This function will return the number of entries in a query.
2124 *Returns:* The number of entries.
2129 -- Function: dane_query_status_t dane_query_status (dane_query_t Q)
2130 Q: The query result structure
2132 This function will return the status of the query response. See
2133 'dane_query_status_t' for the possible types.
2135 *Returns:* The status type.
2140 -- Function: int dane_query_tlsa (dane_state_t S, dane_query_t * R,
2141 const char * HOST, const char * PROTO, unsigned int PORT)
2142 S: The DANE state structure
2144 R: A structure to place the result
2146 HOST: The host name to resolve.
2148 PROTO: The protocol type (tcp, udp, etc.)
2150 PORT: The service port number (eg. 443).
2152 This function will query the DNS server for the TLSA (DANE) data
2155 *Returns:* On success, 'DANE_E_SUCCESS' (0) is returned, otherwise
2156 a negative error value.
2158 dane_query_to_raw_tlsa
2159 ----------------------
2161 -- Function: int dane_query_to_raw_tlsa (dane_query_t Q, unsigned int *
2162 DATA_ENTRIES, char *** DANE_DATA, int ** DANE_DATA_LEN, int *
2163 SECURE, int * BOGUS)
2164 Q: The query result structure
2166 DATA_ENTRIES: Pointer set to the number of entries in the query
2168 DANE_DATA: Pointer to contain an array of DNS rdata items,
2169 terminated with a NULL pointer; caller must guarantee that the
2170 referenced data remains valid until 'dane_query_deinit()' is
2173 DANE_DATA_LEN: Pointer to contain the length n bytes of the
2176 SECURE: Pointer set true if the result is validated securely, false
2177 if validation failed or the domain queried has no security info
2179 BOGUS: Pointer set true if the result was not secure due to a
2182 This function will provide the DANE data from the query response.
2184 The pointers dane_data and dane_data_len are allocated with
2185 'gnutls_malloc()' to contain the data from the query result
2186 structure (individual 'dane_data' items simply point to the
2187 original data and are not allocated separately). The returned
2188 'dane_data' are only valid during the lifetime of 'q' .
2190 *Returns:* On success, 'DANE_E_SUCCESS' (0) is returned, otherwise
2191 a negative error value.
2196 -- Function: int dane_raw_tlsa (dane_state_t S, dane_query_t * R, char
2197 *const * DANE_DATA, const int * DANE_DATA_LEN, int SECURE, int
2199 S: The DANE state structure
2201 R: A structure to place the result
2203 DANE_DATA: array of DNS rdata items, terminated with a NULL
2204 pointer; caller must guarantee that the referenced data remains
2205 valid until 'dane_query_deinit()' is called.
2207 DANE_DATA_LEN: the length n bytes of the dane_data items
2209 SECURE: true if the result is validated securely, false if
2210 validation failed or the domain queried has no security info
2212 BOGUS: if the result was not secure (secure = 0) due to a security
2213 failure, and the result is due to a security failure, bogus is
2216 This function will fill in the TLSA (DANE) structure from the given
2217 raw DNS record data. The 'dane_data' must be valid during the
2218 lifetime of the query.
2220 *Returns:* On success, 'DANE_E_SUCCESS' (0) is returned, otherwise
2221 a negative error value.
2226 -- Function: void dane_state_deinit (dane_state_t S)
2227 S: The structure to be deinitialized
2229 This function will deinitialize a DANE query structure.
2234 -- Function: int dane_state_init (dane_state_t * S, unsigned int FLAGS)
2235 S: The structure to be initialized
2237 FLAGS: flags from the 'dane_state_flags' enumeration
2239 This function will initialize a DANE query structure.
2241 *Returns:* On success, 'DANE_E_SUCCESS' (0) is returned, otherwise
2242 a negative error value.
2244 dane_state_set_dlv_file
2245 -----------------------
2247 -- Function: int dane_state_set_dlv_file (dane_state_t S, const char *
2249 S: The structure to be deinitialized
2251 FILE: The file holding the DLV keys.
2253 This function will set a file with trusted keys for DLV (DNSSEC
2254 Lookaside Validation).
2259 -- Function: const char * dane_strerror (int ERROR)
2260 ERROR: is a DANE error code, a negative error code
2262 This function is similar to strerror. The difference is that it
2263 accepts an error number returned by a gnutls function; In case of
2264 an unknown error a descriptive string is sent instead of 'NULL' .
2266 Error codes are always a negative error code.
2268 *Returns:* A string explaining the DANE error message.
2270 dane_verification_status_print
2271 ------------------------------
2273 -- Function: int dane_verification_status_print (unsigned int STATUS,
2274 gnutls_datum_t * OUT, unsigned int FLAGS)
2275 STATUS: The status flags to be printed
2277 OUT: Newly allocated datum with (0) terminated string.
2279 FLAGS: should be zero
2281 This function will pretty print the status of a verification
2282 process - eg. the one obtained by 'dane_verify_crt()' .
2284 The output 'out' needs to be deallocated using 'gnutls_free()' .
2286 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
2287 otherwise a negative error value.
2292 -- Function: int dane_verify_crt (dane_state_t S, const gnutls_datum_t
2293 * CHAIN, unsigned CHAIN_SIZE, gnutls_certificate_type_t
2294 CHAIN_TYPE, const char * HOSTNAME, const char * PROTO,
2295 unsigned int PORT, unsigned int SFLAGS, unsigned int VFLAGS,
2296 unsigned int * VERIFY)
2297 S: A DANE state structure (may be NULL)
2299 CHAIN: A certificate chain
2301 CHAIN_SIZE: The size of the chain
2303 CHAIN_TYPE: The type of the certificate chain
2305 HOSTNAME: The hostname associated with the chain
2307 PROTO: The protocol of the service connecting (e.g. tcp)
2309 PORT: The port of the service connecting (e.g. 443)
2311 SFLAGS: Flags for the the initialization of 's' (if NULL)
2313 VFLAGS: Verification flags; an OR'ed list of 'dane_verify_flags_t'
2316 VERIFY: An OR'ed list of 'dane_verify_status_t' .
2318 This function will verify the given certificate chain against the
2319 CA constrains and/or the certificate available via DANE. If no
2320 information via DANE can be obtained the flag
2321 'DANE_VERIFY_NO_DANE_INFO' is set. If a DNSSEC signature is not
2322 available for the DANE record then the verify flag
2323 'DANE_VERIFY_NO_DNSSEC_DATA' is set.
2325 Due to the many possible options of DANE, there is no single threat
2326 model countered. When notifying the user about DANE verification
2327 results it may be better to mention: DANE verification did not
2328 reject the certificate, rather than mentioning a successful DANE
2331 Note that this function is designed to be run in addition to PKIX -
2332 certificate chain - verification. To be run independently the
2333 'DANE_VFLAG_ONLY_CHECK_EE_USAGE' flag should be specified; then the
2334 function will check whether the key of the peer matches the key
2335 advertized in the DANE entry.
2337 *Returns:* a negative error code on error and 'DANE_E_SUCCESS' (0)
2338 when the DANE entries were successfully parsed, irrespective of
2339 whether they were verified (see 'verify' for that information). If
2340 no usable entries were encountered
2341 'DANE_E_REQUESTED_DATA_NOT_AVAILABLE' will be returned.
2346 -- Function: int dane_verify_crt_raw (dane_state_t S, const
2347 gnutls_datum_t * CHAIN, unsigned CHAIN_SIZE,
2348 gnutls_certificate_type_t CHAIN_TYPE, dane_query_t R, unsigned
2349 int SFLAGS, unsigned int VFLAGS, unsigned int * VERIFY)
2350 S: A DANE state structure (may be NULL)
2352 CHAIN: A certificate chain
2354 CHAIN_SIZE: The size of the chain
2356 CHAIN_TYPE: The type of the certificate chain
2358 R: DANE data to check against
2360 SFLAGS: Flags for the the initialization of 's' (if NULL)
2362 VFLAGS: Verification flags; an OR'ed list of 'dane_verify_flags_t'
2365 VERIFY: An OR'ed list of 'dane_verify_status_t' .
2367 This function will verify the given certificate chain against the
2368 CA constrains and/or the certificate available via DANE. If no
2369 information via DANE can be obtained the flag
2370 'DANE_VERIFY_NO_DANE_INFO' is set. If a DNSSEC signature is not
2371 available for the DANE record then the verify flag
2372 'DANE_VERIFY_NO_DNSSEC_DATA' is set.
2374 Due to the many possible options of DANE, there is no single threat
2375 model countered. When notifying the user about DANE verification
2376 results it may be better to mention: DANE verification did not
2377 reject the certificate, rather than mentioning a successful DANE
2380 Note that this function is designed to be run in addition to PKIX -
2381 certificate chain - verification. To be run independently the
2382 'DANE_VFLAG_ONLY_CHECK_EE_USAGE' flag should be specified; then the
2383 function will check whether the key of the peer matches the key
2384 advertized in the DANE entry.
2386 If the 'q' parameter is provided it will be used for caching
2389 *Returns:* a negative error code on error and 'DANE_E_SUCCESS' (0)
2390 when the DANE entries were successfully parsed, irrespective of
2391 whether they were verified (see 'verify' for that information). If
2392 no usable entries were encountered
2393 'DANE_E_REQUESTED_DATA_NOT_AVAILABLE' will be returned.
2395 dane_verify_session_crt
2396 -----------------------
2398 -- Function: int dane_verify_session_crt (dane_state_t S,
2399 gnutls_session_t SESSION, const char * HOSTNAME, const char *
2400 PROTO, unsigned int PORT, unsigned int SFLAGS, unsigned int
2401 VFLAGS, unsigned int * VERIFY)
2402 S: A DANE state structure (may be NULL)
2404 SESSION: A gnutls session
2406 HOSTNAME: The hostname associated with the chain
2408 PROTO: The protocol of the service connecting (e.g. tcp)
2410 PORT: The port of the service connecting (e.g. 443)
2412 SFLAGS: Flags for the the initialization of 's' (if NULL)
2414 VFLAGS: Verification flags; an OR'ed list of 'dane_verify_flags_t'
2417 VERIFY: An OR'ed list of 'dane_verify_status_t' .
2419 This function will verify session's certificate chain against the
2420 CA constrains and/or the certificate available via DANE. See
2421 'dane_verify_crt()' for more information.
2423 This will not verify the chain for validity; unless the DANE
2424 verification is restricted to end certificates, this must be be
2425 performed separately using 'gnutls_certificate_verify_peers3()' .
2427 *Returns:* a negative error code on error and 'DANE_E_SUCCESS' (0)
2428 when the DANE entries were successfully parsed, irrespective of
2429 whether they were verified (see 'verify' for that information). If
2430 no usable entries were encountered
2431 'DANE_E_REQUESTED_DATA_NOT_AVAILABLE' will be returned.
2434 File: gnutls.info, Node: Cryptographic API, Next: Compatibility API, Prev: DANE API, Up: API reference
2436 E.11 Cryptographic API
2437 ======================
2439 The following functions are to be used for low-level cryptographic
2440 operations. Their prototypes lie in 'gnutls/crypto.h'.
2442 gnutls_cipher_add_auth
2443 ----------------------
2445 -- Function: int gnutls_cipher_add_auth (gnutls_cipher_hd_t HANDLE,
2446 const void * TEXT, size_t TEXT_SIZE)
2447 HANDLE: is a 'gnutls_cipher_hd_t' structure.
2449 TEXT: the data to be authenticated
2451 TEXT_SIZE: The length of the data
2453 This function operates on authenticated encryption with associated
2454 data (AEAD) ciphers and authenticate the input data. This function
2455 can only be called once and before any encryption operations.
2457 *Returns:* Zero or a negative error code on error.
2461 gnutls_cipher_decrypt
2462 ---------------------
2464 -- Function: int gnutls_cipher_decrypt (gnutls_cipher_hd_t HANDLE, void
2465 * CIPHERTEXT, size_t CIPHERTEXTLEN)
2466 HANDLE: is a 'gnutls_cipher_hd_t' structure.
2468 CIPHERTEXT: the data to encrypt
2470 CIPHERTEXTLEN: The length of data to encrypt
2472 This function will decrypt the given data using the algorithm
2473 specified by the context.
2475 Note that in AEAD ciphers, this will not check the tag. You will
2476 need to compare the tag sent with the value returned from
2477 'gnutls_cipher_tag()' .
2479 *Returns:* Zero or a negative error code on error.
2483 gnutls_cipher_decrypt2
2484 ----------------------
2486 -- Function: int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t HANDLE,
2487 const void * CIPHERTEXT, size_t CIPHERTEXTLEN, void * TEXT,
2489 HANDLE: is a 'gnutls_cipher_hd_t' structure.
2491 CIPHERTEXT: the data to encrypt
2493 CIPHERTEXTLEN: The length of data to encrypt
2495 TEXT: the decrypted data
2497 TEXTLEN: The available length for decrypted data
2499 This function will decrypt the given data using the algorithm
2500 specified by the context.
2502 Note that in AEAD ciphers, this will not check the tag. You will
2503 need to compare the tag sent with the value returned from
2504 'gnutls_cipher_tag()' .
2506 *Returns:* Zero or a negative error code on error.
2510 gnutls_cipher_deinit
2511 --------------------
2513 -- Function: void gnutls_cipher_deinit (gnutls_cipher_hd_t HANDLE)
2514 HANDLE: is a 'gnutls_cipher_hd_t' structure.
2516 This function will deinitialize all resources occupied by the given
2521 gnutls_cipher_encrypt
2522 ---------------------
2524 -- Function: int gnutls_cipher_encrypt (gnutls_cipher_hd_t HANDLE, void
2525 * TEXT, size_t TEXTLEN)
2526 HANDLE: is a 'gnutls_cipher_hd_t' structure.
2528 TEXT: the data to encrypt
2530 TEXTLEN: The length of data to encrypt
2532 This function will encrypt the given data using the algorithm
2533 specified by the context.
2535 *Returns:* Zero or a negative error code on error.
2539 gnutls_cipher_encrypt2
2540 ----------------------
2542 -- Function: int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t HANDLE,
2543 const void * TEXT, size_t TEXTLEN, void * CIPHERTEXT, size_t
2545 HANDLE: is a 'gnutls_cipher_hd_t' structure.
2547 TEXT: the data to encrypt
2549 TEXTLEN: The length of data to encrypt
2551 CIPHERTEXT: the encrypted data
2553 CIPHERTEXTLEN: The available length for encrypted data
2555 This function will encrypt the given data using the algorithm
2556 specified by the context.
2558 *Returns:* Zero or a negative error code on error.
2562 gnutls_cipher_get_block_size
2563 ----------------------------
2565 -- Function: int gnutls_cipher_get_block_size
2566 (gnutls_cipher_algorithm_t ALGORITHM)
2567 ALGORITHM: is an encryption algorithm
2569 *Returns:* the block size of the encryption algorithm.
2573 gnutls_cipher_get_iv_size
2574 -------------------------
2576 -- Function: int gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t
2578 ALGORITHM: is an encryption algorithm
2580 Get block size for encryption algorithm.
2582 *Returns:* block size for encryption algorithm.
2586 gnutls_cipher_get_tag_size
2587 --------------------------
2589 -- Function: int gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t
2591 ALGORITHM: is an encryption algorithm
2593 *Returns:* the tag size of the authenticated encryption algorithm.
2600 -- Function: int gnutls_cipher_init (gnutls_cipher_hd_t * HANDLE,
2601 gnutls_cipher_algorithm_t CIPHER, const gnutls_datum_t * KEY,
2602 const gnutls_datum_t * IV)
2603 HANDLE: is a 'gnutls_cipher_hd_t' structure.
2605 CIPHER: the encryption algorithm to use
2607 KEY: The key to be used for encryption
2609 IV: The IV to use (if not applicable set NULL)
2611 This function will initialize an context that can be used for
2612 encryption/decryption of data. This will effectively use the
2613 current crypto backend in use by gnutls or the cryptographic
2616 *Returns:* Zero or a negative error code on error.
2620 gnutls_cipher_set_iv
2621 --------------------
2623 -- Function: void gnutls_cipher_set_iv (gnutls_cipher_hd_t HANDLE, void
2625 HANDLE: is a 'gnutls_cipher_hd_t' structure.
2629 IVLEN: The length of the IV
2631 This function will set the IV to be used for the next encryption
2639 -- Function: int gnutls_cipher_tag (gnutls_cipher_hd_t HANDLE, void *
2640 TAG, size_t TAG_SIZE)
2641 HANDLE: is a 'gnutls_cipher_hd_t' structure.
2643 TAG: will hold the tag
2645 TAG_SIZE: The length of the tag to return
2647 This function operates on authenticated encryption with associated
2648 data (AEAD) ciphers and will return the output tag.
2650 *Returns:* Zero or a negative error code on error.
2657 -- Function: int gnutls_hash (gnutls_hash_hd_t HANDLE, const void *
2658 TEXT, size_t TEXTLEN)
2659 HANDLE: is a 'gnutls_cipher_hd_t' structure.
2661 TEXT: the data to hash
2663 TEXTLEN: The length of data to hash
2665 This function will hash the given data using the algorithm
2666 specified by the context.
2668 *Returns:* Zero or a negative error code on error.
2675 -- Function: void gnutls_hash_deinit (gnutls_hash_hd_t HANDLE, void *
2677 HANDLE: is a 'gnutls_hash_hd_t' structure.
2679 DIGEST: is the output value of the hash
2681 This function will deinitialize all resources occupied by the given
2689 -- Function: int gnutls_hash_fast (gnutls_digest_algorithm_t ALGORITHM,
2690 const void * TEXT, size_t TEXTLEN, void * DIGEST)
2691 ALGORITHM: the hash algorithm to use
2693 TEXT: the data to hash
2695 TEXTLEN: The length of data to hash
2697 DIGEST: is the output value of the hash
2699 This convenience function will hash the given data and return
2700 output on a single call.
2702 *Returns:* Zero or a negative error code on error.
2709 -- Function: int gnutls_hash_get_len (gnutls_digest_algorithm_t
2711 ALGORITHM: the hash algorithm to use
2713 This function will return the length of the output data of the
2714 given hash algorithm.
2716 *Returns:* The length or zero on error.
2723 -- Function: int gnutls_hash_init (gnutls_hash_hd_t * DIG,
2724 gnutls_digest_algorithm_t ALGORITHM)
2725 DIG: is a 'gnutls_hash_hd_t' structure.
2727 ALGORITHM: the hash algorithm to use
2729 This function will initialize an context that can be used to
2730 produce a Message Digest of data. This will effectively use the
2731 current crypto backend in use by gnutls or the cryptographic
2734 *Returns:* Zero or a negative error code on error.
2741 -- Function: void gnutls_hash_output (gnutls_hash_hd_t HANDLE, void *
2743 HANDLE: is a 'gnutls_hash_hd_t' structure.
2745 DIGEST: is the output value of the hash
2747 This function will output the current hash value and reset the
2755 -- Function: int gnutls_hmac (gnutls_hmac_hd_t HANDLE, const void *
2756 TEXT, size_t TEXTLEN)
2757 HANDLE: is a 'gnutls_cipher_hd_t' structure.
2759 TEXT: the data to hash
2761 TEXTLEN: The length of data to hash
2763 This function will hash the given data using the algorithm
2764 specified by the context.
2766 *Returns:* Zero or a negative error code on error.
2773 -- Function: void gnutls_hmac_deinit (gnutls_hmac_hd_t HANDLE, void *
2775 HANDLE: is a 'gnutls_hmac_hd_t' structure.
2777 DIGEST: is the output value of the MAC
2779 This function will deinitialize all resources occupied by the given
2787 -- Function: int gnutls_hmac_fast (gnutls_mac_algorithm_t ALGORITHM,
2788 const void * KEY, size_t KEYLEN, const void * TEXT, size_t
2789 TEXTLEN, void * DIGEST)
2790 ALGORITHM: the hash algorithm to use
2794 KEYLEN: The length of the key
2796 TEXT: the data to hash
2798 TEXTLEN: The length of data to hash
2800 DIGEST: is the output value of the hash
2802 This convenience function will hash the given data and return
2803 output on a single call.
2805 *Returns:* Zero or a negative error code on error.
2812 -- Function: int gnutls_hmac_get_len (gnutls_mac_algorithm_t ALGORITHM)
2813 ALGORITHM: the hmac algorithm to use
2815 This function will return the length of the output data of the
2816 given hmac algorithm.
2818 *Returns:* The length or zero on error.
2825 -- Function: int gnutls_hmac_init (gnutls_hmac_hd_t * DIG,
2826 gnutls_mac_algorithm_t ALGORITHM, const void * KEY, size_t
2828 DIG: is a 'gnutls_hmac_hd_t' structure.
2830 ALGORITHM: the HMAC algorithm to use
2832 KEY: The key to be used for encryption
2834 KEYLEN: The length of the key
2836 This function will initialize an context that can be used to
2837 produce a Message Authentication Code (MAC) of data. This will
2838 effectively use the current crypto backend in use by gnutls or the
2839 cryptographic accelerator in use.
2841 Note that despite the name of this function, it can be used for
2842 other MAC algorithms than HMAC.
2844 *Returns:* Zero or a negative error code on error.
2851 -- Function: void gnutls_hmac_output (gnutls_hmac_hd_t HANDLE, void *
2853 HANDLE: is a 'gnutls_hmac_hd_t' structure.
2855 DIGEST: is the output value of the MAC
2857 This function will output the current MAC value and reset the state
2862 gnutls_hmac_set_nonce
2863 ---------------------
2865 -- Function: void gnutls_hmac_set_nonce (gnutls_hmac_hd_t HANDLE, const
2866 void * NONCE, size_t NONCE_LEN)
2867 HANDLE: is a 'gnutls_cipher_hd_t' structure.
2869 NONCE: the data to set as nonce
2871 NONCE_LEN: The length of data
2873 This function will set the nonce in the MAC algorithm.
2877 gnutls_mac_get_nonce_size
2878 -------------------------
2880 -- Function: size_t gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t
2882 ALGORITHM: is an encryption algorithm
2884 Returns the size of the nonce used by the MAC in TLS.
2886 *Returns:* length (in bytes) of the given MAC nonce size, or 0.
2893 -- Function: int gnutls_rnd (gnutls_rnd_level_t LEVEL, void * DATA,
2895 LEVEL: a security level
2897 DATA: place to store random bytes
2899 LEN: The requested size
2901 This function will generate random data and store it to output
2904 This function is thread-safe and also fork-safe.
2906 *Returns:* Zero on success, or a negative error code on error.
2913 -- Function: void gnutls_rnd_refresh ()
2915 This function refreshes the random generator state. That is the
2916 current precise time, CPU usage, and other values are input into
2919 On a slower rate input from /dev/urandom is mixed too.
2924 File: gnutls.info, Node: Compatibility API, Prev: Cryptographic API, Up: API reference
2926 E.12 Compatibility API
2927 ======================
2929 The following functions are carried over from old GnuTLS released. They
2930 might be removed at a later version. Their prototypes lie in
2933 gnutls_certificate_client_set_retrieve_function
2934 -----------------------------------------------
2936 -- Function: void gnutls_certificate_client_set_retrieve_function
2937 (gnutls_certificate_credentials_t CRED,
2938 gnutls_certificate_client_retrieve_function * FUNC)
2939 CRED: is a 'gnutls_certificate_credentials_t' structure.
2941 FUNC: is the callback function
2943 This function sets a callback to be called in order to retrieve the
2944 certificate to be used in the handshake. You are advised to use
2945 'gnutls_certificate_set_retrieve_function2()' because it is much
2946 more efficient in the processing it requires from gnutls.
2948 The callback's function prototype is: int
2949 (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int
2950 nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length,
2951 gnutls_retr_st* st);
2953 'req_ca_cert' is only used in X.509 certificates. Contains a list
2954 with the CA names that the server considers trusted. Normally we
2955 should send a certificate that is signed by one of these CAs.
2956 These names are DER encoded. To get a more meaningful value use
2957 the function 'gnutls_x509_rdn_get()' .
2959 'pk_algos' contains a list with server's acceptable signature
2960 algorithms. The certificate returned should support the server's
2963 'st' should contain the certificates and private keys.
2965 If the callback function is provided then gnutls will call it, in
2966 the handshake, if a certificate is requested by the server (and
2967 after the certificate request message has been received).
2969 The callback function should set the certificate list to be sent,
2970 and return 0 on success. If no certificate was selected then the
2971 number of certificates should be set to zero. The value (-1)
2972 indicates error and the handshake will be terminated.
2974 gnutls_certificate_server_set_retrieve_function
2975 -----------------------------------------------
2977 -- Function: void gnutls_certificate_server_set_retrieve_function
2978 (gnutls_certificate_credentials_t CRED,
2979 gnutls_certificate_server_retrieve_function * FUNC)
2980 CRED: is a 'gnutls_certificate_credentials_t' structure.
2982 FUNC: is the callback function
2984 This function sets a callback to be called in order to retrieve the
2985 certificate to be used in the handshake. You are advised to use
2986 'gnutls_certificate_set_retrieve_function2()' because it is much
2987 more efficient in the processing it requires from gnutls.
2989 The callback's function prototype is: int
2990 (*callback)(gnutls_session_t, gnutls_retr_st* st);
2992 'st' should contain the certificates and private keys.
2994 If the callback function is provided then gnutls will call it, in
2995 the handshake, after the certificate request message has been
2998 The callback function should set the certificate list to be sent,
2999 and return 0 on success. The value (-1) indicates error and the
3000 handshake will be terminated.
3002 gnutls_certificate_set_rsa_export_params
3003 ----------------------------------------
3005 -- Function: void gnutls_certificate_set_rsa_export_params
3006 (gnutls_certificate_credentials_t RES, gnutls_rsa_params_t
3008 RES: is a gnutls_certificate_credentials_t structure
3010 RSA_PARAMS: is a structure that holds temporary RSA parameters.
3012 This function will set the temporary RSA parameters for a
3013 certificate server to use. These parameters will be used in
3014 RSA-EXPORT cipher suites.
3016 gnutls_certificate_type_set_priority
3017 ------------------------------------
3019 -- Function: int gnutls_certificate_type_set_priority (gnutls_session_t
3020 SESSION, const int * LIST)
3021 SESSION: is a 'gnutls_session_t' structure.
3023 LIST: is a 0 terminated list of gnutls_certificate_type_t elements.
3025 Sets the priority on the certificate types supported by gnutls.
3026 Priority is higher for elements specified before others. After
3027 specifying the types you want, you must append a 0. Note that the
3028 certificate type priority is set on the client. The server does
3029 not use the cert type priority except for disabling types that were
3032 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
3034 gnutls_cipher_set_priority
3035 --------------------------
3037 -- Function: int gnutls_cipher_set_priority (gnutls_session_t SESSION,
3039 SESSION: is a 'gnutls_session_t' structure.
3041 LIST: is a 0 terminated list of gnutls_cipher_algorithm_t elements.
3043 Sets the priority on the ciphers supported by gnutls. Priority is
3044 higher for elements specified before others. After specifying the
3045 ciphers you want, you must append a 0. Note that the priority is
3046 set on the client. The server does not use the algorithm's
3047 priority except for disabling algorithms that were not specified.
3049 *Returns:* 'GNUTLS_E_SUCCESS' (0) on success, or a negative error
3052 gnutls_compression_set_priority
3053 -------------------------------
3055 -- Function: int gnutls_compression_set_priority (gnutls_session_t
3056 SESSION, const int * LIST)
3057 SESSION: is a 'gnutls_session_t' structure.
3059 LIST: is a 0 terminated list of gnutls_compression_method_t
3062 Sets the priority on the compression algorithms supported by
3063 gnutls. Priority is higher for elements specified before others.
3064 After specifying the algorithms you want, you must append a 0.
3065 Note that the priority is set on the client. The server does not
3066 use the algorithm's priority except for disabling algorithms that
3069 TLS 1.0 does not define any compression algorithms except NULL.
3070 Other compression algorithms are to be considered as gnutls
3073 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
3075 gnutls_global_set_mem_functions
3076 -------------------------------
3078 -- Function: void gnutls_global_set_mem_functions
3079 (gnutls_alloc_function ALLOC_FUNC, gnutls_alloc_function
3080 SECURE_ALLOC_FUNC, gnutls_is_secure_function IS_SECURE_FUNC,
3081 gnutls_realloc_function REALLOC_FUNC, gnutls_free_function
3083 ALLOC_FUNC: it's the default memory allocation function. Like
3086 SECURE_ALLOC_FUNC: This is the memory allocation function that will
3087 be used for sensitive data.
3089 IS_SECURE_FUNC: a function that returns 0 if the memory given is
3090 not secure. May be NULL.
3092 REALLOC_FUNC: A realloc function
3094 FREE_FUNC: The function that frees allocated data. Must accept a
3097 *Deprecated:* since 3.3.0 it is no longer possible to replace the
3098 internally used memory allocation functions
3100 This is the function where you set the memory allocation functions
3101 gnutls is going to use. By default the libc's allocation functions
3102 ('malloc()' , 'free()' ), are used by gnutls, to allocate both
3103 sensitive and not sensitive data. This function is provided to set
3104 the memory allocation functions to something other than the
3107 This function must be called before 'gnutls_global_init()' is
3108 called. This function is not thread safe.
3110 gnutls_kx_set_priority
3111 ----------------------
3113 -- Function: int gnutls_kx_set_priority (gnutls_session_t SESSION,
3115 SESSION: is a 'gnutls_session_t' structure.
3117 LIST: is a 0 terminated list of gnutls_kx_algorithm_t elements.
3119 Sets the priority on the key exchange algorithms supported by
3120 gnutls. Priority is higher for elements specified before others.
3121 After specifying the algorithms you want, you must append a 0.
3122 Note that the priority is set on the client. The server does not
3123 use the algorithm's priority except for disabling algorithms that
3126 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
3128 gnutls_mac_set_priority
3129 -----------------------
3131 -- Function: int gnutls_mac_set_priority (gnutls_session_t SESSION,
3133 SESSION: is a 'gnutls_session_t' structure.
3135 LIST: is a 0 terminated list of gnutls_mac_algorithm_t elements.
3137 Sets the priority on the mac algorithms supported by gnutls.
3138 Priority is higher for elements specified before others. After
3139 specifying the algorithms you want, you must append a 0. Note that
3140 the priority is set on the client. The server does not use the
3141 algorithm's priority except for disabling algorithms that were not
3144 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
3146 gnutls_openpgp_privkey_sign_hash
3147 --------------------------------
3149 -- Function: int gnutls_openpgp_privkey_sign_hash
3150 (gnutls_openpgp_privkey_t KEY, const gnutls_datum_t * HASH,
3151 gnutls_datum_t * SIGNATURE)
3154 HASH: holds the data to be signed
3156 SIGNATURE: will contain newly allocated signature
3158 This function will sign the given hash using the private key. You
3159 should use 'gnutls_openpgp_privkey_set_preferred_key_id()' before
3160 calling this function to set the subkey to use.
3162 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
3163 otherwise a negative error value.
3165 *Deprecated:* Use 'gnutls_privkey_sign_hash()' instead.
3167 gnutls_privkey_sign_raw_data
3168 ----------------------------
3170 -- Function: int gnutls_privkey_sign_raw_data (gnutls_privkey_t KEY,
3171 unsigned FLAGS, const gnutls_datum_t * DATA, gnutls_datum_t *
3175 FLAGS: should be zero
3177 DATA: holds the data to be signed
3179 SIGNATURE: will contain the signature allocate with
3182 This function will sign the given data using a signature algorithm
3183 supported by the private key. Note that this is a low-level
3184 function and does not apply any preprocessing or hash on the signed
3185 data. For example on an RSA key the input 'data' should be of the
3186 DigestInfo PKCS '1' 1.5 format. Use it only if you know what are
3189 Note this function is equivalent to using the
3190 'GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA' flag with
3191 'gnutls_privkey_sign_hash()' .
3193 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
3194 otherwise a negative error value.
3198 gnutls_protocol_set_priority
3199 ----------------------------
3201 -- Function: int gnutls_protocol_set_priority (gnutls_session_t
3202 SESSION, const int * LIST)
3203 SESSION: is a 'gnutls_session_t' structure.
3205 LIST: is a 0 terminated list of gnutls_protocol_t elements.
3207 Sets the priority on the protocol versions supported by gnutls.
3208 This function actually enables or disables protocols. Newer
3209 protocol versions always have highest priority.
3211 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
3213 gnutls_rsa_export_get_modulus_bits
3214 ----------------------------------
3216 -- Function: int gnutls_rsa_export_get_modulus_bits (gnutls_session_t
3218 SESSION: is a gnutls session
3220 Get the export RSA parameter's modulus size.
3222 *Returns:* The bits used in the last RSA-EXPORT key exchange with
3223 the peer, or a negative error code in case of error.
3225 gnutls_rsa_export_get_pubkey
3226 ----------------------------
3228 -- Function: int gnutls_rsa_export_get_pubkey (gnutls_session_t
3229 SESSION, gnutls_datum_t * EXPONENT, gnutls_datum_t * MODULUS)
3230 SESSION: is a gnutls session
3232 EXPONENT: will hold the exponent.
3234 MODULUS: will hold the modulus.
3236 This function will return the peer's public key exponent and
3237 modulus used in the last RSA-EXPORT authentication. The output
3238 parameters must be freed with 'gnutls_free()' .
3240 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
3241 otherwise an error code is returned.
3243 gnutls_rsa_params_cpy
3244 ---------------------
3246 -- Function: int gnutls_rsa_params_cpy (gnutls_rsa_params_t DST,
3247 gnutls_rsa_params_t SRC)
3248 DST: Is the destination structure, which should be initialized.
3250 SRC: Is the source structure
3252 This function will copy the RSA parameters structure from source to
3255 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error
3258 gnutls_rsa_params_deinit
3259 ------------------------
3261 -- Function: void gnutls_rsa_params_deinit (gnutls_rsa_params_t
3263 RSA_PARAMS: Is a structure that holds the parameters
3265 This function will deinitialize the RSA parameters structure.
3267 gnutls_rsa_params_export_pkcs1
3268 ------------------------------
3270 -- Function: int gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t
3271 PARAMS, gnutls_x509_crt_fmt_t FORMAT, unsigned char *
3272 PARAMS_DATA, size_t * PARAMS_DATA_SIZE)
3273 PARAMS: Holds the RSA parameters
3275 FORMAT: the format of output params. One of PEM or DER.
3277 PARAMS_DATA: will contain a PKCS1 RSAPrivateKey structure PEM or
3280 PARAMS_DATA_SIZE: holds the size of params_data (and will be
3281 replaced by the actual size of parameters)
3283 This function will export the given RSA parameters to a PKCS1
3284 RSAPrivateKey structure. If the buffer provided is not long enough
3285 to hold the output, then GNUTLS_E_SHORT_MEMORY_BUFFER will be
3288 If the structure is PEM encoded, it will have a header of "BEGIN
3291 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error
3294 gnutls_rsa_params_export_raw
3295 ----------------------------
3297 -- Function: int gnutls_rsa_params_export_raw (gnutls_rsa_params_t RSA,
3298 gnutls_datum_t * M, gnutls_datum_t * E, gnutls_datum_t * D,
3299 gnutls_datum_t * P, gnutls_datum_t * Q, gnutls_datum_t * U,
3300 unsigned int * BITS)
3301 RSA: a structure that holds the rsa parameters
3303 M: will hold the modulus
3305 E: will hold the public exponent
3307 D: will hold the private exponent
3309 P: will hold the first prime (p)
3311 Q: will hold the second prime (q)
3313 U: will hold the coefficient
3315 BITS: if non null will hold the prime's number of bits
3317 This function will export the RSA parameters found in the given
3318 structure. The new parameters will be allocated using
3319 'gnutls_malloc()' and will be stored in the appropriate datum.
3321 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error
3324 gnutls_rsa_params_generate2
3325 ---------------------------
3327 -- Function: int gnutls_rsa_params_generate2 (gnutls_rsa_params_t
3328 PARAMS, unsigned int BITS)
3329 PARAMS: The structure where the parameters will be stored
3331 BITS: is the prime's number of bits
3333 This function will generate new temporary RSA parameters for use in
3334 RSA-EXPORT ciphersuites. This function is normally slow.
3336 Note that if the parameters are to be used in export cipher suites
3337 the bits value should be 512 or less. Also note that the
3338 generation of new RSA parameters is only useful to servers.
3339 Clients use the parameters sent by the server, thus it's no use
3340 calling this in client side.
3342 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error
3345 gnutls_rsa_params_import_pkcs1
3346 ------------------------------
3348 -- Function: int gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t
3349 PARAMS, const gnutls_datum_t * PKCS1_PARAMS,
3350 gnutls_x509_crt_fmt_t FORMAT)
3351 PARAMS: A structure where the parameters will be copied to
3353 PKCS1_PARAMS: should contain a PKCS1 RSAPrivateKey structure PEM or
3356 FORMAT: the format of params. PEM or DER.
3358 This function will extract the RSAPrivateKey found in a PKCS1
3359 formatted structure.
3361 If the structure is PEM encoded, it should have a header of "BEGIN
3364 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error
3367 gnutls_rsa_params_import_raw
3368 ----------------------------
3370 -- Function: int gnutls_rsa_params_import_raw (gnutls_rsa_params_t
3371 RSA_PARAMS, const gnutls_datum_t * M, const gnutls_datum_t *
3372 E, const gnutls_datum_t * D, const gnutls_datum_t * P, const
3373 gnutls_datum_t * Q, const gnutls_datum_t * U)
3374 RSA_PARAMS: Is a structure will hold the parameters
3376 M: holds the modulus
3378 E: holds the public exponent
3380 D: holds the private exponent
3382 P: holds the first prime (p)
3384 Q: holds the second prime (q)
3386 U: holds the coefficient
3388 This function will replace the parameters in the given structure.
3389 The new parameters should be stored in the appropriate
3392 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error
3395 gnutls_rsa_params_init
3396 ----------------------
3398 -- Function: int gnutls_rsa_params_init (gnutls_rsa_params_t *
3400 RSA_PARAMS: Is a structure that will hold the parameters
3402 This function will initialize the temporary RSA parameters
3405 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error
3408 gnutls_set_default_export_priority
3409 ----------------------------------
3411 -- Function: int gnutls_set_default_export_priority (gnutls_session_t
3413 SESSION: is a 'gnutls_session_t' structure.
3415 Sets some default priority on the ciphers, key exchange methods,
3416 macs and compression methods. This function also includes weak
3419 This is the same as calling:
3421 gnutls_priority_set_direct (session, "EXPORT", NULL);
3423 This function is kept around for backwards compatibility, but
3424 because of its wide use it is still fully supported. If you wish
3425 to allow users to provide a string that specify which ciphers to
3426 use (which is recommended), you should use
3427 'gnutls_priority_set_direct()' or 'gnutls_priority_set()' instead.
3429 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
3431 gnutls_sign_callback_get
3432 ------------------------
3434 -- Function: gnutls_sign_func gnutls_sign_callback_get
3435 (gnutls_session_t SESSION, void ** USERDATA)
3436 SESSION: is a gnutls session
3438 USERDATA: if non-'NULL' , will be set to abstract callback pointer.
3440 Retrieve the callback function, and its userdata pointer.
3442 *Returns:* The function pointer set by 'gnutls_sign_callback_set()'
3443 , or if not set, 'NULL' .
3445 *Deprecated:* Use the PKCS 11 interfaces instead.
3447 gnutls_sign_callback_set
3448 ------------------------
3450 -- Function: void gnutls_sign_callback_set (gnutls_session_t SESSION,
3451 gnutls_sign_func SIGN_FUNC, void * USERDATA)
3452 SESSION: is a gnutls session
3454 SIGN_FUNC: function pointer to application's sign callback.
3456 USERDATA: void pointer that will be passed to sign callback.
3458 Set the callback function. The function must have this prototype:
3460 typedef int (*gnutls_sign_func) (gnutls_session_t session, void
3461 *userdata, gnutls_certificate_type_t cert_type, const
3462 gnutls_datum_t * cert, const gnutls_datum_t * hash, gnutls_datum_t
3465 The 'userdata' parameter is passed to the 'sign_func' verbatim, and
3466 can be used to store application-specific data needed in the
3467 callback function. See also 'gnutls_sign_callback_get()' .
3469 *Deprecated:* Use the PKCS 11 or 'gnutls_privkey_t' interfacess
3470 like 'gnutls_privkey_import_ext()' instead.
3472 gnutls_x509_crl_sign
3473 --------------------
3475 -- Function: int gnutls_x509_crl_sign (gnutls_x509_crl_t CRL,
3476 gnutls_x509_crt_t ISSUER, gnutls_x509_privkey_t ISSUER_KEY)
3477 CRL: should contain a gnutls_x509_crl_t structure
3479 ISSUER: is the certificate of the certificate issuer
3481 ISSUER_KEY: holds the issuer's private key
3483 This function is the same a 'gnutls_x509_crl_sign2()' with no
3484 flags, and SHA1 as the hash algorithm.
3486 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
3487 otherwise a negative error value.
3489 *Deprecated:* Use 'gnutls_x509_crl_privkey_sign()' .
3491 gnutls_x509_crq_sign
3492 --------------------
3494 -- Function: int gnutls_x509_crq_sign (gnutls_x509_crq_t CRQ,
3495 gnutls_x509_privkey_t KEY)
3496 CRQ: should contain a 'gnutls_x509_crq_t' structure
3498 KEY: holds a private key
3500 This function is the same a 'gnutls_x509_crq_sign2()' with no
3501 flags, and SHA1 as the hash algorithm.
3503 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
3504 otherwise a negative error value.
3506 *Deprecated:* Use 'gnutls_x509_crq_privkey_sign()' instead.
3508 gnutls_x509_crt_get_preferred_hash_algorithm
3509 --------------------------------------------
3511 -- Function: int gnutls_x509_crt_get_preferred_hash_algorithm
3512 (gnutls_x509_crt_t CRT, gnutls_digest_algorithm_t * HASH,
3513 unsigned int * MAND)
3514 CRT: Holds the certificate
3516 HASH: The result of the call with the hash algorithm used for
3519 MAND: If non-zero it means that the algorithm MUST use this hash.
3522 This function will read the certifcate and return the appropriate
3523 digest algorithm to use for signing with this certificate. Some
3524 certificates (i.e. DSA might not be able to sign without the
3525 preferred algorithm).
3527 *Deprecated:* Please use
3528 'gnutls_pubkey_get_preferred_hash_algorithm()' .
3530 *Returns:* the 0 if the hash algorithm is found. A negative error
3531 code is returned on error.
3535 gnutls_x509_crt_get_verify_algorithm
3536 ------------------------------------
3538 -- Function: int gnutls_x509_crt_get_verify_algorithm
3539 (gnutls_x509_crt_t CRT, const gnutls_datum_t * SIGNATURE,
3540 gnutls_digest_algorithm_t * HASH)
3541 CRT: Holds the certificate
3543 SIGNATURE: contains the signature
3545 HASH: The result of the call with the hash algorithm used for
3548 This function will read the certifcate and the signed data to
3549 determine the hash algorithm used to generate the signature.
3551 *Deprecated:* Use 'gnutls_pubkey_get_verify_algorithm()' instead.
3553 *Returns:* the 0 if the hash algorithm is found. A negative error
3554 code is returned on error.
3558 gnutls_x509_crt_verify_data
3559 ---------------------------
3561 -- Function: int gnutls_x509_crt_verify_data (gnutls_x509_crt_t CRT,
3562 unsigned int FLAGS, const gnutls_datum_t * DATA, const
3563 gnutls_datum_t * SIGNATURE)
3564 CRT: Holds the certificate
3566 FLAGS: should be 0 for now
3568 DATA: holds the data to be signed
3570 SIGNATURE: contains the signature
3572 This function will verify the given signed data, using the
3573 parameters from the certificate.
3575 Deprecated. This function cannot be easily used securely. Use
3576 'gnutls_pubkey_verify_data2()' instead.
3578 *Returns:* In case of a verification failure
3579 'GNUTLS_E_PK_SIG_VERIFY_FAILED' is returned, and zero or positive
3582 gnutls_x509_crt_verify_hash
3583 ---------------------------
3585 -- Function: int gnutls_x509_crt_verify_hash (gnutls_x509_crt_t CRT,
3586 unsigned int FLAGS, const gnutls_datum_t * HASH, const
3587 gnutls_datum_t * SIGNATURE)
3588 CRT: Holds the certificate
3590 FLAGS: should be 0 for now
3592 HASH: holds the hash digest to be verified
3594 SIGNATURE: contains the signature
3596 This function will verify the given signed digest, using the
3597 parameters from the certificate.
3599 Deprecated. This function cannot be easily used securely. Use
3600 'gnutls_pubkey_verify_hash2()' instead.
3602 *Returns:* In case of a verification failure
3603 'GNUTLS_E_PK_SIG_VERIFY_FAILED' is returned, and zero or positive
3606 gnutls_x509_privkey_sign_data
3607 -----------------------------
3609 -- Function: int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t
3610 KEY, gnutls_digest_algorithm_t DIGEST, unsigned int FLAGS,
3611 const gnutls_datum_t * DATA, void * SIGNATURE, size_t *
3615 DIGEST: should be MD5 or SHA1
3617 FLAGS: should be 0 for now
3619 DATA: holds the data to be signed
3621 SIGNATURE: will contain the signature
3623 SIGNATURE_SIZE: holds the size of signature (and will be replaced
3626 This function will sign the given data using a signature algorithm
3627 supported by the private key. Signature algorithms are always used
3628 together with a hash functions. Different hash functions may be
3629 used for the RSA algorithm, but only SHA-1 for the DSA keys.
3631 If the buffer provided is not long enough to hold the output, then
3632 * 'signature_size' is updated and 'GNUTLS_E_SHORT_MEMORY_BUFFER'
3635 Use 'gnutls_x509_crt_get_preferred_hash_algorithm()' to determine
3638 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
3639 otherwise a negative error value.
3641 *Deprecated:* Use 'gnutls_privkey_sign_data()' .
3643 gnutls_x509_privkey_sign_hash
3644 -----------------------------
3646 -- Function: int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t
3647 KEY, const gnutls_datum_t * HASH, gnutls_datum_t * SIGNATURE)
3650 HASH: holds the data to be signed
3652 SIGNATURE: will contain newly allocated signature
3654 This function will sign the given hash using the private key. Do
3655 not use this function directly unless you know what it is. Typical
3656 signing requires the data to be hashed and stored in special
3657 formats (e.g. BER Digest-Info for RSA).
3659 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
3660 otherwise a negative error value.
3662 Deprecated in: 2.12.0
3665 File: gnutls.info, Node: Copying Information, Next: Bibliography, Prev: API reference, Up: Top
3667 Appendix F Copying Information
3668 ******************************
3670 GNU Free Documentation License
3671 ==============================
3673 Version 1.3, 3 November 2008
3675 Copyright (C) 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc.
3678 Everyone is permitted to copy and distribute verbatim copies
3679 of this license document, but changing it is not allowed.
3683 The purpose of this License is to make a manual, textbook, or other
3684 functional and useful document "free" in the sense of freedom: to
3685 assure everyone the effective freedom to copy and redistribute it,
3686 with or without modifying it, either commercially or
3687 noncommercially. Secondarily, this License preserves for the
3688 author and publisher a way to get credit for their work, while not
3689 being considered responsible for modifications made by others.
3691 This License is a kind of "copyleft", which means that derivative
3692 works of the document must themselves be free in the same sense.
3693 It complements the GNU General Public License, which is a copyleft
3694 license designed for free software.
3696 We have designed this License in order to use it for manuals for
3697 free software, because free software needs free documentation: a
3698 free program should come with manuals providing the same freedoms
3699 that the software does. But this License is not limited to
3700 software manuals; it can be used for any textual work, regardless
3701 of subject matter or whether it is published as a printed book. We
3702 recommend this License principally for works whose purpose is
3703 instruction or reference.
3705 1. APPLICABILITY AND DEFINITIONS
3707 This License applies to any manual or other work, in any medium,
3708 that contains a notice placed by the copyright holder saying it can
3709 be distributed under the terms of this License. Such a notice
3710 grants a world-wide, royalty-free license, unlimited in duration,
3711 to use that work under the conditions stated herein. The
3712 "Document", below, refers to any such manual or work. Any member
3713 of the public is a licensee, and is addressed as "you". You accept
3714 the license if you copy, modify or distribute the work in a way
3715 requiring permission under copyright law.
3717 A "Modified Version" of the Document means any work containing the
3718 Document or a portion of it, either copied verbatim, or with
3719 modifications and/or translated into another language.
3721 A "Secondary Section" is a named appendix or a front-matter section
3722 of the Document that deals exclusively with the relationship of the
3723 publishers or authors of the Document to the Document's overall
3724 subject (or to related matters) and contains nothing that could
3725 fall directly within that overall subject. (Thus, if the Document
3726 is in part a textbook of mathematics, a Secondary Section may not
3727 explain any mathematics.) The relationship could be a matter of
3728 historical connection with the subject or with related matters, or
3729 of legal, commercial, philosophical, ethical or political position
3732 The "Invariant Sections" are certain Secondary Sections whose
3733 titles are designated, as being those of Invariant Sections, in the
3734 notice that says that the Document is released under this License.
3735 If a section does not fit the above definition of Secondary then it
3736 is not allowed to be designated as Invariant. The Document may
3737 contain zero Invariant Sections. If the Document does not identify
3738 any Invariant Sections then there are none.
3740 The "Cover Texts" are certain short passages of text that are
3741 listed, as Front-Cover Texts or Back-Cover Texts, in the notice
3742 that says that the Document is released under this License. A
3743 Front-Cover Text may be at most 5 words, and a Back-Cover Text may
3744 be at most 25 words.
3746 A "Transparent" copy of the Document means a machine-readable copy,
3747 represented in a format whose specification is available to the
3748 general public, that is suitable for revising the document
3749 straightforwardly with generic text editors or (for images composed
3750 of pixels) generic paint programs or (for drawings) some widely
3751 available drawing editor, and that is suitable for input to text
3752 formatters or for automatic translation to a variety of formats
3753 suitable for input to text formatters. A copy made in an otherwise
3754 Transparent file format whose markup, or absence of markup, has
3755 been arranged to thwart or discourage subsequent modification by
3756 readers is not Transparent. An image format is not Transparent if
3757 used for any substantial amount of text. A copy that is not
3758 "Transparent" is called "Opaque".
3760 Examples of suitable formats for Transparent copies include plain
3761 ASCII without markup, Texinfo input format, LaTeX input format,
3762 SGML or XML using a publicly available DTD, and standard-conforming
3763 simple HTML, PostScript or PDF designed for human modification.
3764 Examples of transparent image formats include PNG, XCF and JPG.
3765 Opaque formats include proprietary formats that can be read and
3766 edited only by proprietary word processors, SGML or XML for which
3767 the DTD and/or processing tools are not generally available, and
3768 the machine-generated HTML, PostScript or PDF produced by some word
3769 processors for output purposes only.
3771 The "Title Page" means, for a printed book, the title page itself,
3772 plus such following pages as are needed to hold, legibly, the
3773 material this License requires to appear in the title page. For
3774 works in formats which do not have any title page as such, "Title
3775 Page" means the text near the most prominent appearance of the
3776 work's title, preceding the beginning of the body of the text.
3778 The "publisher" means any person or entity that distributes copies
3779 of the Document to the public.
3781 A section "Entitled XYZ" means a named subunit of the Document
3782 whose title either is precisely XYZ or contains XYZ in parentheses
3783 following text that translates XYZ in another language. (Here XYZ
3784 stands for a specific section name mentioned below, such as
3785 "Acknowledgements", "Dedications", "Endorsements", or "History".)
3786 To "Preserve the Title" of such a section when you modify the
3787 Document means that it remains a section "Entitled XYZ" according
3790 The Document may include Warranty Disclaimers next to the notice
3791 which states that this License applies to the Document. These
3792 Warranty Disclaimers are considered to be included by reference in
3793 this License, but only as regards disclaiming warranties: any other
3794 implication that these Warranty Disclaimers may have is void and
3795 has no effect on the meaning of this License.
3799 You may copy and distribute the Document in any medium, either
3800 commercially or noncommercially, provided that this License, the
3801 copyright notices, and the license notice saying this License
3802 applies to the Document are reproduced in all copies, and that you
3803 add no other conditions whatsoever to those of this License. You
3804 may not use technical measures to obstruct or control the reading
3805 or further copying of the copies you make or distribute. However,
3806 you may accept compensation in exchange for copies. If you
3807 distribute a large enough number of copies you must also follow the
3808 conditions in section 3.
3810 You may also lend copies, under the same conditions stated above,
3811 and you may publicly display copies.
3813 3. COPYING IN QUANTITY
3815 If you publish printed copies (or copies in media that commonly
3816 have printed covers) of the Document, numbering more than 100, and
3817 the Document's license notice requires Cover Texts, you must
3818 enclose the copies in covers that carry, clearly and legibly, all
3819 these Cover Texts: Front-Cover Texts on the front cover, and
3820 Back-Cover Texts on the back cover. Both covers must also clearly
3821 and legibly identify you as the publisher of these copies. The
3822 front cover must present the full title with all words of the title
3823 equally prominent and visible. You may add other material on the
3824 covers in addition. Copying with changes limited to the covers, as
3825 long as they preserve the title of the Document and satisfy these
3826 conditions, can be treated as verbatim copying in other respects.
3828 If the required texts for either cover are too voluminous to fit
3829 legibly, you should put the first ones listed (as many as fit
3830 reasonably) on the actual cover, and continue the rest onto
3833 If you publish or distribute Opaque copies of the Document
3834 numbering more than 100, you must either include a machine-readable
3835 Transparent copy along with each Opaque copy, or state in or with
3836 each Opaque copy a computer-network location from which the general
3837 network-using public has access to download using public-standard
3838 network protocols a complete Transparent copy of the Document, free
3839 of added material. If you use the latter option, you must take
3840 reasonably prudent steps, when you begin distribution of Opaque
3841 copies in quantity, to ensure that this Transparent copy will
3842 remain thus accessible at the stated location until at least one
3843 year after the last time you distribute an Opaque copy (directly or
3844 through your agents or retailers) of that edition to the public.
3846 It is requested, but not required, that you contact the authors of
3847 the Document well before redistributing any large number of copies,
3848 to give them a chance to provide you with an updated version of the
3853 You may copy and distribute a Modified Version of the Document
3854 under the conditions of sections 2 and 3 above, provided that you
3855 release the Modified Version under precisely this License, with the
3856 Modified Version filling the role of the Document, thus licensing
3857 distribution and modification of the Modified Version to whoever
3858 possesses a copy of it. In addition, you must do these things in
3859 the Modified Version:
3861 A. Use in the Title Page (and on the covers, if any) a title
3862 distinct from that of the Document, and from those of previous
3863 versions (which should, if there were any, be listed in the
3864 History section of the Document). You may use the same title
3865 as a previous version if the original publisher of that
3866 version gives permission.
3868 B. List on the Title Page, as authors, one or more persons or
3869 entities responsible for authorship of the modifications in
3870 the Modified Version, together with at least five of the
3871 principal authors of the Document (all of its principal
3872 authors, if it has fewer than five), unless they release you
3873 from this requirement.
3875 C. State on the Title page the name of the publisher of the
3876 Modified Version, as the publisher.
3878 D. Preserve all the copyright notices of the Document.
3880 E. Add an appropriate copyright notice for your modifications
3881 adjacent to the other copyright notices.
3883 F. Include, immediately after the copyright notices, a license
3884 notice giving the public permission to use the Modified
3885 Version under the terms of this License, in the form shown in
3888 G. Preserve in that license notice the full lists of Invariant
3889 Sections and required Cover Texts given in the Document's
3892 H. Include an unaltered copy of this License.
3894 I. Preserve the section Entitled "History", Preserve its Title,
3895 and add to it an item stating at least the title, year, new
3896 authors, and publisher of the Modified Version as given on the
3897 Title Page. If there is no section Entitled "History" in the
3898 Document, create one stating the title, year, authors, and
3899 publisher of the Document as given on its Title Page, then add
3900 an item describing the Modified Version as stated in the
3903 J. Preserve the network location, if any, given in the Document
3904 for public access to a Transparent copy of the Document, and
3905 likewise the network locations given in the Document for
3906 previous versions it was based on. These may be placed in the
3907 "History" section. You may omit a network location for a work
3908 that was published at least four years before the Document
3909 itself, or if the original publisher of the version it refers
3910 to gives permission.
3912 K. For any section Entitled "Acknowledgements" or "Dedications",
3913 Preserve the Title of the section, and preserve in the section
3914 all the substance and tone of each of the contributor
3915 acknowledgements and/or dedications given therein.
3917 L. Preserve all the Invariant Sections of the Document, unaltered
3918 in their text and in their titles. Section numbers or the
3919 equivalent are not considered part of the section titles.
3921 M. Delete any section Entitled "Endorsements". Such a section
3922 may not be included in the Modified Version.
3924 N. Do not retitle any existing section to be Entitled
3925 "Endorsements" or to conflict in title with any Invariant
3928 O. Preserve any Warranty Disclaimers.
3930 If the Modified Version includes new front-matter sections or
3931 appendices that qualify as Secondary Sections and contain no
3932 material copied from the Document, you may at your option designate
3933 some or all of these sections as invariant. To do this, add their
3934 titles to the list of Invariant Sections in the Modified Version's
3935 license notice. These titles must be distinct from any other
3938 You may add a section Entitled "Endorsements", provided it contains
3939 nothing but endorsements of your Modified Version by various
3940 parties--for example, statements of peer review or that the text
3941 has been approved by an organization as the authoritative
3942 definition of a standard.
3944 You may add a passage of up to five words as a Front-Cover Text,
3945 and a passage of up to 25 words as a Back-Cover Text, to the end of
3946 the list of Cover Texts in the Modified Version. Only one passage
3947 of Front-Cover Text and one of Back-Cover Text may be added by (or
3948 through arrangements made by) any one entity. If the Document
3949 already includes a cover text for the same cover, previously added
3950 by you or by arrangement made by the same entity you are acting on
3951 behalf of, you may not add another; but you may replace the old
3952 one, on explicit permission from the previous publisher that added
3955 The author(s) and publisher(s) of the Document do not by this
3956 License give permission to use their names for publicity for or to
3957 assert or imply endorsement of any Modified Version.
3959 5. COMBINING DOCUMENTS
3961 You may combine the Document with other documents released under
3962 this License, under the terms defined in section 4 above for
3963 modified versions, provided that you include in the combination all
3964 of the Invariant Sections of all of the original documents,
3965 unmodified, and list them all as Invariant Sections of your
3966 combined work in its license notice, and that you preserve all
3967 their Warranty Disclaimers.
3969 The combined work need only contain one copy of this License, and
3970 multiple identical Invariant Sections may be replaced with a single
3971 copy. If there are multiple Invariant Sections with the same name
3972 but different contents, make the title of each such section unique
3973 by adding at the end of it, in parentheses, the name of the
3974 original author or publisher of that section if known, or else a
3975 unique number. Make the same adjustment to the section titles in
3976 the list of Invariant Sections in the license notice of the
3979 In the combination, you must combine any sections Entitled
3980 "History" in the various original documents, forming one section
3981 Entitled "History"; likewise combine any sections Entitled
3982 "Acknowledgements", and any sections Entitled "Dedications". You
3983 must delete all sections Entitled "Endorsements."
3985 6. COLLECTIONS OF DOCUMENTS
3987 You may make a collection consisting of the Document and other
3988 documents released under this License, and replace the individual
3989 copies of this License in the various documents with a single copy
3990 that is included in the collection, provided that you follow the
3991 rules of this License for verbatim copying of each of the documents
3992 in all other respects.
3994 You may extract a single document from such a collection, and
3995 distribute it individually under this License, provided you insert
3996 a copy of this License into the extracted document, and follow this
3997 License in all other respects regarding verbatim copying of that
4000 7. AGGREGATION WITH INDEPENDENT WORKS
4002 A compilation of the Document or its derivatives with other
4003 separate and independent documents or works, in or on a volume of a
4004 storage or distribution medium, is called an "aggregate" if the
4005 copyright resulting from the compilation is not used to limit the
4006 legal rights of the compilation's users beyond what the individual
4007 works permit. When the Document is included in an aggregate, this
4008 License does not apply to the other works in the aggregate which
4009 are not themselves derivative works of the Document.
4011 If the Cover Text requirement of section 3 is applicable to these
4012 copies of the Document, then if the Document is less than one half
4013 of the entire aggregate, the Document's Cover Texts may be placed
4014 on covers that bracket the Document within the aggregate, or the
4015 electronic equivalent of covers if the Document is in electronic
4016 form. Otherwise they must appear on printed covers that bracket
4017 the whole aggregate.
4021 Translation is considered a kind of modification, so you may
4022 distribute translations of the Document under the terms of section
4023 4. Replacing Invariant Sections with translations requires special
4024 permission from their copyright holders, but you may include
4025 translations of some or all Invariant Sections in addition to the
4026 original versions of these Invariant Sections. You may include a
4027 translation of this License, and all the license notices in the
4028 Document, and any Warranty Disclaimers, provided that you also
4029 include the original English version of this License and the
4030 original versions of those notices and disclaimers. In case of a
4031 disagreement between the translation and the original version of
4032 this License or a notice or disclaimer, the original version will
4035 If a section in the Document is Entitled "Acknowledgements",
4036 "Dedications", or "History", the requirement (section 4) to
4037 Preserve its Title (section 1) will typically require changing the
4042 You may not copy, modify, sublicense, or distribute the Document
4043 except as expressly provided under this License. Any attempt
4044 otherwise to copy, modify, sublicense, or distribute it is void,
4045 and will automatically terminate your rights under this License.
4047 However, if you cease all violation of this License, then your
4048 license from a particular copyright holder is reinstated (a)
4049 provisionally, unless and until the copyright holder explicitly and
4050 finally terminates your license, and (b) permanently, if the
4051 copyright holder fails to notify you of the violation by some
4052 reasonable means prior to 60 days after the cessation.
4054 Moreover, your license from a particular copyright holder is
4055 reinstated permanently if the copyright holder notifies you of the
4056 violation by some reasonable means, this is the first time you have
4057 received notice of violation of this License (for any work) from
4058 that copyright holder, and you cure the violation prior to 30 days
4059 after your receipt of the notice.
4061 Termination of your rights under this section does not terminate
4062 the licenses of parties who have received copies or rights from you
4063 under this License. If your rights have been terminated and not
4064 permanently reinstated, receipt of a copy of some or all of the
4065 same material does not give you any rights to use it.
4067 10. FUTURE REVISIONS OF THIS LICENSE
4069 The Free Software Foundation may publish new, revised versions of
4070 the GNU Free Documentation License from time to time. Such new
4071 versions will be similar in spirit to the present version, but may
4072 differ in detail to address new problems or concerns. See
4073 <http://www.gnu.org/copyleft/>.
4075 Each version of the License is given a distinguishing version
4076 number. If the Document specifies that a particular numbered
4077 version of this License "or any later version" applies to it, you
4078 have the option of following the terms and conditions either of
4079 that specified version or of any later version that has been
4080 published (not as a draft) by the Free Software Foundation. If the
4081 Document does not specify a version number of this License, you may
4082 choose any version ever published (not as a draft) by the Free
4083 Software Foundation. If the Document specifies that a proxy can
4084 decide which future versions of this License can be used, that
4085 proxy's public statement of acceptance of a version permanently
4086 authorizes you to choose that version for the Document.
4090 "Massive Multiauthor Collaboration Site" (or "MMC Site") means any
4091 World Wide Web server that publishes copyrightable works and also
4092 provides prominent facilities for anybody to edit those works. A
4093 public wiki that anybody can edit is an example of such a server.
4094 A "Massive Multiauthor Collaboration" (or "MMC") contained in the
4095 site means any set of copyrightable works thus published on the MMC
4098 "CC-BY-SA" means the Creative Commons Attribution-Share Alike 3.0
4099 license published by Creative Commons Corporation, a not-for-profit
4100 corporation with a principal place of business in San Francisco,
4101 California, as well as future copyleft versions of that license
4102 published by that same organization.
4104 "Incorporate" means to publish or republish a Document, in whole or
4105 in part, as part of another Document.
4107 An MMC is "eligible for relicensing" if it is licensed under this
4108 License, and if all works that were first published under this
4109 License somewhere other than this MMC, and subsequently
4110 incorporated in whole or in part into the MMC, (1) had no cover
4111 texts or invariant sections, and (2) were thus incorporated prior
4112 to November 1, 2008.
4114 The operator of an MMC Site may republish an MMC contained in the
4115 site under CC-BY-SA on the same site at any time before August 1,
4116 2009, provided the MMC is eligible for relicensing.
4118 ADDENDUM: How to use this License for your documents
4119 ====================================================
4121 To use this License in a document you have written, include a copy of
4122 the License in the document and put the following copyright and license
4123 notices just after the title page:
4125 Copyright (C) YEAR YOUR NAME.
4126 Permission is granted to copy, distribute and/or modify this document
4127 under the terms of the GNU Free Documentation License, Version 1.3
4128 or any later version published by the Free Software Foundation;
4129 with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
4130 Texts. A copy of the license is included in the section entitled ``GNU
4131 Free Documentation License''.
4133 If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts,
4134 replace the "with...Texts." line with this:
4136 with the Invariant Sections being LIST THEIR TITLES, with
4137 the Front-Cover Texts being LIST, and with the Back-Cover Texts
4140 If you have Invariant Sections without Cover Texts, or some other
4141 combination of the three, merge those two alternatives to suit the
4144 If your document contains nontrivial examples of program code, we
4145 recommend releasing these examples in parallel under your choice of free
4146 software license, such as the GNU General Public License, to permit
4147 their use in free software.
4150 File: gnutls.info, Node: Bibliography, Next: Function and Data Index, Prev: Copying Information, Up: Top
4156 Bodo Moeller, "Security of CBC Ciphersuites in SSL/TLS: Problems
4157 and Countermeasures", 2002, available from
4158 <http://www.openssl.org/~bodo/tls-cbc.txt>.
4161 Mike Ashley, "The GNU Privacy Handbook", 2002, available from
4162 <http://www.gnupg.org/gph/en/manual.pdf>.
4165 Peter Gutmann, "Everything you never wanted to know about PKI but
4166 were forced to find out", Available from
4167 <http://www.cs.auckland.ac.nz/~pgut001/>.
4170 Chris Evans and Chris Palmer, "Public Key Pinning Extension for
4171 HTTP", Available from
4172 <http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01>.
4175 NIST Special Publication 800-57, "Recommendation for Key Management
4176 - Part 1: General (Revised)", March 2007, available from
4177 <http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf>.
4180 Tim Dierks and Christopher Allen, "The TLS Protocol Version 1.0",
4181 January 1999, Available from <http://www.ietf.org/rfc/rfc2246.txt>.
4184 Ted Krovetz, "UMAC: Message Authentication Code using Universal
4185 Hashing", March 2006, Available from
4186 <http://www.ietf.org/rfc/rfc4418.txt>.
4189 S. Santesson, "TLS Handshake Message for Supplemental Data",
4190 September 2006, Available from
4191 <http://www.ietf.org/rfc/rfc4680.txt>.
4194 Kurt D. Zeilenga, "Lightweight Directory Access Protocol (LDAP):
4195 String Representation of Distinguished Names", June 2006, Available
4196 from <http://www.ietf.org/rfc/rfc4513.txt>.
4199 Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.1", Match
4200 2006, Available from <http://www.ietf.org/rfc/rfc4346.txt>.
4203 Eric Rescorla and Nagendra Modadugu, "Datagram Transport Layer
4204 Security", April 2006, Available from
4205 <http://www.ietf.org/rfc/rfc4347.txt>.
4208 Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.2",
4209 August 2008, Available from <http://www.ietf.org/rfc/rfc5246.txt>.
4212 Jon Callas, Lutz Donnerhacke, Hal Finney and Rodney Thayer,
4213 "OpenPGP Message Format", November 1998, Available from
4214 <http://www.ietf.org/rfc/rfc2440.txt>.
4217 Jon Callas, Lutz Donnerhacke, Hal Finney, David Shaw and Rodney
4218 Thayer, "OpenPGP Message Format", November 2007, Available from
4219 <http://www.ietf.org/rfc/rfc4880.txt>.
4222 J. Schaad, "Internet X.509 Public Key Infrastructure Certificate
4223 Request Message Format (CRMF)", September 2005, Available from
4224 <http://www.ietf.org/rfc/rfc4211.txt>.
4227 Rohit Khare and Scott Lawrence, "Upgrading to TLS Within HTTP/1.1",
4228 May 2000, Available from <http://www.ietf.org/rfc/rfc2817.txt>
4231 Eric Rescorla, "HTTP Over TLS", May 2000, Available from
4232 <http://www.ietf/rfc/rfc2818.txt>.
4235 Tom Wu, "The SRP Authentication and Key Exchange System", September
4236 2000, Available from <http://www.ietf.org/rfc/rfc2945.txt>.
4239 Magnus Nystrom and Burt Kaliski, "PKCS 10 v1.7: Certification
4240 Request Syntax Specification", November 2000, Available from
4241 <http://www.ietf.org/rfc/rfc2986.txt>.
4244 D. Cooper, S. Santesson, S. Farrel, S. Boeyen, R. Housley, W. Polk,
4245 "Internet X.509 Public Key Infrastructure Certificate and
4246 Certificate Revocation List (CRL) Profile", May 2008, available
4247 from <http://www.ietf.org/rfc/rfc5280.txt>.
4250 Scott Hollenbeck, "Transport Layer Security Protocol Compression
4251 Methods", May 2004, available from
4252 <http://www.ietf.org/rfc/rfc3749.txt>.
4255 Steven Tuecke, Von Welch, Doug Engert, Laura Pearlman, and Mary
4256 Thompson, "Internet X.509 Public Key Infrastructure (PKI) Proxy
4257 Certificate Profile", June 2004, available from
4258 <http://www.ietf.org/rfc/rfc3820>.
4261 R. Seggelmann, M. Tuexen, and M. Williams, "Transport Layer
4262 Security (TLS) and Datagram Transport Layer Security (DTLS)
4263 Heartbeat Extension", February 2012, available from
4264 <http://www.ietf.org/rfc/rfc6520>.
4267 E. Rescorla, M. Ray, S. Dispensa, and N. Oskov, "Transport Layer
4268 Security (TLS) Renegotiation Indication Extension", February 2010,
4269 available from <http://www.ietf.org/rfc/rfc5746>.
4272 D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W.
4273 Polk, "Internet X.509 Public Key Infrastructure Certificate and
4274 Certificate Revocation List (CRL) Profile", May 2008, available
4275 from <http://www.ietf.org/rfc/rfc5280>.
4278 Joseph Salowey, Hao Zhou, Pasi Eronen, Hannes Tschofenig,
4279 "Transport Layer Security (TLS) Session Resumption without
4280 Server-Side State", January 2008, available from
4281 <http://www.ietf.org/rfc/rfc5077>.
4284 RSA Laboratories, "PKCS 12 v1.0: Personal Information Exchange
4285 Syntax", June 1999, Available from <http://www.rsa.com>.
4288 RSA Laboratories, "PKCS #11 Base Functionality v2.30: Cryptoki –
4289 Draft 4", July 2009, Available from <http://www.rsa.com>.
4292 Eric Rescorla, "SSL and TLS: Designing and Building Secure
4296 Arjen Lenstra and Eric Verheul, "Selecting Cryptographic Key
4297 Sizes", 2003, available from
4298 <http://www.win.tue.nl/~klenstra/key.pdf>.
4301 Alan Freier, Philip Karlton and Paul Kocher, "The Secure Sockets
4302 Layer (SSL) Protocol Version 3.0", August 2011, Available from
4303 <http://www.ietf.org/rfc/rfc6101.txt>.
4306 Richard Stevens, "UNIX Network Programming, Volume 1", Prentice
4307 Hall PTR, January 1998
4310 Simon Blake-Wilson, Magnus Nystrom, David Hopwood, Jan Mikkelsen
4311 and Tim Wright, "Transport Layer Security (TLS) Extensions", June
4312 2003, Available from <http://www.ietf.org/rfc/rfc3546.txt>.
4315 Nikos Mavrogiannopoulos, "Using OpenPGP keys for TLS
4316 authentication", January 2011. Available from
4317 <http://www.ietf.org/rfc/rfc6091.txt>.
4320 David Taylor, Trevor Perrin, Tom Wu and Nikos Mavrogiannopoulos,
4321 "Using SRP for TLS Authentication", November 2007. Available from
4322 <http://www.ietf.org/rfc/rfc5054.txt>.
4325 Pasi Eronen and Hannes Tschofenig, "Pre-shared key Ciphersuites for
4326 TLS", December 2005, Available from
4327 <http://www.ietf.org/rfc/rfc4279.txt>.
4330 Tom Wu, "The Stanford SRP Authentication Project", Available at
4331 <http://srp.stanford.edu/>.
4334 Arjen Lenstra and Xiaoyun Wang and Benne de Weger, "Colliding X.509
4335 Certificates", Cryptology ePrint Archive, Report 2005/067,
4336 Available at <http://eprint.iacr.org/>.
4339 European Network of Excellence in Cryptology II, "ECRYPT II Yearly
4340 Report on Algorithms and Keysizes (2009-2010)", Available at
4341 <http://www.ecrypt.eu.org/documents/D.SPA.13.pdf>.
4344 N. Williams, "On the Use of Channel Bindings to Secure Channels",
4345 November 2007, available from <http://www.ietf.org/rfc/rfc5056>.
4348 J. Altman, N. Williams, L. Zhu, "Channel Bindings for TLS", July
4349 2010, available from <http://www.ietf.org/rfc/rfc5929>.
4352 J. Pechanec, D. Moffat, "The PKCS#11 URI Scheme", September 2013,
4353 Work in progress, available from
4354 <http://tools.ietf.org/html/draft-pechanec-pkcs11uri-13>.
4357 C. Latze, N. Mavrogiannopoulos, "The TPMKEY URI Scheme", January
4358 2013, Work in progress, available from
4359 <http://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01>.
4362 R. J. Anderson, "Security Engineering: A Guide to Building
4363 Dependable Distributed Systems", John Wiley \& Sons, Inc., 2001.
4366 M. Mathis, J. Heffner, "Packetization Layer Path MTU Discovery",
4367 March 2007, available from <http://www.ietf.org/rfc/rfc4821.txt>.
4370 M. Myers et al, "X.509 Internet Public Key Infrastructure Online
4371 Certificate Status Protocol - OCSP", June 1999, Available from
4372 <http://www.ietf.org/rfc/rfc2560.txt>.
4375 R. L. Rivest, "Can We Eliminate Certificate Revocation Lists?",
4376 Proceedings of Financial Cryptography '98; Springer Lecture Notes
4377 in Computer Science No. 1465 (Rafael Hirschfeld, ed.), February
4378 1998), pages 178-183, available from
4379 <http://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf>.
4382 File: gnutls.info, Node: Function and Data Index, Next: Concept Index, Prev: Bibliography, Up: Top
4384 Function and Data Index
4385 ***********************
4390 * dane_cert_type_name: DANE API. (line 13)
4391 * dane_cert_usage_name: DANE API. (line 24)
4392 * dane_match_type_name: DANE API. (line 36)
4393 * dane_query_data: DANE API. (line 47)
4394 * dane_query_deinit: DANE API. (line 70)
4395 * dane_query_entries: DANE API. (line 78)
4396 * dane_query_status: DANE API. (line 88)
4397 * dane_query_tlsa: DANE API. (line 99)
4398 * dane_query_to_raw_tlsa: DANE API. (line 120)
4399 * dane_raw_tlsa: DANE API. (line 155)
4400 * dane_state_deinit: DANE API. (line 185)
4401 * dane_state_init: DANE API. (line 193)
4402 * dane_state_set_dlv_file: DANE API. (line 206)
4403 * dane_strerror: DANE API. (line 218)
4404 * dane_verification_status_print: DANE API. (line 232)
4405 * dane_verify_crt: Certificate verification.
4407 * dane_verify_crt <1>: DANE API. (line 251)
4408 * dane_verify_crt_raw: DANE API. (line 305)
4409 * dane_verify_session_crt: DANE API. (line 357)
4410 * gnutls_alert_get: Handling alerts. (line 18)
4411 * gnutls_alert_get <1>: Core TLS API. (line 11)
4412 * gnutls_alert_get_name: Handling alerts. (line 31)
4413 * gnutls_alert_get_name <1>: Core TLS API. (line 27)
4414 * gnutls_alert_get_strname: Core TLS API. (line 40)
4415 * gnutls_alert_send: Handling alerts. (line 45)
4416 * gnutls_alert_send <1>: Core TLS API. (line 54)
4417 * gnutls_alert_send_appropriate: Core TLS API. (line 78)
4418 * gnutls_alpn_get_selected_protocol: Core TLS API. (line 101)
4419 * gnutls_alpn_set_protocols: Core TLS API. (line 122)
4420 * gnutls_anon_allocate_client_credentials: Core TLS API. (line 148)
4421 * gnutls_anon_allocate_server_credentials: Core TLS API. (line 160)
4422 * gnutls_anon_free_client_credentials: Core TLS API. (line 172)
4423 * gnutls_anon_free_server_credentials: Core TLS API. (line 182)
4424 * gnutls_anon_set_params_function: Core TLS API. (line 192)
4425 * gnutls_anon_set_server_dh_params: Core TLS API. (line 206)
4426 * gnutls_anon_set_server_params_function: Core TLS API. (line 220)
4427 * gnutls_auth_client_get_type: Core TLS API. (line 234)
4428 * gnutls_auth_get_type: Core TLS API. (line 248)
4429 * gnutls_auth_server_get_type: Core TLS API. (line 266)
4430 * gnutls_bye: Data transfer and termination.
4432 * gnutls_bye <1>: Core TLS API. (line 280)
4433 * gnutls_certificate_activation_time_peers: Core TLS API. (line 316)
4434 * gnutls_certificate_allocate_credentials: Core TLS API. (line 331)
4435 * gnutls_certificate_client_get_request_status: Core TLS API.
4437 * gnutls_certificate_client_set_retrieve_function: Compatibility API.
4439 * gnutls_certificate_expiration_time_peers: Core TLS API. (line 356)
4440 * gnutls_certificate_free_cas: Core TLS API. (line 387)
4441 * gnutls_certificate_free_ca_names: Core TLS API. (line 370)
4442 * gnutls_certificate_free_credentials: Core TLS API. (line 399)
4443 * gnutls_certificate_free_crls: Core TLS API. (line 413)
4444 * gnutls_certificate_free_keys: Core TLS API. (line 423)
4445 * gnutls_certificate_get_crt_raw: Core TLS API. (line 435)
4446 * gnutls_certificate_get_issuer: Core TLS API. (line 461)
4447 * gnutls_certificate_get_ours: Core TLS API. (line 487)
4448 * gnutls_certificate_get_peers: Core TLS API. (line 502)
4449 * gnutls_certificate_get_peers_subkey_id: Core TLS API. (line 524)
4450 * gnutls_certificate_send_x509_rdn_sequence: Certificate credentials.
4452 * gnutls_certificate_send_x509_rdn_sequence <1>: Core TLS API.
4454 * gnutls_certificate_server_set_request: Certificate credentials.
4456 * gnutls_certificate_server_set_request <1>: Core TLS API. (line 559)
4457 * gnutls_certificate_server_set_retrieve_function: Compatibility API.
4459 * gnutls_certificate_set_dh_params: Core TLS API. (line 574)
4460 * gnutls_certificate_set_key: Certificate credentials.
4462 * gnutls_certificate_set_key <1>: Abstract key API. (line 12)
4463 * gnutls_certificate_set_ocsp_status_request_file: Core TLS API.
4465 * gnutls_certificate_set_ocsp_status_request_function: Core TLS API.
4467 * gnutls_certificate_set_openpgp_key: OpenPGP API. (line 12)
4468 * gnutls_certificate_set_openpgp_keyring_file: OpenPGP certificates.
4470 * gnutls_certificate_set_openpgp_keyring_file <1>: OpenPGP API.
4472 * gnutls_certificate_set_openpgp_keyring_mem: OpenPGP API. (line 160)
4473 * gnutls_certificate_set_openpgp_key_file: OpenPGP API. (line 37)
4474 * gnutls_certificate_set_openpgp_key_file2: OpenPGP API. (line 58)
4475 * gnutls_certificate_set_openpgp_key_mem: OpenPGP API. (line 88)
4476 * gnutls_certificate_set_openpgp_key_mem2: OpenPGP API. (line 110)
4477 * gnutls_certificate_set_params_function: Parameter generation.
4479 * gnutls_certificate_set_params_function <1>: Core TLS API. (line 649)
4480 * gnutls_certificate_set_pin_function: Certificate credentials.
4482 * gnutls_certificate_set_pin_function <1>: Core TLS API. (line 664)
4483 * gnutls_certificate_set_retrieve_function: Core TLS API. (line 685)
4484 * gnutls_certificate_set_retrieve_function2: Abstract key API.
4486 * gnutls_certificate_set_rsa_export_params: Compatibility API.
4488 * gnutls_certificate_set_trust_list: X509 certificate API.
4490 * gnutls_certificate_set_verify_flags: Core TLS API. (line 730)
4491 * gnutls_certificate_set_verify_function: Certificate credentials.
4493 * gnutls_certificate_set_verify_function <1>: Core TLS API. (line 743)
4494 * gnutls_certificate_set_verify_limits: Core TLS API. (line 772)
4495 * gnutls_certificate_set_x509_crl: Core TLS API. (line 791)
4496 * gnutls_certificate_set_x509_crl_file: Core TLS API. (line 815)
4497 * gnutls_certificate_set_x509_crl_mem: Core TLS API. (line 837)
4498 * gnutls_certificate_set_x509_key: Core TLS API. (line 859)
4499 * gnutls_certificate_set_x509_key_file: Core TLS API. (line 893)
4500 * gnutls_certificate_set_x509_key_file2: Core TLS API. (line 936)
4501 * gnutls_certificate_set_x509_key_mem: Core TLS API. (line 984)
4502 * gnutls_certificate_set_x509_key_mem2: Core TLS API. (line 1018)
4503 * gnutls_certificate_set_x509_simple_pkcs12_file: Core TLS API.
4505 * gnutls_certificate_set_x509_simple_pkcs12_mem: Core TLS API.
4507 * gnutls_certificate_set_x509_system_trust: Using a PKCS11 token with TLS.
4509 * gnutls_certificate_set_x509_system_trust <1>: Core TLS API.
4511 * gnutls_certificate_set_x509_trust: Core TLS API. (line 1159)
4512 * gnutls_certificate_set_x509_trust_dir: Core TLS API. (line 1186)
4513 * gnutls_certificate_set_x509_trust_file: Core TLS API. (line 1208)
4514 * gnutls_certificate_set_x509_trust_mem: Core TLS API. (line 1238)
4515 * gnutls_certificate_type_get: Core TLS API. (line 1263)
4516 * gnutls_certificate_type_get_id: Core TLS API. (line 1276)
4517 * gnutls_certificate_type_get_name: Core TLS API. (line 1288)
4518 * gnutls_certificate_type_list: Core TLS API. (line 1300)
4519 * gnutls_certificate_type_set_priority: Compatibility API. (line 96)
4520 * gnutls_certificate_verification_status_print: Core TLS API.
4522 * gnutls_certificate_verify_flags: Verifying a certificate in the context of TLS session.
4524 * gnutls_certificate_verify_flags <1>: Certificate verification.
4526 * gnutls_certificate_verify_peers: Core TLS API. (line 1336)
4527 * gnutls_certificate_verify_peers2: Core TLS API. (line 1380)
4528 * gnutls_certificate_verify_peers3: Certificate credentials.
4530 * gnutls_certificate_verify_peers3 <1>: Core TLS API. (line 1416)
4531 * gnutls_check_version: Core TLS API. (line 1453)
4532 * gnutls_cipher_add_auth: Cryptographic API. (line 12)
4533 * gnutls_cipher_decrypt: Cryptographic API. (line 31)
4534 * gnutls_cipher_decrypt2: Cryptographic API. (line 53)
4535 * gnutls_cipher_deinit: Cryptographic API. (line 80)
4536 * gnutls_cipher_encrypt: Cryptographic API. (line 91)
4537 * gnutls_cipher_encrypt2: Cryptographic API. (line 109)
4538 * gnutls_cipher_get: Core TLS API. (line 1470)
4539 * gnutls_cipher_get_block_size: Cryptographic API. (line 132)
4540 * gnutls_cipher_get_id: Core TLS API. (line 1482)
4541 * gnutls_cipher_get_iv_size: Cryptographic API. (line 143)
4542 * gnutls_cipher_get_key_size: Core TLS API. (line 1494)
4543 * gnutls_cipher_get_name: Core TLS API. (line 1506)
4544 * gnutls_cipher_get_tag_size: Cryptographic API. (line 156)
4545 * gnutls_cipher_init: Cryptographic API. (line 167)
4546 * gnutls_cipher_list: Core TLS API. (line 1518)
4547 * gnutls_cipher_set_iv: Cryptographic API. (line 190)
4548 * gnutls_cipher_set_priority: Compatibility API. (line 114)
4549 * gnutls_cipher_suite_get_name: Core TLS API. (line 1534)
4550 * gnutls_cipher_suite_info: Core TLS API. (line 1552)
4551 * gnutls_cipher_tag: Cryptographic API. (line 206)
4552 * gnutls_compression_get: Core TLS API. (line 1582)
4553 * gnutls_compression_get_id: Core TLS API. (line 1594)
4554 * gnutls_compression_get_name: Core TLS API. (line 1606)
4555 * gnutls_compression_list: Core TLS API. (line 1618)
4556 * gnutls_compression_set_priority: Compatibility API. (line 132)
4557 * gnutls_credentials_clear: Core TLS API. (line 1629)
4558 * gnutls_credentials_get: Core TLS API. (line 1637)
4559 * gnutls_credentials_set: Session initialization.
4561 * gnutls_credentials_set <1>: Core TLS API. (line 1664)
4562 * gnutls_db_check_entry: Core TLS API. (line 1699)
4563 * gnutls_db_check_entry_time: Core TLS API. (line 1713)
4564 * gnutls_db_get_default_cache_expiration: Core TLS API. (line 1724)
4565 * gnutls_db_get_ptr: Core TLS API. (line 1732)
4566 * gnutls_db_remove_session: Core TLS API. (line 1743)
4567 * gnutls_db_set_cache_expiration: Core TLS API. (line 1757)
4568 * gnutls_db_set_ptr: Core TLS API. (line 1769)
4569 * gnutls_db_set_remove_function: Core TLS API. (line 1781)
4570 * gnutls_db_set_retrieve_function: Core TLS API. (line 1796)
4571 * gnutls_db_set_store_function: Core TLS API. (line 1816)
4572 * gnutls_deinit: Data transfer and termination.
4574 * gnutls_deinit <1>: Core TLS API. (line 1831)
4575 * gnutls_dh_get_group: Core TLS API. (line 1841)
4576 * gnutls_dh_get_peers_public_bits: Core TLS API. (line 1864)
4577 * gnutls_dh_get_prime_bits: Core TLS API. (line 1878)
4578 * gnutls_dh_get_pubkey: Core TLS API. (line 1894)
4579 * gnutls_dh_get_secret_bits: Core TLS API. (line 1914)
4580 * gnutls_dh_params_cpy: Core TLS API. (line 1927)
4581 * gnutls_dh_params_deinit: Core TLS API. (line 1942)
4582 * gnutls_dh_params_export2_pkcs3: Core TLS API. (line 1951)
4583 * gnutls_dh_params_export_pkcs3: Core TLS API. (line 1975)
4584 * gnutls_dh_params_export_raw: Core TLS API. (line 2002)
4585 * gnutls_dh_params_generate2: Core TLS API. (line 2024)
4586 * gnutls_dh_params_import_pkcs3: Core TLS API. (line 2047)
4587 * gnutls_dh_params_import_raw: Core TLS API. (line 2069)
4588 * gnutls_dh_params_init: Core TLS API. (line 2088)
4589 * gnutls_dh_set_prime_bits: Core TLS API. (line 2099)
4590 * gnutls_digest_get_id: Core TLS API. (line 2127)
4591 * gnutls_digest_get_name: Core TLS API. (line 2140)
4592 * gnutls_digest_list: Core TLS API. (line 2152)
4593 * gnutls_dtls_cookie_send: Datagram TLS API. (line 11)
4594 * gnutls_dtls_cookie_verify: Datagram TLS API. (line 45)
4595 * gnutls_dtls_get_data_mtu: Datagram TLS API. (line 74)
4596 * gnutls_dtls_get_mtu: Datagram TLS API. (line 89)
4597 * gnutls_dtls_get_timeout: Setting up the transport layer.
4599 * gnutls_dtls_get_timeout <1>: Datagram TLS API. (line 104)
4600 * gnutls_dtls_prestate_set: Datagram TLS API. (line 121)
4601 * gnutls_dtls_set_data_mtu: Datagram TLS API. (line 139)
4602 * gnutls_dtls_set_mtu: Datagram TLS API. (line 165)
4603 * gnutls_dtls_set_timeouts: Datagram TLS API. (line 182)
4604 * gnutls_ecc_curve_get: Core TLS API. (line 2166)
4605 * gnutls_ecc_curve_get_name: Core TLS API. (line 2180)
4606 * gnutls_ecc_curve_get_size: Core TLS API. (line 2194)
4607 * gnutls_ecc_curve_list: Core TLS API. (line 2206)
4608 * gnutls_error_is_fatal: Data transfer and termination.
4610 * gnutls_error_is_fatal <1>: Core TLS API. (line 2218)
4611 * gnutls_error_to_alert: Handling alerts. (line 66)
4612 * gnutls_error_to_alert <1>: Core TLS API. (line 2238)
4613 * gnutls_est_record_overhead_size: Core TLS API. (line 2257)
4614 * gnutls_fingerprint: Core TLS API. (line 2284)
4615 * gnutls_fips140_mode_enabled: Core TLS API. (line 2311)
4616 * gnutls_global_deinit: Core TLS API. (line 2322)
4617 * gnutls_global_init: Core TLS API. (line 2330)
4618 * gnutls_global_set_audit_log_function: Debugging and auditing.
4620 * gnutls_global_set_audit_log_function <1>: Core TLS API. (line 2358)
4621 * gnutls_global_set_log_function: Core TLS API. (line 2377)
4622 * gnutls_global_set_log_level: Core TLS API. (line 2392)
4623 * gnutls_global_set_mem_functions: Compatibility API. (line 155)
4624 * gnutls_global_set_mutex: Thread safety. (line 41)
4625 * gnutls_global_set_mutex <1>: Core TLS API. (line 2405)
4626 * gnutls_global_set_time_function: Core TLS API. (line 2430)
4627 * gnutls_handshake: TLS handshake. (line 10)
4628 * gnutls_handshake <1>: Core TLS API. (line 2444)
4629 * gnutls_handshake_description_get_name: Core TLS API. (line 2484)
4630 * gnutls_handshake_get_last_in: Core TLS API. (line 2496)
4631 * gnutls_handshake_get_last_out: Core TLS API. (line 2513)
4632 * gnutls_handshake_set_hook_function: Core TLS API. (line 2530)
4633 * gnutls_handshake_set_max_packet_length: Core TLS API. (line 2566)
4634 * gnutls_handshake_set_post_client_hello_function: Core TLS API.
4636 * gnutls_handshake_set_private_extensions: Core TLS API. (line 2618)
4637 * gnutls_handshake_set_random: Core TLS API. (line 2637)
4638 * gnutls_handshake_set_timeout: TLS handshake. (line 47)
4639 * gnutls_handshake_set_timeout <1>: Core TLS API. (line 2659)
4640 * gnutls_hash: Cryptographic API. (line 224)
4641 * gnutls_hash_deinit: Cryptographic API. (line 242)
4642 * gnutls_hash_fast: Cryptographic API. (line 256)
4643 * gnutls_hash_get_len: Cryptographic API. (line 276)
4644 * gnutls_hash_init: Cryptographic API. (line 290)
4645 * gnutls_hash_output: Cryptographic API. (line 308)
4646 * gnutls_heartbeat_allowed: Core TLS API. (line 2674)
4647 * gnutls_heartbeat_enable: Core TLS API. (line 2691)
4648 * gnutls_heartbeat_get_timeout: Core TLS API. (line 2714)
4649 * gnutls_heartbeat_ping: Core TLS API. (line 2730)
4650 * gnutls_heartbeat_pong: Core TLS API. (line 2758)
4651 * gnutls_heartbeat_set_timeouts: Core TLS API. (line 2774)
4652 * gnutls_hex2bin: Core TLS API. (line 2799)
4653 * gnutls_hex_decode: Core TLS API. (line 2820)
4654 * gnutls_hex_encode: Core TLS API. (line 2839)
4655 * gnutls_hmac: Cryptographic API. (line 322)
4656 * gnutls_hmac_deinit: Cryptographic API. (line 340)
4657 * gnutls_hmac_fast: Cryptographic API. (line 354)
4658 * gnutls_hmac_get_len: Cryptographic API. (line 379)
4659 * gnutls_hmac_init: Cryptographic API. (line 392)
4660 * gnutls_hmac_output: Cryptographic API. (line 418)
4661 * gnutls_hmac_set_nonce: Cryptographic API. (line 432)
4662 * gnutls_init: Session initialization.
4664 * gnutls_init <1>: Core TLS API. (line 2858)
4665 * gnutls_key_generate: Core TLS API. (line 2889)
4666 * gnutls_kx_get: Core TLS API. (line 2906)
4667 * gnutls_kx_get_id: Core TLS API. (line 2918)
4668 * gnutls_kx_get_name: Core TLS API. (line 2930)
4669 * gnutls_kx_list: Core TLS API. (line 2942)
4670 * gnutls_kx_set_priority: Compatibility API. (line 190)
4671 * gnutls_load_file: Core TLS API. (line 2954)
4672 * gnutls_mac_get: Core TLS API. (line 2972)
4673 * gnutls_mac_get_id: Core TLS API. (line 2984)
4674 * gnutls_mac_get_key_size: Core TLS API. (line 2997)
4675 * gnutls_mac_get_name: Core TLS API. (line 3009)
4676 * gnutls_mac_get_nonce_size: Cryptographic API. (line 447)
4677 * gnutls_mac_list: Core TLS API. (line 3021)
4678 * gnutls_mac_set_priority: Compatibility API. (line 208)
4679 * gnutls_ocsp_req_add_cert: OCSP API. (line 12)
4680 * gnutls_ocsp_req_add_cert_id: OCSP API. (line 36)
4681 * gnutls_ocsp_req_deinit: OCSP API. (line 69)
4682 * gnutls_ocsp_req_export: OCSP API. (line 77)
4683 * gnutls_ocsp_req_get_cert_id: OCSP API. (line 91)
4684 * gnutls_ocsp_req_get_extension: OCSP API. (line 131)
4685 * gnutls_ocsp_req_get_nonce: OCSP API. (line 165)
4686 * gnutls_ocsp_req_get_version: OCSP API. (line 184)
4687 * gnutls_ocsp_req_import: OCSP API. (line 196)
4688 * gnutls_ocsp_req_init: OCSP API. (line 212)
4689 * gnutls_ocsp_req_print: OCSP API. (line 223)
4690 * gnutls_ocsp_req_randomize_nonce: OCSP API. (line 246)
4691 * gnutls_ocsp_req_set_extension: OCSP API. (line 259)
4692 * gnutls_ocsp_req_set_nonce: OCSP API. (line 280)
4693 * gnutls_ocsp_resp_check_crt: OCSP API. (line 298)
4694 * gnutls_ocsp_resp_deinit: OCSP API. (line 318)
4695 * gnutls_ocsp_resp_export: OCSP API. (line 326)
4696 * gnutls_ocsp_resp_get_certs: OCSP API. (line 340)
4697 * gnutls_ocsp_resp_get_extension: OCSP API. (line 367)
4698 * gnutls_ocsp_resp_get_nonce: OCSP API. (line 401)
4699 * gnutls_ocsp_resp_get_produced: OCSP API. (line 421)
4700 * gnutls_ocsp_resp_get_responder: OCSP API. (line 433)
4701 * gnutls_ocsp_resp_get_response: OCSP API. (line 453)
4702 * gnutls_ocsp_resp_get_signature: OCSP API. (line 480)
4703 * gnutls_ocsp_resp_get_signature_algorithm: OCSP API. (line 494)
4704 * gnutls_ocsp_resp_get_single: OCSP certificate status checking.
4706 * gnutls_ocsp_resp_get_single <1>: OCSP API. (line 508)
4707 * gnutls_ocsp_resp_get_status: OCSP API. (line 559)
4708 * gnutls_ocsp_resp_get_version: OCSP API. (line 571)
4709 * gnutls_ocsp_resp_import: OCSP API. (line 583)
4710 * gnutls_ocsp_resp_init: OCSP API. (line 599)
4711 * gnutls_ocsp_resp_print: OCSP API. (line 610)
4712 * gnutls_ocsp_resp_verify: OCSP API. (line 633)
4713 * gnutls_ocsp_resp_verify_direct: OCSP API. (line 671)
4714 * gnutls_ocsp_status_request_enable_client: Core TLS API. (line 3033)
4715 * gnutls_ocsp_status_request_get: Core TLS API. (line 3058)
4716 * gnutls_ocsp_status_request_is_checked: Core TLS API. (line 3077)
4717 * gnutls_openpgp_crt_check_hostname: OpenPGP API. (line 182)
4718 * gnutls_openpgp_crt_check_hostname2: OpenPGP API. (line 197)
4719 * gnutls_openpgp_crt_deinit: OpenPGP API. (line 219)
4720 * gnutls_openpgp_crt_export: OpenPGP API. (line 227)
4721 * gnutls_openpgp_crt_export2: OpenPGP API. (line 248)
4722 * gnutls_openpgp_crt_get_auth_subkey: OpenPGP API. (line 266)
4723 * gnutls_openpgp_crt_get_creation_time: OpenPGP API. (line 285)
4724 * gnutls_openpgp_crt_get_expiration_time: OpenPGP API. (line 296)
4725 * gnutls_openpgp_crt_get_fingerprint: OpenPGP API. (line 308)
4726 * gnutls_openpgp_crt_get_key_id: OpenPGP API. (line 325)
4727 * gnutls_openpgp_crt_get_key_usage: OpenPGP API. (line 340)
4728 * gnutls_openpgp_crt_get_name: OpenPGP API. (line 355)
4729 * gnutls_openpgp_crt_get_pk_algorithm: OpenPGP API. (line 376)
4730 * gnutls_openpgp_crt_get_pk_dsa_raw: OpenPGP API. (line 396)
4731 * gnutls_openpgp_crt_get_pk_rsa_raw: OpenPGP API. (line 421)
4732 * gnutls_openpgp_crt_get_preferred_key_id: OpenPGP API. (line 442)
4733 * gnutls_openpgp_crt_get_revoked_status: OpenPGP API. (line 456)
4734 * gnutls_openpgp_crt_get_subkey_count: OpenPGP API. (line 470)
4735 * gnutls_openpgp_crt_get_subkey_creation_time: OpenPGP API. (line 485)
4736 * gnutls_openpgp_crt_get_subkey_expiration_time: OpenPGP API.
4738 * gnutls_openpgp_crt_get_subkey_fingerprint: OpenPGP API. (line 516)
4739 * gnutls_openpgp_crt_get_subkey_id: OpenPGP API. (line 538)
4740 * gnutls_openpgp_crt_get_subkey_idx: OpenPGP API. (line 553)
4741 * gnutls_openpgp_crt_get_subkey_pk_algorithm: OpenPGP API. (line 568)
4742 * gnutls_openpgp_crt_get_subkey_pk_dsa_raw: OpenPGP API. (line 594)
4743 * gnutls_openpgp_crt_get_subkey_pk_rsa_raw: OpenPGP API. (line 621)
4744 * gnutls_openpgp_crt_get_subkey_revoked_status: OpenPGP API. (line 644)
4745 * gnutls_openpgp_crt_get_subkey_usage: OpenPGP API. (line 661)
4746 * gnutls_openpgp_crt_get_version: OpenPGP API. (line 683)
4747 * gnutls_openpgp_crt_import: OpenPGP API. (line 695)
4748 * gnutls_openpgp_crt_init: OpenPGP API. (line 712)
4749 * gnutls_openpgp_crt_print: OpenPGP API. (line 722)
4750 * gnutls_openpgp_crt_set_preferred_key_id: OpenPGP API. (line 743)
4751 * gnutls_openpgp_crt_verify_ring: OpenPGP certificates.
4753 * gnutls_openpgp_crt_verify_ring <1>: OpenPGP API. (line 761)
4754 * gnutls_openpgp_crt_verify_self: OpenPGP certificates.
4756 * gnutls_openpgp_crt_verify_self <1>: OpenPGP API. (line 788)
4757 * gnutls_openpgp_keyring_check_id: OpenPGP API. (line 805)
4758 * gnutls_openpgp_keyring_deinit: OpenPGP API. (line 822)
4759 * gnutls_openpgp_keyring_get_crt: OpenPGP API. (line 831)
4760 * gnutls_openpgp_keyring_get_crt_count: OpenPGP API. (line 850)
4761 * gnutls_openpgp_keyring_import: OpenPGP API. (line 863)
4762 * gnutls_openpgp_keyring_init: OpenPGP API. (line 881)
4763 * gnutls_openpgp_privkey_deinit: OpenPGP API. (line 892)
4764 * gnutls_openpgp_privkey_export: OpenPGP API. (line 901)
4765 * gnutls_openpgp_privkey_export2: OpenPGP API. (line 930)
4766 * gnutls_openpgp_privkey_export_dsa_raw: OpenPGP API. (line 955)
4767 * gnutls_openpgp_privkey_export_rsa_raw: OpenPGP API. (line 983)
4768 * gnutls_openpgp_privkey_export_subkey_dsa_raw: OpenPGP API. (line 1013)
4769 * gnutls_openpgp_privkey_export_subkey_rsa_raw: OpenPGP API. (line 1043)
4770 * gnutls_openpgp_privkey_get_fingerprint: OpenPGP API. (line 1075)
4771 * gnutls_openpgp_privkey_get_key_id: OpenPGP API. (line 1094)
4772 * gnutls_openpgp_privkey_get_pk_algorithm: OpenPGP API. (line 1109)
4773 * gnutls_openpgp_privkey_get_preferred_key_id: OpenPGP API. (line 1132)
4774 * gnutls_openpgp_privkey_get_revoked_status: OpenPGP API. (line 1146)
4775 * gnutls_openpgp_privkey_get_subkey_count: OpenPGP API. (line 1160)
4776 * gnutls_openpgp_privkey_get_subkey_creation_time: OpenPGP API.
4778 * gnutls_openpgp_privkey_get_subkey_expiration_time: OpenPGP API.
4780 * gnutls_openpgp_privkey_get_subkey_fingerprint: OpenPGP API.
4782 * gnutls_openpgp_privkey_get_subkey_id: OpenPGP API. (line 1228)
4783 * gnutls_openpgp_privkey_get_subkey_idx: OpenPGP API. (line 1246)
4784 * gnutls_openpgp_privkey_get_subkey_pk_algorithm: OpenPGP API.
4786 * gnutls_openpgp_privkey_get_subkey_revoked_status: OpenPGP API.
4788 * gnutls_openpgp_privkey_import: OpenPGP API. (line 1304)
4789 * gnutls_openpgp_privkey_init: OpenPGP API. (line 1327)
4790 * gnutls_openpgp_privkey_sec_param: OpenPGP API. (line 1338)
4791 * gnutls_openpgp_privkey_set_preferred_key_id: OpenPGP API. (line 1353)
4792 * gnutls_openpgp_privkey_sign_hash: Compatibility API. (line 226)
4793 * gnutls_openpgp_send_cert: Core TLS API. (line 3095)
4794 * gnutls_openpgp_set_recv_key_function: OpenPGP API. (line 1372)
4795 * gnutls_packet_deinit: Core TLS API. (line 3110)
4796 * gnutls_packet_get: Core TLS API. (line 3121)
4797 * gnutls_pcert_deinit: Abstract key API. (line 103)
4798 * gnutls_pcert_import_openpgp: Abstract key API. (line 113)
4799 * gnutls_pcert_import_openpgp_raw: Abstract key API. (line 133)
4800 * gnutls_pcert_import_x509: Abstract key API. (line 158)
4801 * gnutls_pcert_import_x509_raw: Abstract key API. (line 178)
4802 * gnutls_pcert_list_import_x509_raw: Abstract key API. (line 201)
4803 * gnutls_pem_base64_decode: Core TLS API. (line 3139)
4804 * gnutls_pem_base64_decode_alloc: Core TLS API. (line 3163)
4805 * gnutls_pem_base64_encode: Core TLS API. (line 3185)
4806 * gnutls_pem_base64_encode_alloc: Core TLS API. (line 3208)
4807 * gnutls_perror: Core TLS API. (line 3229)
4808 * gnutls_pkcs11_add_provider: PKCS 11 API. (line 12)
4809 * gnutls_pkcs11_copy_secret_key: PKCS 11 API. (line 35)
4810 * gnutls_pkcs11_copy_x509_crt: Writing objects. (line 36)
4811 * gnutls_pkcs11_copy_x509_crt <1>: PKCS 11 API. (line 60)
4812 * gnutls_pkcs11_copy_x509_crt2: PKCS 11 API. (line 82)
4813 * gnutls_pkcs11_copy_x509_privkey: Writing objects. (line 13)
4814 * gnutls_pkcs11_copy_x509_privkey <1>: PKCS 11 API. (line 108)
4815 * gnutls_pkcs11_copy_x509_privkey2: PKCS 11 API. (line 134)
4816 * gnutls_pkcs11_crt_is_known: PKCS 11 API. (line 164)
4817 * gnutls_pkcs11_deinit: PKCS 11 API. (line 195)
4818 * gnutls_pkcs11_delete_url: Writing objects. (line 55)
4819 * gnutls_pkcs11_delete_url <1>: PKCS 11 API. (line 206)
4820 * gnutls_pkcs11_get_pin_function: PKCS 11 API. (line 223)
4821 * gnutls_pkcs11_get_raw_issuer: PKCS 11 API. (line 237)
4822 * gnutls_pkcs11_init: PKCS11 Initialization.
4824 * gnutls_pkcs11_init <1>: PKCS 11 API. (line 263)
4825 * gnutls_pkcs11_obj_deinit: PKCS 11 API. (line 289)
4826 * gnutls_pkcs11_obj_export: PKCS 11 API. (line 299)
4827 * gnutls_pkcs11_obj_export2: PKCS 11 API. (line 324)
4828 * gnutls_pkcs11_obj_export3: PKCS 11 API. (line 344)
4829 * gnutls_pkcs11_obj_export_url: PKCS 11 API. (line 366)
4830 * gnutls_pkcs11_obj_flags_get_str: PKCS 11 API. (line 384)
4831 * gnutls_pkcs11_obj_get_exts: PKCS 11 API. (line 400)
4832 * gnutls_pkcs11_obj_get_flags: PKCS 11 API. (line 428)
4833 * gnutls_pkcs11_obj_get_info: Reading objects. (line 27)
4834 * gnutls_pkcs11_obj_get_info <1>: PKCS 11 API. (line 446)
4835 * gnutls_pkcs11_obj_get_type: PKCS 11 API. (line 471)
4836 * gnutls_pkcs11_obj_import_url: PKCS 11 API. (line 485)
4837 * gnutls_pkcs11_obj_init: PKCS 11 API. (line 507)
4838 * gnutls_pkcs11_obj_list_import_url: PKCS 11 API. (line 520)
4839 * gnutls_pkcs11_obj_list_import_url2: PKCS 11 API. (line 546)
4840 * gnutls_pkcs11_obj_set_info: PKCS 11 API. (line 577)
4841 * gnutls_pkcs11_obj_set_pin_function: PKCS 11 API. (line 602)
4842 * gnutls_pkcs11_privkey_deinit: PKCS 11 API. (line 620)
4843 * gnutls_pkcs11_privkey_export_pubkey: PKCS 11 API. (line 629)
4844 * gnutls_pkcs11_privkey_export_url: PKCS 11 API. (line 654)
4845 * gnutls_pkcs11_privkey_generate: PKCS 11 API. (line 671)
4846 * gnutls_pkcs11_privkey_generate2: PKCS 11 API. (line 696)
4847 * gnutls_pkcs11_privkey_generate3: PKCS 11 API. (line 732)
4848 * gnutls_pkcs11_privkey_get_info: PKCS 11 API. (line 770)
4849 * gnutls_pkcs11_privkey_get_pk_algorithm: PKCS 11 API. (line 793)
4850 * gnutls_pkcs11_privkey_import_url: PKCS 11 API. (line 809)
4851 * gnutls_pkcs11_privkey_init: PKCS 11 API. (line 829)
4852 * gnutls_pkcs11_privkey_set_pin_function: PKCS 11 API. (line 841)
4853 * gnutls_pkcs11_privkey_status: PKCS 11 API. (line 859)
4854 * gnutls_pkcs11_reinit: PKCS 11 API. (line 873)
4855 * gnutls_pkcs11_set_pin_function: PKCS 11 API. (line 890)
4856 * gnutls_pkcs11_set_token_function: PKCS 11 API. (line 905)
4857 * gnutls_pkcs11_token_get_flags: PKCS 11 API. (line 919)
4858 * gnutls_pkcs11_token_get_info: PKCS 11 API. (line 939)
4859 * gnutls_pkcs11_token_get_mechanism: PKCS 11 API. (line 962)
4860 * gnutls_pkcs11_token_get_random: PKCS 11 API. (line 982)
4861 * gnutls_pkcs11_token_get_url: PKCS 11 API. (line 1000)
4862 * gnutls_pkcs11_token_init: PKCS 11 API. (line 1020)
4863 * gnutls_pkcs11_token_set_pin: PKCS 11 API. (line 1039)
4864 * gnutls_pkcs11_type_get_name: PKCS 11 API. (line 1059)
4865 * gnutls_pkcs12_bag_decrypt: PKCS 12 API. (line 12)
4866 * gnutls_pkcs12_bag_deinit: PKCS 12 API. (line 27)
4867 * gnutls_pkcs12_bag_encrypt: PKCS 12 API. (line 35)
4868 * gnutls_pkcs12_bag_get_count: PKCS 12 API. (line 52)
4869 * gnutls_pkcs12_bag_get_data: PKCS 12 API. (line 64)
4870 * gnutls_pkcs12_bag_get_friendly_name: PKCS 12 API. (line 82)
4871 * gnutls_pkcs12_bag_get_key_id: PKCS 12 API. (line 101)
4872 * gnutls_pkcs12_bag_get_type: PKCS 12 API. (line 120)
4873 * gnutls_pkcs12_bag_init: PKCS 12 API. (line 133)
4874 * gnutls_pkcs12_bag_set_crl: PKCS 12 API. (line 146)
4875 * gnutls_pkcs12_bag_set_crt: PKCS 12 API. (line 161)
4876 * gnutls_pkcs12_bag_set_data: PKCS 12 API. (line 176)
4877 * gnutls_pkcs12_bag_set_friendly_name: PKCS 12 API. (line 193)
4878 * gnutls_pkcs12_bag_set_key_id: PKCS 12 API. (line 213)
4879 * gnutls_pkcs12_deinit: PKCS 12 API. (line 233)
4880 * gnutls_pkcs12_export: PKCS 12 API. (line 241)
4881 * gnutls_pkcs12_export2: PKCS 12 API. (line 269)
4882 * gnutls_pkcs12_generate_mac: PKCS 12 API. (line 293)
4883 * gnutls_pkcs12_get_bag: PKCS 12 API. (line 307)
4884 * gnutls_pkcs12_import: PKCS 12 API. (line 327)
4885 * gnutls_pkcs12_init: PKCS 12 API. (line 350)
4886 * gnutls_pkcs12_set_bag: PKCS 12 API. (line 363)
4887 * gnutls_pkcs12_simple_parse: Managing encrypted keys.
4889 * gnutls_pkcs12_simple_parse <1>: PKCS 12 API. (line 377)
4890 * gnutls_pkcs12_verify_mac: PKCS 12 API. (line 443)
4891 * gnutls_pkcs7_deinit: X509 certificate API.
4893 * gnutls_pkcs7_delete_crl: X509 certificate API.
4895 * gnutls_pkcs7_delete_crt: X509 certificate API.
4897 * gnutls_pkcs7_export: X509 certificate API.
4899 * gnutls_pkcs7_export2: X509 certificate API.
4901 * gnutls_pkcs7_get_crl_count: X509 certificate API.
4903 * gnutls_pkcs7_get_crl_raw: X509 certificate API.
4905 * gnutls_pkcs7_get_crt_count: X509 certificate API.
4907 * gnutls_pkcs7_get_crt_raw: X509 certificate API.
4909 * gnutls_pkcs7_import: X509 certificate API.
4911 * gnutls_pkcs7_init: X509 certificate API.
4913 * gnutls_pkcs7_set_crl: X509 certificate API.
4915 * gnutls_pkcs7_set_crl_raw: X509 certificate API.
4917 * gnutls_pkcs7_set_crt: X509 certificate API.
4919 * gnutls_pkcs7_set_crt_raw: X509 certificate API.
4921 * gnutls_pk_algorithm_get_name: Core TLS API. (line 3238)
4922 * gnutls_pk_bits_to_sec_param: Selecting cryptographic key sizes.
4924 * gnutls_pk_bits_to_sec_param <1>: Core TLS API. (line 3250)
4925 * gnutls_pk_get_id: Core TLS API. (line 3267)
4926 * gnutls_pk_get_name: Core TLS API. (line 3282)
4927 * gnutls_pk_list: Core TLS API. (line 3296)
4928 * gnutls_pk_to_sign: Core TLS API. (line 3310)
4929 * gnutls_prf: Core TLS API. (line 3325)
4930 * gnutls_prf_raw: Core TLS API. (line 3372)
4931 * gnutls_priority_certificate_type_list: Core TLS API. (line 3411)
4932 * gnutls_priority_cipher_list: Core TLS API. (line 3427)
4933 * gnutls_priority_compression_list: Core TLS API. (line 3442)
4934 * gnutls_priority_deinit: Core TLS API. (line 3458)
4935 * gnutls_priority_ecc_curve_list: Core TLS API. (line 3467)
4936 * gnutls_priority_get_cipher_suite_index: Core TLS API. (line 3482)
4937 * gnutls_priority_init: Core TLS API. (line 3505)
4938 * gnutls_priority_kx_list: Core TLS API. (line 3600)
4939 * gnutls_priority_mac_list: Core TLS API. (line 3616)
4940 * gnutls_priority_protocol_list: Core TLS API. (line 3631)
4941 * gnutls_priority_set: Core TLS API. (line 3647)
4942 * gnutls_priority_set_direct: Core TLS API. (line 3661)
4943 * gnutls_priority_sign_list: Core TLS API. (line 3685)
4944 * gnutls_privkey_decrypt_data: Operations. (line 133)
4945 * gnutls_privkey_decrypt_data <1>: Abstract key API. (line 232)
4946 * gnutls_privkey_deinit: Abstract key API. (line 255)
4947 * gnutls_privkey_export_dsa_raw: Abstract key API. (line 265)
4948 * gnutls_privkey_export_ecc_raw: Abstract key API. (line 292)
4949 * gnutls_privkey_export_rsa_raw: Abstract key API. (line 317)
4950 * gnutls_privkey_generate: Abstract key API. (line 351)
4951 * gnutls_privkey_get_pk_algorithm: Abstract key API. (line 380)
4952 * gnutls_privkey_get_type: Abstract key API. (line 399)
4953 * gnutls_privkey_import_dsa_raw: Abstract key API. (line 414)
4954 * gnutls_privkey_import_ecc_raw: Abstract key API. (line 440)
4955 * gnutls_privkey_import_ext: Abstract key API. (line 465)
4956 * gnutls_privkey_import_ext2: Abstract private keys.
4958 * gnutls_privkey_import_ext2 <1>: Abstract key API. (line 495)
4959 * gnutls_privkey_import_openpgp: Abstract key API. (line 532)
4960 * gnutls_privkey_import_openpgp_raw: Abstract key API. (line 559)
4961 * gnutls_privkey_import_pkcs11: Abstract key API. (line 584)
4962 * gnutls_privkey_import_pkcs11_url: Abstract key API. (line 610)
4963 * gnutls_privkey_import_rsa_raw: Abstract key API. (line 627)
4964 * gnutls_privkey_import_tpm_raw: Abstract key API. (line 660)
4965 * gnutls_privkey_import_tpm_url: Using keys. (line 16)
4966 * gnutls_privkey_import_tpm_url <1>: Abstract key API. (line 690)
4967 * gnutls_privkey_import_url: Abstract private keys.
4969 * gnutls_privkey_import_url <1>: Abstract key API. (line 721)
4970 * gnutls_privkey_import_x509: Abstract key API. (line 741)
4971 * gnutls_privkey_import_x509_raw: Managing encrypted keys.
4973 * gnutls_privkey_import_x509_raw <1>: Abstract key API. (line 767)
4974 * gnutls_privkey_init: Abstract key API. (line 794)
4975 * gnutls_privkey_set_pin_function: Abstract key API. (line 807)
4976 * gnutls_privkey_sign_data: Operations. (line 74)
4977 * gnutls_privkey_sign_data <1>: Abstract key API. (line 827)
4978 * gnutls_privkey_sign_hash: Operations. (line 102)
4979 * gnutls_privkey_sign_hash <1>: Abstract key API. (line 858)
4980 * gnutls_privkey_sign_raw_data: Compatibility API. (line 247)
4981 * gnutls_privkey_status: Abstract key API. (line 892)
4982 * gnutls_privkey_verify_params: Abstract key API. (line 908)
4983 * gnutls_protocol_get_id: Core TLS API. (line 3701)
4984 * gnutls_protocol_get_name: Core TLS API. (line 3713)
4985 * gnutls_protocol_get_version: Core TLS API. (line 3725)
4986 * gnutls_protocol_list: Core TLS API. (line 3736)
4987 * gnutls_protocol_set_priority: Compatibility API. (line 278)
4988 * gnutls_psk_allocate_client_credentials: Core TLS API. (line 3748)
4989 * gnutls_psk_allocate_server_credentials: Core TLS API. (line 3761)
4990 * gnutls_psk_client_get_hint: Core TLS API. (line 3774)
4991 * gnutls_psk_free_client_credentials: Core TLS API. (line 3790)
4992 * gnutls_psk_free_server_credentials: Core TLS API. (line 3800)
4993 * gnutls_psk_server_get_username: Core TLS API. (line 3810)
4994 * gnutls_psk_set_client_credentials: Core TLS API. (line 3822)
4995 * gnutls_psk_set_client_credentials_function: PSK credentials.
4997 * gnutls_psk_set_client_credentials_function <1>: Core TLS API.
4999 * gnutls_psk_set_params_function: Core TLS API. (line 3871)
5000 * gnutls_psk_set_server_credentials_file: PSK credentials. (line 58)
5001 * gnutls_psk_set_server_credentials_file <1>: Core TLS API. (line 3885)
5002 * gnutls_psk_set_server_credentials_function: Core TLS API. (line 3902)
5003 * gnutls_psk_set_server_credentials_hint: Core TLS API. (line 3927)
5004 * gnutls_psk_set_server_dh_params: Core TLS API. (line 3946)
5005 * gnutls_psk_set_server_params_function: Core TLS API. (line 3960)
5006 * gnutls_pubkey_deinit: Abstract key API. (line 921)
5007 * gnutls_pubkey_encrypt_data: Operations. (line 56)
5008 * gnutls_pubkey_encrypt_data <1>: Abstract key API. (line 931)
5009 * gnutls_pubkey_export: Abstract key API. (line 952)
5010 * gnutls_pubkey_export2: Abstract public keys.
5012 * gnutls_pubkey_export2 <1>: Abstract key API. (line 983)
5013 * gnutls_pubkey_export_dsa_raw: Abstract key API. (line 1008)
5014 * gnutls_pubkey_export_ecc_raw: Abstract key API. (line 1033)
5015 * gnutls_pubkey_export_ecc_x962: Abstract key API. (line 1056)
5016 * gnutls_pubkey_export_rsa_raw: Abstract key API. (line 1076)
5017 * gnutls_pubkey_get_key_id: Abstract key API. (line 1096)
5018 * gnutls_pubkey_get_key_usage: Abstract key API. (line 1125)
5019 * gnutls_pubkey_get_openpgp_key_id: Abstract key API. (line 1142)
5020 * gnutls_pubkey_get_pk_algorithm: Abstract key API. (line 1175)
5021 * gnutls_pubkey_get_preferred_hash_algorithm: Abstract key API.
5023 * gnutls_pubkey_get_verify_algorithm: Abstract key API. (line 1222)
5024 * gnutls_pubkey_import: Abstract key API. (line 1243)
5025 * gnutls_pubkey_import_dsa_raw: Abstract key API. (line 1264)
5026 * gnutls_pubkey_import_ecc_raw: Abstract key API. (line 1289)
5027 * gnutls_pubkey_import_ecc_x962: Abstract key API. (line 1311)
5028 * gnutls_pubkey_import_openpgp: Abstract key API. (line 1331)
5029 * gnutls_pubkey_import_openpgp_raw: Abstract key API. (line 1352)
5030 * gnutls_pubkey_import_pkcs11: Abstract key API. (line 1377)
5031 * gnutls_pubkey_import_pkcs11_url: Abstract key API. (line 1396)
5032 * gnutls_pubkey_import_privkey: Abstract key API. (line 1415)
5033 * gnutls_pubkey_import_rsa_raw: Abstract key API. (line 1436)
5034 * gnutls_pubkey_import_tpm_raw: Abstract key API. (line 1456)
5035 * gnutls_pubkey_import_tpm_url: Using keys. (line 44)
5036 * gnutls_pubkey_import_tpm_url <1>: Abstract key API. (line 1483)
5037 * gnutls_pubkey_import_url: Abstract key API. (line 1511)
5038 * gnutls_pubkey_import_x509: Abstract key API. (line 1530)
5039 * gnutls_pubkey_import_x509_crq: Abstract key API. (line 1549)
5040 * gnutls_pubkey_import_x509_raw: Abstract key API. (line 1568)
5041 * gnutls_pubkey_init: Abstract key API. (line 1590)
5042 * gnutls_pubkey_print: Abstract key API. (line 1603)
5043 * gnutls_pubkey_set_key_usage: Abstract key API. (line 1628)
5044 * gnutls_pubkey_set_pin_function: Abstract key API. (line 1646)
5045 * gnutls_pubkey_verify_data: Abstract key API. (line 1666)
5046 * gnutls_pubkey_verify_data2: Operations. (line 9)
5047 * gnutls_pubkey_verify_data2 <1>: Abstract key API. (line 1692)
5048 * gnutls_pubkey_verify_hash: Abstract key API. (line 1717)
5049 * gnutls_pubkey_verify_hash2: Operations. (line 31)
5050 * gnutls_pubkey_verify_hash2 <1>: Abstract key API. (line 1743)
5051 * gnutls_pubkey_verify_params: Abstract key API. (line 1771)
5052 * gnutls_random_art: Core TLS API. (line 3974)
5053 * gnutls_range_split: Core TLS API. (line 3999)
5054 * gnutls_record_can_use_length_hiding: Core TLS API. (line 4025)
5055 * gnutls_record_check_corked: Core TLS API. (line 4043)
5056 * gnutls_record_check_pending: Data transfer and termination.
5058 * gnutls_record_check_pending <1>: Core TLS API. (line 4057)
5059 * gnutls_record_cork: Buffered data transfer.
5061 * gnutls_record_cork <1>: Core TLS API. (line 4070)
5062 * gnutls_record_disable_padding: Core TLS API. (line 4084)
5063 * gnutls_record_get_direction: Asynchronous operation.
5065 * gnutls_record_get_direction <1>: Core TLS API. (line 4099)
5066 * gnutls_record_get_discarded: Datagram TLS API. (line 209)
5067 * gnutls_record_get_max_size: Core TLS API. (line 4122)
5068 * gnutls_record_overhead_size: Core TLS API. (line 4134)
5069 * gnutls_record_recv: Data transfer and termination.
5071 * gnutls_record_recv <1>: Core TLS API. (line 4146)
5072 * gnutls_record_recv_packet: Core TLS API. (line 4178)
5073 * gnutls_record_recv_seq: Data transfer and termination.
5075 * gnutls_record_recv_seq <1>: Core TLS API. (line 4202)
5076 * gnutls_record_send: Data transfer and termination.
5078 * gnutls_record_send <1>: Core TLS API. (line 4229)
5079 * gnutls_record_send_range: Core TLS API. (line 4269)
5080 * gnutls_record_set_max_empty_records: Core TLS API. (line 4299)
5081 * gnutls_record_set_max_size: Core TLS API. (line 4319)
5082 * gnutls_record_set_timeout: Core TLS API. (line 4343)
5083 * gnutls_record_uncork: Buffered data transfer.
5085 * gnutls_record_uncork <1>: Core TLS API. (line 4358)
5086 * gnutls_rehandshake: Core TLS API. (line 4383)
5087 * gnutls_rnd: Random number generation.
5089 * gnutls_rnd <1>: Cryptographic API. (line 460)
5090 * gnutls_rnd_refresh: Cryptographic API. (line 480)
5091 * gnutls_rsa_export_get_modulus_bits: Compatibility API. (line 293)
5092 * gnutls_rsa_export_get_pubkey: Compatibility API. (line 305)
5093 * gnutls_rsa_params_cpy: Compatibility API. (line 323)
5094 * gnutls_rsa_params_deinit: Compatibility API. (line 338)
5095 * gnutls_rsa_params_export_pkcs1: Compatibility API. (line 347)
5096 * gnutls_rsa_params_export_raw: Compatibility API. (line 374)
5097 * gnutls_rsa_params_generate2: Compatibility API. (line 404)
5098 * gnutls_rsa_params_import_pkcs1: Compatibility API. (line 425)
5099 * gnutls_rsa_params_import_raw: Compatibility API. (line 447)
5100 * gnutls_rsa_params_init: Compatibility API. (line 475)
5101 * gnutls_safe_renegotiation_status: Core TLS API. (line 4414)
5102 * gnutls_sec_param_get_name: Core TLS API. (line 4429)
5103 * gnutls_sec_param_to_pk_bits: Selecting cryptographic key sizes.
5105 * gnutls_sec_param_to_pk_bits <1>: Core TLS API. (line 4443)
5106 * gnutls_sec_param_to_symmetric_bits: Core TLS API. (line 4462)
5107 * gnutls_server_name_get: Core TLS API. (line 4476)
5108 * gnutls_server_name_set: Core TLS API. (line 4513)
5109 * gnutls_session_channel_binding: Core TLS API. (line 4540)
5110 * gnutls_session_enable_compatibility_mode: Core TLS API. (line 4561)
5111 * gnutls_session_force_valid: Core TLS API. (line 4579)
5112 * gnutls_session_get_data: Core TLS API. (line 4590)
5113 * gnutls_session_get_data2: Core TLS API. (line 4612)
5114 * gnutls_session_get_desc: Core TLS API. (line 4634)
5115 * gnutls_session_get_id: Core TLS API. (line 4648)
5116 * gnutls_session_get_id2: Core TLS API. (line 4672)
5117 * gnutls_session_get_ptr: Core TLS API. (line 4689)
5118 * gnutls_session_get_random: Core TLS API. (line 4701)
5119 * gnutls_session_is_resumed: Session resumption. (line 27)
5120 * gnutls_session_is_resumed <1>: Core TLS API. (line 4721)
5121 * gnutls_session_resumption_requested: Session resumption. (line 90)
5122 * gnutls_session_resumption_requested <1>: Core TLS API. (line 4732)
5123 * gnutls_session_set_data: Core TLS API. (line 4745)
5124 * gnutls_session_set_id: Core TLS API. (line 4768)
5125 * gnutls_session_set_premaster: Core TLS API. (line 4787)
5126 * gnutls_session_set_ptr: Core TLS API. (line 4822)
5127 * gnutls_session_ticket_enable_client: Core TLS API. (line 4835)
5128 * gnutls_session_ticket_enable_server: Session resumption. (line 62)
5129 * gnutls_session_ticket_enable_server <1>: Core TLS API. (line 4850)
5130 * gnutls_session_ticket_key_generate: Session resumption. (line 77)
5131 * gnutls_session_ticket_key_generate <1>: Core TLS API. (line 4868)
5132 * gnutls_set_default_export_priority: Compatibility API. (line 488)
5133 * gnutls_set_default_priority: Core TLS API. (line 4884)
5134 * gnutls_sign_algorithm_get: Core TLS API. (line 4896)
5135 * gnutls_sign_algorithm_get_client: Core TLS API. (line 4909)
5136 * gnutls_sign_algorithm_get_requested: Core TLS API. (line 4923)
5137 * gnutls_sign_callback_get: Compatibility API. (line 511)
5138 * gnutls_sign_callback_set: Compatibility API. (line 527)
5139 * gnutls_sign_get_hash_algorithm: Core TLS API. (line 4950)
5140 * gnutls_sign_get_id: Core TLS API. (line 4965)
5141 * gnutls_sign_get_name: Core TLS API. (line 4977)
5142 * gnutls_sign_get_pk_algorithm: Core TLS API. (line 4989)
5143 * gnutls_sign_is_secure: Core TLS API. (line 5004)
5144 * gnutls_sign_list: Core TLS API. (line 5014)
5145 * gnutls_srp_allocate_client_credentials: Core TLS API. (line 5024)
5146 * gnutls_srp_allocate_server_credentials: Core TLS API. (line 5037)
5147 * gnutls_srp_base64_decode: Core TLS API. (line 5050)
5148 * gnutls_srp_base64_decode_alloc: Core TLS API. (line 5072)
5149 * gnutls_srp_base64_encode: Core TLS API. (line 5092)
5150 * gnutls_srp_base64_encode_alloc: Core TLS API. (line 5114)
5151 * gnutls_srp_free_client_credentials: Core TLS API. (line 5135)
5152 * gnutls_srp_free_server_credentials: Core TLS API. (line 5145)
5153 * gnutls_srp_server_get_username: Core TLS API. (line 5155)
5154 * gnutls_srp_set_client_credentials: Core TLS API. (line 5168)
5155 * gnutls_srp_set_client_credentials_function: SRP credentials.
5157 * gnutls_srp_set_client_credentials_function <1>: Core TLS API.
5159 * gnutls_srp_set_prime_bits: Core TLS API. (line 5219)
5160 * gnutls_srp_set_server_credentials_file: SRP credentials. (line 53)
5161 * gnutls_srp_set_server_credentials_file <1>: Core TLS API. (line 5240)
5162 * gnutls_srp_set_server_credentials_function: SRP credentials.
5164 * gnutls_srp_set_server_credentials_function <1>: Core TLS API.
5166 * gnutls_srp_set_server_fake_salt_seed: Core TLS API. (line 5298)
5167 * gnutls_srp_verifier: Authentication using SRP.
5169 * gnutls_srp_verifier <1>: Core TLS API. (line 5335)
5170 * gnutls_srtp_get_keys: SRTP. (line 31)
5171 * gnutls_srtp_get_keys <1>: Core TLS API. (line 5364)
5172 * gnutls_srtp_get_mki: Core TLS API. (line 5402)
5173 * gnutls_srtp_get_profile_id: Core TLS API. (line 5420)
5174 * gnutls_srtp_get_profile_name: Core TLS API. (line 5436)
5175 * gnutls_srtp_get_selected_profile: Core TLS API. (line 5451)
5176 * gnutls_srtp_set_mki: Core TLS API. (line 5467)
5177 * gnutls_srtp_set_profile: Core TLS API. (line 5484)
5178 * gnutls_srtp_set_profile_direct: Core TLS API. (line 5501)
5179 * gnutls_store_commitment: Certificate verification.
5181 * gnutls_store_commitment <1>: Core TLS API. (line 5522)
5182 * gnutls_store_pubkey: Certificate verification.
5184 * gnutls_store_pubkey <1>: Core TLS API. (line 5562)
5185 * gnutls_strerror: Core TLS API. (line 5599)
5186 * gnutls_strerror_name: Core TLS API. (line 5613)
5187 * gnutls_subject_alt_names_deinit: X509 certificate API.
5189 * gnutls_subject_alt_names_get: X509 certificate API.
5191 * gnutls_subject_alt_names_init: X509 certificate API.
5193 * gnutls_subject_alt_names_set: X509 certificate API.
5195 * gnutls_supplemental_get_name: Core TLS API. (line 5628)
5196 * gnutls_tdb_deinit: Core TLS API. (line 5641)
5197 * gnutls_tdb_init: Core TLS API. (line 5650)
5198 * gnutls_tdb_set_store_commitment_func: Core TLS API. (line 5661)
5199 * gnutls_tdb_set_store_func: Core TLS API. (line 5681)
5200 * gnutls_tdb_set_verify_func: Core TLS API. (line 5700)
5201 * gnutls_tpm_get_registered: TPM API. (line 12)
5202 * gnutls_tpm_key_list_deinit: TPM API. (line 27)
5203 * gnutls_tpm_key_list_get_url: TPM API. (line 38)
5204 * gnutls_tpm_privkey_delete: Key generation. (line 52)
5205 * gnutls_tpm_privkey_delete <1>: Using keys. (line 82)
5206 * gnutls_tpm_privkey_delete <2>: TPM API. (line 60)
5207 * gnutls_tpm_privkey_generate: Key generation. (line 9)
5208 * gnutls_tpm_privkey_generate <1>: TPM API. (line 76)
5209 * gnutls_transport_get_int: Core TLS API. (line 5722)
5210 * gnutls_transport_get_int2: Core TLS API. (line 5736)
5211 * gnutls_transport_get_ptr: Core TLS API. (line 5753)
5212 * gnutls_transport_get_ptr2: Core TLS API. (line 5766)
5213 * gnutls_transport_set_errno: Setting up the transport layer.
5215 * gnutls_transport_set_errno <1>: Core TLS API. (line 5782)
5216 * gnutls_transport_set_errno_function: Core TLS API. (line 5802)
5217 * gnutls_transport_set_int: Core TLS API. (line 5820)
5218 * gnutls_transport_set_int2: Core TLS API. (line 5834)
5219 * gnutls_transport_set_ptr: Core TLS API. (line 5852)
5220 * gnutls_transport_set_ptr2: Core TLS API. (line 5865)
5221 * gnutls_transport_set_pull_function: Setting up the transport layer.
5223 * gnutls_transport_set_pull_function <1>: Core TLS API. (line 5882)
5224 * gnutls_transport_set_pull_timeout_function: Setting up the transport layer.
5226 * gnutls_transport_set_pull_timeout_function <1>: Setting up the transport layer.
5228 * gnutls_transport_set_pull_timeout_function <2>: Core TLS API.
5230 * gnutls_transport_set_push_function: Setting up the transport layer.
5232 * gnutls_transport_set_push_function <1>: Core TLS API. (line 5925)
5233 * gnutls_transport_set_vec_push_function: Setting up the transport layer.
5235 * gnutls_transport_set_vec_push_function <1>: Core TLS API. (line 5945)
5236 * gnutls_url_is_supported: Abstract public keys.
5238 * gnutls_url_is_supported <1>: Core TLS API. (line 5964)
5239 * gnutls_verify_stored_pubkey: Certificate verification.
5241 * gnutls_verify_stored_pubkey <1>: Core TLS API. (line 5978)
5242 * gnutls_x509_aia_deinit: X509 certificate API.
5244 * gnutls_x509_aia_get: X509 certificate API.
5246 * gnutls_x509_aia_init: X509 certificate API.
5248 * gnutls_x509_aia_set: X509 certificate API.
5250 * gnutls_x509_aki_deinit: X509 certificate API.
5252 * gnutls_x509_aki_get_cert_issuer: X509 certificate API.
5254 * gnutls_x509_aki_get_id: X509 certificate API.
5256 * gnutls_x509_aki_init: X509 certificate API.
5258 * gnutls_x509_aki_set_cert_issuer: X509 certificate API.
5260 * gnutls_x509_aki_set_id: X509 certificate API.
5262 * gnutls_x509_crl_check_issuer: X509 certificate API.
5264 * gnutls_x509_crl_deinit: X509 certificate API.
5266 * gnutls_x509_crl_dist_points_deinit: X509 certificate API.
5268 * gnutls_x509_crl_dist_points_get: X509 certificate API.
5270 * gnutls_x509_crl_dist_points_init: X509 certificate API.
5272 * gnutls_x509_crl_dist_points_set: X509 certificate API.
5274 * gnutls_x509_crl_export: X509 certificate API.
5276 * gnutls_x509_crl_export2: X509 certificate API.
5278 * gnutls_x509_crl_get_authority_key_gn_serial: X509 certificate API.
5280 * gnutls_x509_crl_get_authority_key_id: X509 certificate API.
5282 * gnutls_x509_crl_get_crt_count: X509 certificate API.
5284 * gnutls_x509_crl_get_crt_serial: PKIX certificate revocation lists.
5286 * gnutls_x509_crl_get_crt_serial <1>: X509 certificate API.
5288 * gnutls_x509_crl_get_dn_oid: X509 certificate API.
5290 * gnutls_x509_crl_get_extension_data: X509 certificate API.
5292 * gnutls_x509_crl_get_extension_data2: X509 certificate API.
5294 * gnutls_x509_crl_get_extension_info: X509 certificate API.
5296 * gnutls_x509_crl_get_extension_oid: X509 certificate API.
5298 * gnutls_x509_crl_get_issuer_dn: X509 certificate API.
5300 * gnutls_x509_crl_get_issuer_dn2: X509 certificate API.
5302 * gnutls_x509_crl_get_issuer_dn_by_oid: X509 certificate API.
5304 * gnutls_x509_crl_get_next_update: X509 certificate API.
5306 * gnutls_x509_crl_get_number: X509 certificate API.
5308 * gnutls_x509_crl_get_raw_issuer_dn: X509 certificate API.
5310 * gnutls_x509_crl_get_signature: X509 certificate API.
5312 * gnutls_x509_crl_get_signature_algorithm: X509 certificate API.
5314 * gnutls_x509_crl_get_this_update: X509 certificate API.
5316 * gnutls_x509_crl_get_version: X509 certificate API.
5318 * gnutls_x509_crl_import: X509 certificate API.
5320 * gnutls_x509_crl_init: X509 certificate API.
5322 * gnutls_x509_crl_iter_crt_serial: X509 certificate API.
5324 * gnutls_x509_crl_iter_deinit: X509 certificate API.
5326 * gnutls_x509_crl_list_import: X509 certificate API.
5328 * gnutls_x509_crl_list_import2: X509 certificate API.
5330 * gnutls_x509_crl_print: X509 certificate API.
5332 * gnutls_x509_crl_privkey_sign: PKIX certificate revocation lists.
5334 * gnutls_x509_crl_privkey_sign <1>: Abstract key API. (line 1784)
5335 * gnutls_x509_crl_set_authority_key_id: X509 certificate API.
5337 * gnutls_x509_crl_set_crt: X509 certificate API.
5339 * gnutls_x509_crl_set_crt_serial: X509 certificate API.
5341 * gnutls_x509_crl_set_next_update: X509 certificate API.
5343 * gnutls_x509_crl_set_number: X509 certificate API.
5345 * gnutls_x509_crl_set_this_update: X509 certificate API.
5347 * gnutls_x509_crl_set_version: X509 certificate API.
5349 * gnutls_x509_crl_sign: Compatibility API. (line 552)
5350 * gnutls_x509_crl_sign2: PKIX certificate revocation lists.
5352 * gnutls_x509_crl_sign2 <1>: X509 certificate API.
5354 * gnutls_x509_crl_verify: X509 certificate API.
5356 * gnutls_x509_crq_deinit: X509 certificate API.
5358 * gnutls_x509_crq_export: X509 certificate API.
5360 * gnutls_x509_crq_export2: X509 certificate API.
5362 * gnutls_x509_crq_get_attribute_by_oid: X509 certificate API.
5364 * gnutls_x509_crq_get_attribute_data: X509 certificate API.
5366 * gnutls_x509_crq_get_attribute_info: X509 certificate API.
5368 * gnutls_x509_crq_get_basic_constraints: X509 certificate API.
5370 * gnutls_x509_crq_get_challenge_password: X509 certificate API.
5372 * gnutls_x509_crq_get_dn: X509 certificate API.
5374 * gnutls_x509_crq_get_dn2: X509 certificate API.
5376 * gnutls_x509_crq_get_dn_by_oid: X509 certificate API.
5378 * gnutls_x509_crq_get_dn_oid: X509 certificate API.
5380 * gnutls_x509_crq_get_extension_by_oid: X509 certificate API.
5382 * gnutls_x509_crq_get_extension_by_oid2: X509 certificate API.
5384 * gnutls_x509_crq_get_extension_data: X509 certificate API.
5386 * gnutls_x509_crq_get_extension_data2: X509 certificate API.
5388 * gnutls_x509_crq_get_extension_info: X509 certificate API.
5390 * gnutls_x509_crq_get_key_id: X509 certificate API.
5392 * gnutls_x509_crq_get_key_purpose_oid: X509 certificate API.
5394 * gnutls_x509_crq_get_key_rsa_raw: X509 certificate API.
5396 * gnutls_x509_crq_get_key_usage: X509 certificate API.
5398 * gnutls_x509_crq_get_pk_algorithm: X509 certificate API.
5400 * gnutls_x509_crq_get_private_key_usage_period: X509 certificate API.
5402 * gnutls_x509_crq_get_subject_alt_name: X509 certificate API.
5404 * gnutls_x509_crq_get_subject_alt_othername_oid: X509 certificate API.
5406 * gnutls_x509_crq_get_version: X509 certificate API.
5408 * gnutls_x509_crq_import: X509 certificate API.
5410 * gnutls_x509_crq_init: X509 certificate API.
5412 * gnutls_x509_crq_print: X509 certificate API.
5414 * gnutls_x509_crq_privkey_sign: Abstract key API. (line 1812)
5415 * gnutls_x509_crq_set_attribute_by_oid: X509 certificate API.
5417 * gnutls_x509_crq_set_basic_constraints: X509 certificate API.
5419 * gnutls_x509_crq_set_challenge_password: X509 certificate API.
5421 * gnutls_x509_crq_set_dn: X509 certificate API.
5423 * gnutls_x509_crq_set_dn_by_oid: X509 certificate API.
5425 * gnutls_x509_crq_set_key: PKCS 10 certificate requests.
5427 * gnutls_x509_crq_set_key <1>: X509 certificate API.
5429 * gnutls_x509_crq_set_key_purpose_oid: X509 certificate API.
5431 * gnutls_x509_crq_set_key_rsa_raw: X509 certificate API.
5433 * gnutls_x509_crq_set_key_usage: X509 certificate API.
5435 * gnutls_x509_crq_set_private_key_usage_period: X509 certificate API.
5437 * gnutls_x509_crq_set_pubkey: Operations. (line 157)
5438 * gnutls_x509_crq_set_pubkey <1>: Abstract key API. (line 1841)
5439 * gnutls_x509_crq_set_subject_alt_name: X509 certificate API.
5441 * gnutls_x509_crq_set_version: X509 certificate API.
5443 * gnutls_x509_crq_sign: Compatibility API. (line 571)
5444 * gnutls_x509_crq_sign2: PKCS 10 certificate requests.
5446 * gnutls_x509_crq_sign2 <1>: X509 certificate API.
5448 * gnutls_x509_crq_verify: X509 certificate API.
5450 * gnutls_x509_crt_check_hostname: X509 certificate API.
5452 * gnutls_x509_crt_check_hostname2: X509 certificate API.
5454 * gnutls_x509_crt_check_issuer: X509 certificate API.
5456 * gnutls_x509_crt_check_revocation: X509 certificate API.
5458 * gnutls_x509_crt_cpy_crl_dist_points: X509 certificate API.
5460 * gnutls_x509_crt_deinit: X509 certificate API.
5462 * gnutls_x509_crt_export: X509 certificate API.
5464 * gnutls_x509_crt_export2: X509 certificate API.
5466 * gnutls_x509_crt_get_activation_time: X509 certificate API.
5468 * gnutls_x509_crt_get_authority_info_access: X509 certificate API.
5470 * gnutls_x509_crt_get_authority_key_gn_serial: X509 certificate API.
5472 * gnutls_x509_crt_get_authority_key_id: X509 certificate API.
5474 * gnutls_x509_crt_get_basic_constraints: X509 certificate API.
5476 * gnutls_x509_crt_get_ca_status: X509 certificate API.
5478 * gnutls_x509_crt_get_crl_dist_points: X509 certificate API.
5480 * gnutls_x509_crt_get_dn: X509 certificate API.
5482 * gnutls_x509_crt_get_dn2: X.509 distinguished names.
5484 * gnutls_x509_crt_get_dn2 <1>: X509 certificate API.
5486 * gnutls_x509_crt_get_dn_by_oid: X509 certificate API.
5488 * gnutls_x509_crt_get_dn_oid: X509 certificate API.
5490 * gnutls_x509_crt_get_expiration_time: X509 certificate API.
5492 * gnutls_x509_crt_get_extension_by_oid: X509 certificate API.
5494 * gnutls_x509_crt_get_extension_by_oid2: X509 certificate API.
5496 * gnutls_x509_crt_get_extension_data: X509 certificate API.
5498 * gnutls_x509_crt_get_extension_data2: X509 certificate API.
5500 * gnutls_x509_crt_get_extension_info: X509 certificate API.
5502 * gnutls_x509_crt_get_extension_oid: X509 certificate API.
5504 * gnutls_x509_crt_get_fingerprint: X509 certificate API.
5506 * gnutls_x509_crt_get_issuer: X509 certificate API.
5508 * gnutls_x509_crt_get_issuer_alt_name: X509 certificate API.
5510 * gnutls_x509_crt_get_issuer_alt_name2: X509 certificate API.
5512 * gnutls_x509_crt_get_issuer_alt_othername_oid: X509 certificate API.
5514 * gnutls_x509_crt_get_issuer_dn: X509 certificate API.
5516 * gnutls_x509_crt_get_issuer_dn2: X509 certificate API.
5518 * gnutls_x509_crt_get_issuer_dn_by_oid: X509 certificate API.
5520 * gnutls_x509_crt_get_issuer_dn_oid: X509 certificate API.
5522 * gnutls_x509_crt_get_issuer_unique_id: X509 certificate API.
5524 * gnutls_x509_crt_get_key_id: X.509 public and private keys.
5526 * gnutls_x509_crt_get_key_id <1>: X509 certificate API.
5528 * gnutls_x509_crt_get_key_purpose_oid: X509 certificate API.
5530 * gnutls_x509_crt_get_key_usage: X509 certificate API.
5532 * gnutls_x509_crt_get_name_constraints: X509 certificate API.
5534 * gnutls_x509_crt_get_pk_algorithm: X509 certificate API.
5536 * gnutls_x509_crt_get_pk_dsa_raw: X509 certificate API.
5538 * gnutls_x509_crt_get_pk_rsa_raw: X509 certificate API.
5540 * gnutls_x509_crt_get_policy: X509 certificate API.
5542 * gnutls_x509_crt_get_preferred_hash_algorithm: Compatibility API.
5544 * gnutls_x509_crt_get_private_key_usage_period: X509 certificate API.
5546 * gnutls_x509_crt_get_proxy: X509 certificate API.
5548 * gnutls_x509_crt_get_raw_dn: X509 certificate API.
5550 * gnutls_x509_crt_get_raw_issuer_dn: X509 certificate API.
5552 * gnutls_x509_crt_get_serial: X509 certificate API.
5554 * gnutls_x509_crt_get_signature: X509 certificate API.
5556 * gnutls_x509_crt_get_signature_algorithm: X509 certificate API.
5558 * gnutls_x509_crt_get_subject: X509 certificate API.
5560 * gnutls_x509_crt_get_subject_alt_name: X509 certificate API.
5562 * gnutls_x509_crt_get_subject_alt_name2: X509 certificate API.
5564 * gnutls_x509_crt_get_subject_alt_othername_oid: X509 certificate API.
5566 * gnutls_x509_crt_get_subject_key_id: X509 certificate API.
5568 * gnutls_x509_crt_get_subject_unique_id: X509 certificate API.
5570 * gnutls_x509_crt_get_verify_algorithm: Compatibility API. (line 615)
5571 * gnutls_x509_crt_get_version: X509 certificate API.
5573 * gnutls_x509_crt_import: X509 certificate API.
5575 * gnutls_x509_crt_import_pkcs11: PKCS 11 API. (line 1075)
5576 * gnutls_x509_crt_import_pkcs11_url: PKCS 11 API. (line 1092)
5577 * gnutls_x509_crt_init: X509 certificate API.
5579 * gnutls_x509_crt_list_import: X509 certificate API.
5581 * gnutls_x509_crt_list_import2: X509 certificate API.
5583 * gnutls_x509_crt_list_import_pkcs11: PKCS 11 API. (line 1112)
5584 * gnutls_x509_crt_list_verify: X509 certificate API.
5586 * gnutls_x509_crt_print: X509 certificate API.
5588 * gnutls_x509_crt_privkey_sign: Abstract key API. (line 1858)
5589 * gnutls_x509_crt_set_activation_time: X509 certificate API.
5591 * gnutls_x509_crt_set_authority_info_access: X509 certificate API.
5593 * gnutls_x509_crt_set_authority_key_id: X509 certificate API.
5595 * gnutls_x509_crt_set_basic_constraints: X509 certificate API.
5597 * gnutls_x509_crt_set_ca_status: X509 certificate API.
5599 * gnutls_x509_crt_set_crl_dist_points: X509 certificate API.
5601 * gnutls_x509_crt_set_crl_dist_points2: X509 certificate API.
5603 * gnutls_x509_crt_set_crq: X509 certificate API.
5605 * gnutls_x509_crt_set_crq_extensions: X509 certificate API.
5607 * gnutls_x509_crt_set_dn: X509 certificate API.
5609 * gnutls_x509_crt_set_dn_by_oid: X509 certificate API.
5611 * gnutls_x509_crt_set_expiration_time: X509 certificate API.
5613 * gnutls_x509_crt_set_extension_by_oid: X509 certificate API.
5615 * gnutls_x509_crt_set_issuer_alt_name: X509 certificate API.
5617 * gnutls_x509_crt_set_issuer_dn: X509 certificate API.
5619 * gnutls_x509_crt_set_issuer_dn_by_oid: X509 certificate API.
5621 * gnutls_x509_crt_set_issuer_unique_id: X509 certificate API.
5623 * gnutls_x509_crt_set_key: X509 certificate API.
5625 * gnutls_x509_crt_set_key_purpose_oid: X509 certificate API.
5627 * gnutls_x509_crt_set_key_usage: X509 certificate API.
5629 * gnutls_x509_crt_set_name_constraints: X509 certificate API.
5631 * gnutls_x509_crt_set_pin_function: X509 certificate API.
5633 * gnutls_x509_crt_set_policy: X509 certificate API.
5635 * gnutls_x509_crt_set_private_key_usage_period: X509 certificate API.
5637 * gnutls_x509_crt_set_proxy: X509 certificate API.
5639 * gnutls_x509_crt_set_proxy_dn: X509 certificate API.
5641 * gnutls_x509_crt_set_pubkey: Operations. (line 171)
5642 * gnutls_x509_crt_set_pubkey <1>: Abstract key API. (line 1883)
5643 * gnutls_x509_crt_set_serial: X509 certificate API.
5645 * gnutls_x509_crt_set_subject_alternative_name: X509 certificate API.
5647 * gnutls_x509_crt_set_subject_alt_name: X509 certificate API.
5649 * gnutls_x509_crt_set_subject_key_id: X509 certificate API.
5651 * gnutls_x509_crt_set_subject_unique_id: X509 certificate API.
5653 * gnutls_x509_crt_set_version: X509 certificate API.
5655 * gnutls_x509_crt_sign: X509 certificate API.
5657 * gnutls_x509_crt_sign2: X509 certificate API.
5659 * gnutls_x509_crt_verify: X509 certificate API.
5661 * gnutls_x509_crt_verify_data: Compatibility API. (line 638)
5662 * gnutls_x509_crt_verify_hash: Compatibility API. (line 662)
5663 * gnutls_x509_dn_deinit: X509 certificate API.
5665 * gnutls_x509_dn_export: X509 certificate API.
5667 * gnutls_x509_dn_export2: X509 certificate API.
5669 * gnutls_x509_dn_get_rdn_ava: X.509 distinguished names.
5671 * gnutls_x509_dn_get_rdn_ava <1>: X509 certificate API.
5673 * gnutls_x509_dn_import: X509 certificate API.
5675 * gnutls_x509_dn_init: X509 certificate API.
5677 * gnutls_x509_dn_oid_known: X509 certificate API.
5679 * gnutls_x509_dn_oid_name: X509 certificate API.
5681 * gnutls_x509_ext_deinit: X509 certificate API.
5683 * gnutls_x509_ext_export_aia: X509 certificate API.
5685 * gnutls_x509_ext_export_authority_key_id: X509 certificate API.
5687 * gnutls_x509_ext_export_basic_constraints: X509 certificate API.
5689 * gnutls_x509_ext_export_crl_dist_points: X509 certificate API.
5691 * gnutls_x509_ext_export_key_purposes: X509 certificate API.
5693 * gnutls_x509_ext_export_key_usage: X509 certificate API.
5695 * gnutls_x509_ext_export_name_constraints: X509 certificate API.
5697 * gnutls_x509_ext_export_policies: X509 certificate API.
5699 * gnutls_x509_ext_export_private_key_usage_period: X509 certificate API.
5701 * gnutls_x509_ext_export_proxy: X509 certificate API.
5703 * gnutls_x509_ext_export_subject_alt_names: X509 certificate API.
5705 * gnutls_x509_ext_export_subject_key_id: X509 certificate API.
5707 * gnutls_x509_ext_import_aia: X509 certificate API.
5709 * gnutls_x509_ext_import_authority_key_id: X509 certificate API.
5711 * gnutls_x509_ext_import_basic_constraints: X509 certificate API.
5713 * gnutls_x509_ext_import_crl_dist_points: X509 certificate API.
5715 * gnutls_x509_ext_import_key_purposes: X509 certificate API.
5717 * gnutls_x509_ext_import_key_usage: X509 certificate API.
5719 * gnutls_x509_ext_import_name_constraints: X509 certificate API.
5721 * gnutls_x509_ext_import_policies: X509 certificate API.
5723 * gnutls_x509_ext_import_private_key_usage_period: X509 certificate API.
5725 * gnutls_x509_ext_import_proxy: X509 certificate API.
5727 * gnutls_x509_ext_import_subject_alt_names: X509 certificate API.
5729 * gnutls_x509_ext_import_subject_key_id: X509 certificate API.
5731 * gnutls_x509_ext_print: X509 certificate API.
5733 * gnutls_x509_key_purpose_deinit: X509 certificate API.
5735 * gnutls_x509_key_purpose_get: X509 certificate API.
5737 * gnutls_x509_key_purpose_init: X509 certificate API.
5739 * gnutls_x509_key_purpose_set: X509 certificate API.
5741 * gnutls_x509_name_constraints_add_excluded: X509 certificate API.
5743 * gnutls_x509_name_constraints_add_permitted: X509 certificate API.
5745 * gnutls_x509_name_constraints_check: X509 certificate API.
5747 * gnutls_x509_name_constraints_check_crt: X509 certificate API.
5749 * gnutls_x509_name_constraints_deinit: X509 certificate API.
5751 * gnutls_x509_name_constraints_get_excluded: X509 certificate API.
5753 * gnutls_x509_name_constraints_get_permitted: X509 certificate API.
5755 * gnutls_x509_name_constraints_init: X509 certificate API.
5757 * gnutls_x509_othername_to_virtual: X509 certificate API.
5759 * gnutls_x509_policies_deinit: X509 certificate API.
5761 * gnutls_x509_policies_get: X509 certificate API.
5763 * gnutls_x509_policies_init: X509 certificate API.
5765 * gnutls_x509_policies_set: X509 certificate API.
5767 * gnutls_x509_policy_release: X509 certificate API.
5769 * gnutls_x509_privkey_cpy: X509 certificate API.
5771 * gnutls_x509_privkey_deinit: X509 certificate API.
5773 * gnutls_x509_privkey_export: X509 certificate API.
5775 * gnutls_x509_privkey_export2: X509 certificate API.
5777 * gnutls_x509_privkey_export2_pkcs8: X509 certificate API.
5779 * gnutls_x509_privkey_export_dsa_raw: X509 certificate API.
5781 * gnutls_x509_privkey_export_ecc_raw: X509 certificate API.
5783 * gnutls_x509_privkey_export_pkcs8: X509 certificate API.
5785 * gnutls_x509_privkey_export_rsa_raw: X509 certificate API.
5787 * gnutls_x509_privkey_export_rsa_raw2: X509 certificate API.
5789 * gnutls_x509_privkey_fix: X509 certificate API.
5791 * gnutls_x509_privkey_generate: X509 certificate API.
5793 * gnutls_x509_privkey_get_key_id: X509 certificate API.
5795 * gnutls_x509_privkey_get_pk_algorithm: X509 certificate API.
5797 * gnutls_x509_privkey_get_pk_algorithm2: X509 certificate API.
5799 * gnutls_x509_privkey_import: X509 certificate API.
5801 * gnutls_x509_privkey_import2: Managing encrypted keys.
5803 * gnutls_x509_privkey_import2 <1>: X509 certificate API.
5805 * gnutls_x509_privkey_import_dsa_raw: X509 certificate API.
5807 * gnutls_x509_privkey_import_ecc_raw: X509 certificate API.
5809 * gnutls_x509_privkey_import_openssl: Managing encrypted keys.
5811 * gnutls_x509_privkey_import_openssl <1>: X509 certificate API.
5813 * gnutls_x509_privkey_import_pkcs8: X509 certificate API.
5815 * gnutls_x509_privkey_import_rsa_raw: X509 certificate API.
5817 * gnutls_x509_privkey_import_rsa_raw2: X509 certificate API.
5819 * gnutls_x509_privkey_init: X509 certificate API.
5821 * gnutls_x509_privkey_sec_param: X509 certificate API.
5823 * gnutls_x509_privkey_sign_data: Compatibility API. (line 686)
5824 * gnutls_x509_privkey_sign_hash: Compatibility API. (line 723)
5825 * gnutls_x509_privkey_verify_params: X509 certificate API.
5827 * gnutls_x509_rdn_get: X509 certificate API.
5829 * gnutls_x509_rdn_get_by_oid: X509 certificate API.
5831 * gnutls_x509_rdn_get_oid: X509 certificate API.
5833 * gnutls_x509_trust_list_add_cas: Verifying X.509 certificate paths.
5835 * gnutls_x509_trust_list_add_cas <1>: X509 certificate API.
5837 * gnutls_x509_trust_list_add_crls: Verifying X.509 certificate paths.
5839 * gnutls_x509_trust_list_add_crls <1>: X509 certificate API.
5841 * gnutls_x509_trust_list_add_named_crt: Verifying X.509 certificate paths.
5843 * gnutls_x509_trust_list_add_named_crt <1>: X509 certificate API.
5845 * gnutls_x509_trust_list_add_system_trust: Verifying X.509 certificate paths.
5847 * gnutls_x509_trust_list_add_system_trust <1>: X509 certificate API.
5849 * gnutls_x509_trust_list_add_trust_dir: X509 certificate API.
5851 * gnutls_x509_trust_list_add_trust_file: Verifying X.509 certificate paths.
5853 * gnutls_x509_trust_list_add_trust_file <1>: X509 certificate API.
5855 * gnutls_x509_trust_list_add_trust_mem: Verifying X.509 certificate paths.
5857 * gnutls_x509_trust_list_add_trust_mem <1>: X509 certificate API.
5859 * gnutls_x509_trust_list_deinit: X509 certificate API.
5861 * gnutls_x509_trust_list_get_issuer: X509 certificate API.
5863 * gnutls_x509_trust_list_init: X509 certificate API.
5865 * gnutls_x509_trust_list_remove_cas: X509 certificate API.
5867 * gnutls_x509_trust_list_remove_trust_file: X509 certificate API.
5869 * gnutls_x509_trust_list_remove_trust_mem: X509 certificate API.
5871 * gnutls_x509_trust_list_verify_crt: Verifying X.509 certificate paths.
5873 * gnutls_x509_trust_list_verify_crt <1>: X509 certificate API.
5875 * gnutls_x509_trust_list_verify_crt2: Verifying X.509 certificate paths.
5877 * gnutls_x509_trust_list_verify_crt2 <1>: X509 certificate API.
5879 * gnutls_x509_trust_list_verify_named_crt: Verifying X.509 certificate paths.
5881 * gnutls_x509_trust_list_verify_named_crt <1>: X509 certificate API.
5885 File: gnutls.info, Node: Concept Index, Prev: Function and Data Index, Up: Top
5893 * abstract types: Abstract key types. (line 6)
5894 * alert protocol: The TLS Alert Protocol.
5896 * ALPN: Application Layer Protocol Negotiation (ALPN).
5898 * anonymous authentication: Anonymous authentication.
5900 * API reference: API reference. (line 6)
5901 * Application Layer Protocol Negotiation: Application Layer Protocol Negotiation (ALPN).
5903 * authentication methods: Authentication methods.
5905 * bad_record_mac: On Record Padding. (line 6)
5906 * callback functions: Callback functions. (line 6)
5907 * certificate authentication: Certificate authentication.
5909 * certificate authentication <1>: More on certificate authentication.
5911 * certificate requests: PKCS 10 certificate requests.
5913 * certificate revocation lists: PKIX certificate revocation lists.
5915 * certificate status: OCSP certificate status checking.
5917 * Certificate status request: OCSP status request. (line 6)
5918 * Certificate verification: Advanced certificate verification.
5920 * certification: Certification. (line 6)
5921 * certtool: certtool Invocation. (line 6)
5922 * certtool help: certtool Invocation. (line 21)
5923 * channel bindings: Channel Bindings. (line 6)
5924 * ciphersuites: Supported ciphersuites.
5926 * client certificate authentication: Client Authentication.
5928 * compression algorithms: Compression algorithms used in the record layer.
5930 * contributing: Contributing. (line 6)
5931 * CRL: PKIX certificate revocation lists.
5933 * DANE: Verifying a certificate using DANE.
5935 * DANE <1>: Certificate verification.
5937 * danetool: danetool Invocation. (line 6)
5938 * danetool help: danetool Invocation. (line 15)
5939 * deriving keys: Deriving keys for other applications/protocols.
5941 * digital signatures: Digital signatures. (line 6)
5942 * DNSSEC: Verifying a certificate using DANE.
5944 * DNSSEC <1>: Certificate verification.
5946 * download: Downloading and installing.
5948 * Encrypted keys: Managing encrypted keys.
5950 * error codes: Error codes. (line 6)
5951 * example programs: GnuTLS application examples.
5953 * examples: GnuTLS application examples.
5955 * exporting keying material: Deriving keys for other applications/protocols.
5957 * FDL, GNU Free Documentation License: Copying Information. (line 6)
5958 * fork: Sessions and fork. (line 6)
5959 * generating parameters: Parameter generation.
5961 * gnutls-cli: gnutls-cli Invocation.
5963 * gnutls-cli help: gnutls-cli Invocation.
5965 * gnutls-cli-debug: gnutls-cli-debug Invocation.
5967 * gnutls-cli-debug help: gnutls-cli-debug Invocation.
5969 * gnutls-serv: gnutls-serv Invocation.
5971 * gnutls-serv help: gnutls-serv Invocation.
5973 * hacking: Contributing. (line 6)
5974 * handshake protocol: The TLS Handshake Protocol.
5976 * hardware security modules: Smart cards and HSMs.
5978 * hardware tokens: Smart cards and HSMs.
5980 * hash functions: Hash and HMAC functions.
5982 * heartbeat: HeartBeat. (line 6)
5983 * HMAC functions: Hash and HMAC functions.
5985 * installation: Downloading and installing.
5987 * internal architecture: Internal architecture of GnuTLS.
5989 * key extraction: Deriving keys for other applications/protocols.
5991 * Key pinning: Verifying a certificate using trust on first use authentication.
5993 * Key pinning <1>: Certificate verification.
5995 * key sizes: Selecting cryptographic key sizes.
5997 * keying material exporters: Deriving keys for other applications/protocols.
5999 * maximum fragment length: Maximum fragment length negotiation.
6001 * OCSP: OCSP certificate status checking.
6003 * OCSP Functions: OCSP API. (line 6)
6004 * OCSP status request: OCSP status request. (line 6)
6005 * ocsptool: ocsptool Invocation. (line 6)
6006 * ocsptool help: ocsptool Invocation. (line 16)
6007 * Online Certificate Status Protocol: OCSP certificate status checking.
6009 * OpenPGP API: OpenPGP API. (line 6)
6010 * OpenPGP certificates: OpenPGP certificates.
6012 * OpenPGP server: Echo server with OpenPGP authentication.
6014 * OpenSSL: Compatibility with the OpenSSL library.
6016 * OpenSSL encrypted keys: Managing encrypted keys.
6018 * p11tool: p11tool Invocation. (line 6)
6019 * p11tool help: p11tool Invocation. (line 25)
6020 * parameter generation: Parameter generation.
6022 * PCT: On SSL 2 and older protocols.
6024 * PKCS #10: PKCS 10 certificate requests.
6026 * PKCS #11 tokens: Smart cards and HSMs.
6028 * PKCS #12: Managing encrypted keys.
6030 * PKCS #8: Managing encrypted keys.
6032 * Priority strings: Priority Strings. (line 6)
6033 * PSK authentication: Authentication using PSK.
6035 * psktool: psktool Invocation. (line 6)
6036 * psktool help: psktool Invocation. (line 16)
6037 * public key algorithms: Public key algorithms.
6039 * random numbers: Random number generation.
6041 * record padding: On Record Padding. (line 6)
6042 * record protocol: The TLS record protocol.
6044 * renegotiation: Safe renegotiation. (line 6)
6045 * reporting bugs: Bug Reports. (line 6)
6046 * resuming sessions: Resuming Sessions. (line 6)
6047 * resuming sessions <1>: Session resumption. (line 6)
6048 * safe renegotiation: Safe renegotiation. (line 6)
6049 * Secure RTP: SRTP. (line 6)
6050 * server name indication: Server name indication.
6052 * session resumption: Resuming Sessions. (line 6)
6053 * session resumption <1>: Session resumption. (line 6)
6054 * session tickets: Session tickets. (line 6)
6055 * Smart card example: Client using a smart card with TLS.
6057 * smart cards: Smart cards and HSMs.
6059 * SRP authentication: Authentication using SRP.
6061 * srptool: srptool Invocation. (line 6)
6062 * srptool help: srptool Invocation. (line 23)
6063 * SRTP: SRTP. (line 6)
6064 * SSH-style authentication: Verifying a certificate using trust on first use authentication.
6066 * SSH-style authentication <1>: Certificate verification.
6068 * SSL 2: On SSL 2 and older protocols.
6070 * symmetric algorithms: Symmetric algorithms.
6072 * symmetric cryptography: Symmetric algorithms.
6074 * symmetric encryption algorithms: Encryption algorithms used in the record layer.
6076 * thread safety: Thread safety. (line 6)
6077 * tickets: Session tickets. (line 6)
6078 * TLS extensions: TLS Extensions. (line 6)
6079 * TLS extensions <1>: Maximum fragment length negotiation.
6081 * TLS extensions <2>: Server name indication.
6083 * TLS extensions <3>: Session tickets. (line 6)
6084 * TLS extensions <4>: HeartBeat. (line 6)
6085 * TLS layers: TLS layers. (line 6)
6086 * TPM: Trusted Platform Module.
6088 * tpmtool: tpmtool Invocation. (line 6)
6089 * tpmtool help: tpmtool Invocation. (line 15)
6090 * transport layer: The transport layer. (line 6)
6091 * transport protocol: The transport layer. (line 6)
6092 * Trust on first use: Verifying a certificate using trust on first use authentication.
6094 * Trust on first use <1>: Certificate verification.
6096 * trusted platform module: Trusted Platform Module.
6098 * upgrading: Upgrading from previous versions.
6100 * verifying certificate paths: Verifying X.509 certificate paths.
6102 * verifying certificate paths <1>: Verifying a certificate in the context of TLS session.
6104 * verifying certificate paths <2>: Verifying a certificate using trust on first use authentication.
6106 * verifying certificate paths <3>: Verifying a certificate using DANE.
6108 * verifying certificate with pkcs11: Verification using PKCS11.
6110 * X.509 certificates: X.509 certificates. (line 6)
6111 * X.509 distinguished name: X.509 distinguished names.
6113 * X.509 extensions: X.509 extensions. (line 6)
6114 * X.509 Functions: X509 certificate API.