4
4
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
5
5
<title>gnutls</title>
6
6
<meta name="generator" content="DocBook XSL Stylesheets V1.75.2">
7
<link rel="home" href="index.html" title="GNU TLS API Reference Manual">
8
<link rel="up" href="ch01.html" title="GNU TLS API Reference Manual">
9
<link rel="prev" href="ch01.html" title="GNU TLS API Reference Manual">
7
<link rel="home" href="index.html" title="GnuTLS API Reference Manual">
8
<link rel="up" href="intro.html" title="GnuTLS API Reference Manual">
9
<link rel="prev" href="intro.html" title="GnuTLS API Reference Manual">
10
10
<link rel="next" href="gnutls-extra.html" title="extra">
11
<meta name="generator" content="GTK-Doc V1.14 (XML mode)">
11
<meta name="generator" content="GTK-Doc V1.15 (XML mode)">
12
12
<link rel="stylesheet" href="style.css" type="text/css">
14
14
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
15
15
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2">
16
16
<tr valign="middle">
17
<td><a accesskey="p" href="ch01.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
18
<td><a accesskey="u" href="ch01.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
17
<td><a accesskey="p" href="intro.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
18
<td><a accesskey="u" href="intro.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
19
19
<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
20
<th width="100%" align="center">GNU TLS API Reference Manual</th>
20
<th width="100%" align="center">GnuTLS API Reference Manual</th>
21
21
<td><a accesskey="n" href="gnutls-extra.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
23
23
<tr><td colspan="5" class="shortcuts">
66
65
enum <a class="link" href="gnutls-gnutls.html#gnutls-certificate-request-t" title="enum gnutls_certificate_request_t">gnutls_certificate_request_t</a>;
67
66
enum <a class="link" href="gnutls-gnutls.html#gnutls-openpgp-crt-status-t" title="enum gnutls_openpgp_crt_status_t">gnutls_openpgp_crt_status_t</a>;
68
67
enum <a class="link" href="gnutls-gnutls.html#gnutls-close-request-t" title="enum gnutls_close_request_t">gnutls_close_request_t</a>;
69
#define <a class="link" href="gnutls-gnutls.html#GNUTLS-TLS1:CAPS" title="GNUTLS_TLS1">GNUTLS_TLS1</a>
70
68
enum <a class="link" href="gnutls-gnutls.html#gnutls-protocol-t" title="enum gnutls_protocol_t">gnutls_protocol_t</a>;
71
69
enum <a class="link" href="gnutls-gnutls.html#gnutls-certificate-type-t" title="enum gnutls_certificate_type_t">gnutls_certificate_type_t</a>;
72
70
enum <a class="link" href="gnutls-gnutls.html#gnutls-x509-crt-fmt-t" title="enum gnutls_x509_crt_fmt_t">gnutls_x509_crt_fmt_t</a>;
73
71
enum <a class="link" href="gnutls-gnutls.html#gnutls-certificate-print-formats-t" title="enum gnutls_certificate_print_formats_t">gnutls_certificate_print_formats_t</a>;
74
72
enum <a class="link" href="gnutls-gnutls.html#gnutls-pk-algorithm-t" title="enum gnutls_pk_algorithm_t">gnutls_pk_algorithm_t</a>;
75
73
const <span class="returnvalue">char</span> * <a class="link" href="gnutls-gnutls.html#gnutls-pk-algorithm-get-name" title="gnutls_pk_algorithm_get_name ()">gnutls_pk_algorithm_get_name</a> (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-pk-algorithm-t" title="enum gnutls_pk_algorithm_t"><span class="type">gnutls_pk_algorithm_t</span></a> algorithm</code></em>);
76
#define <a class="link" href="gnutls-gnutls.html#GNUTLS-SIGN-RSA-SHA:CAPS" title="GNUTLS_SIGN_RSA_SHA">GNUTLS_SIGN_RSA_SHA</a>
77
#define <a class="link" href="gnutls-gnutls.html#GNUTLS-SIGN-DSA-SHA:CAPS" title="GNUTLS_SIGN_DSA_SHA">GNUTLS_SIGN_DSA_SHA</a>
78
74
enum <a class="link" href="gnutls-gnutls.html#gnutls-sign-algorithm-t" title="enum gnutls_sign_algorithm_t">gnutls_sign_algorithm_t</a>;
79
75
const <span class="returnvalue">char</span> * <a class="link" href="gnutls-gnutls.html#gnutls-sign-algorithm-get-name" title="gnutls_sign_algorithm_get_name ()">gnutls_sign_algorithm_get_name</a> (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-sign-algorithm-t" title="enum gnutls_sign_algorithm_t"><span class="type">gnutls_sign_algorithm_t</span></a> sign</code></em>);
80
76
typedef <a class="link" href="gnutls-gnutls.html#gnutls-transport-ptr-t" title="gnutls_transport_ptr_t">gnutls_transport_ptr_t</a>;
105
101
<a class="link" href="gnutls-gnutls.html#gnutls-mac-algorithm-t" title="enum gnutls_mac_algorithm_t"><span class="returnvalue">gnutls_mac_algorithm_t</span></a> <a class="link" href="gnutls-gnutls.html#gnutls-mac-get" title="gnutls_mac_get ()">gnutls_mac_get</a> (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);
106
102
<a class="link" href="gnutls-gnutls.html#gnutls-compression-method-t" title="enum gnutls_compression_method_t"><span class="returnvalue">gnutls_compression_method_t</span></a> <a class="link" href="gnutls-gnutls.html#gnutls-compression-get" title="gnutls_compression_get ()">gnutls_compression_get</a> (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);
107
103
<a class="link" href="gnutls-gnutls.html#gnutls-certificate-type-t" title="enum gnutls_certificate_type_t"><span class="returnvalue">gnutls_certificate_type_t</span></a> <a class="link" href="gnutls-gnutls.html#gnutls-certificate-type-get" title="gnutls_certificate_type_get ()">gnutls_certificate_type_get</a> (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);
104
<a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> <a class="link" href="gnutls-gnutls.html#gnutls-sign-algorithm-get-requested" title="gnutls_sign_algorithm_get_requested ()">gnutls_sign_algorithm_get_requested</a> (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
105
<em class="parameter"><code><span class="type">size_t</span> indx</code></em>,
106
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-sign-algorithm-t" title="enum gnutls_sign_algorithm_t"><span class="type">gnutls_sign_algorithm_t</span></a> *algo</code></em>);
108
107
<span class="returnvalue">size_t</span> <a class="link" href="gnutls-gnutls.html#gnutls-cipher-get-key-size" title="gnutls_cipher_get_key_size ()">gnutls_cipher_get_key_size</a> (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-cipher-algorithm-t" title="enum gnutls_cipher_algorithm_t"><span class="type">gnutls_cipher_algorithm_t</span></a> algorithm</code></em>);
109
108
<span class="returnvalue">size_t</span> <a class="link" href="gnutls-gnutls.html#gnutls-mac-get-key-size" title="gnutls_mac_get_key_size ()">gnutls_mac_get_key_size</a> (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-mac-algorithm-t" title="enum gnutls_mac_algorithm_t"><span class="type">gnutls_mac_algorithm_t</span></a> algorithm</code></em>);
110
109
const <span class="returnvalue">char</span> * <a class="link" href="gnutls-gnutls.html#gnutls-cipher-get-name" title="gnutls_cipher_get_name ()">gnutls_cipher_get_name</a> (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-cipher-algorithm-t" title="enum gnutls_cipher_algorithm_t"><span class="type">gnutls_cipher_algorithm_t</span></a> algorithm</code></em>);
217
217
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-oprfi-callback-func" title="gnutls_oprfi_callback_func ()"><span class="type">gnutls_oprfi_callback_func</span></a> cb</code></em>,
218
218
<em class="parameter"><code><span class="type">void</span> *userdata</code></em>);
219
219
enum <a class="link" href="gnutls-gnutls.html#gnutls-supplemental-data-format-type-t" title="enum gnutls_supplemental_data_format_type_t">gnutls_supplemental_data_format_type_t</a>;
220
const <span class="returnvalue">char</span> * <a class="link" href="gnutls-gnutls.html#gnutls-supplemental-get-name" title="gnutls_supplemental_get_name ()">gnutls_supplemental_get_name</a> (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-supplemental-data-format-type-t" title="enum gnutls_supplemental_data_format_type_t"><span class="type">gnutls_supplemental_data_format_type_t</span></a> type</code></em>);
220
<a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> <a class="link" href="gnutls-gnutls.html#gnutls-session-ticket-key-generate" title="gnutls_session_ticket_key_generate ()">gnutls_session_ticket_key_generate</a> (<em class="parameter"><code><span class="type">gnutls_datum_t</span> *key</code></em>);
221
<a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> <a class="link" href="gnutls-gnutls.html#gnutls-session-ticket-enable-client" title="gnutls_session_ticket_enable_client ()">gnutls_session_ticket_enable_client</a> (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);
222
<a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> <a class="link" href="gnutls-gnutls.html#gnutls-session-ticket-enable-server" title="gnutls_session_ticket_enable_server ()">gnutls_session_ticket_enable_server</a> (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
223
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *key</code></em>);
221
224
<a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> <a class="link" href="gnutls-gnutls.html#gnutls-cipher-set-priority" title="gnutls_cipher_set_priority ()">gnutls_cipher_set_priority</a> (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
222
225
<em class="parameter"><code>const <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> *list</code></em>);
223
226
<a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> <a class="link" href="gnutls-gnutls.html#gnutls-mac-set-priority" title="gnutls_mac_set_priority ()">gnutls_mac_set_priority</a> (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
880
892
GNUTLS_CIPHER_UNKNOWN = 0,
881
893
GNUTLS_CIPHER_NULL = 1,
882
GNUTLS_CIPHER_ARCFOUR_128,
883
GNUTLS_CIPHER_3DES_CBC,
884
GNUTLS_CIPHER_AES_128_CBC,
885
GNUTLS_CIPHER_AES_256_CBC,
886
GNUTLS_CIPHER_ARCFOUR_40,
887
GNUTLS_CIPHER_CAMELLIA_128_CBC,
888
GNUTLS_CIPHER_CAMELLIA_256_CBC,
894
GNUTLS_CIPHER_ARCFOUR_128 = 2,
895
GNUTLS_CIPHER_3DES_CBC = 3,
896
GNUTLS_CIPHER_AES_128_CBC = 4,
897
GNUTLS_CIPHER_AES_256_CBC = 5,
898
GNUTLS_CIPHER_ARCFOUR_40 = 6,
899
GNUTLS_CIPHER_CAMELLIA_128_CBC = 7,
900
GNUTLS_CIPHER_CAMELLIA_256_CBC = 8,
889
901
GNUTLS_CIPHER_RC2_40_CBC = 90,
890
GNUTLS_CIPHER_DES_CBC,
902
GNUTLS_CIPHER_DES_CBC = 91,
903
GNUTLS_CIPHER_AES_192_CBC = 92,
892
/* used only for PGP internals. Ignored in TLS/SSL
905
/* used only for PGP internals. Ignored in TLS/SSL
894
907
GNUTLS_CIPHER_IDEA_PGP_CFB = 200,
895
GNUTLS_CIPHER_3DES_PGP_CFB,
896
GNUTLS_CIPHER_CAST5_PGP_CFB,
897
GNUTLS_CIPHER_BLOWFISH_PGP_CFB,
898
GNUTLS_CIPHER_SAFER_SK128_PGP_CFB,
899
GNUTLS_CIPHER_AES128_PGP_CFB,
900
GNUTLS_CIPHER_AES192_PGP_CFB,
901
GNUTLS_CIPHER_AES256_PGP_CFB,
902
GNUTLS_CIPHER_TWOFISH_PGP_CFB
908
GNUTLS_CIPHER_3DES_PGP_CFB = 201,
909
GNUTLS_CIPHER_CAST5_PGP_CFB = 202,
910
GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203,
911
GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204,
912
GNUTLS_CIPHER_AES128_PGP_CFB = 205,
913
GNUTLS_CIPHER_AES192_PGP_CFB = 206,
914
GNUTLS_CIPHER_AES256_PGP_CFB = 207,
915
GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208
903
916
} gnutls_cipher_algorithm_t;
919
Enumeration of different symmetric encryption algorithms.
921
<div class="variablelist"><table border="0">
922
<col align="left" valign="top">
925
<td><p><a name="GNUTLS-CIPHER-UNKNOWN:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_UNKNOWN</code></span></p></td>
926
<td>Unknown algorithm.
930
<td><p><a name="GNUTLS-CIPHER-NULL:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_NULL</code></span></p></td>
935
<td><p><a name="GNUTLS-CIPHER-ARCFOUR-128:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_ARCFOUR_128</code></span></p></td>
936
<td>ARCFOUR stream cipher with 128-bit keys.
940
<td><p><a name="GNUTLS-CIPHER-3DES-CBC:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_3DES_CBC</code></span></p></td>
941
<td>3DES in CBC mode.
945
<td><p><a name="GNUTLS-CIPHER-AES-128-CBC:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_AES_128_CBC</code></span></p></td>
946
<td>AES in CBC mode with 128-bit keys.
950
<td><p><a name="GNUTLS-CIPHER-AES-256-CBC:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_AES_256_CBC</code></span></p></td>
951
<td>AES in CBC mode with 256-bit keys.
955
<td><p><a name="GNUTLS-CIPHER-ARCFOUR-40:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_ARCFOUR_40</code></span></p></td>
956
<td>ARCFOUR stream cipher with 40-bit keys.
960
<td><p><a name="GNUTLS-CIPHER-CAMELLIA-128-CBC:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_CAMELLIA_128_CBC</code></span></p></td>
961
<td>Camellia in CBC mode with 128-bit keys.
965
<td><p><a name="GNUTLS-CIPHER-CAMELLIA-256-CBC:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_CAMELLIA_256_CBC</code></span></p></td>
966
<td>Camellia in CBC mode with 256-bit keys.
970
<td><p><a name="GNUTLS-CIPHER-RC2-40-CBC:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_RC2_40_CBC</code></span></p></td>
971
<td>RC2 in CBC mode with 40-bit keys.
975
<td><p><a name="GNUTLS-CIPHER-DES-CBC:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_DES_CBC</code></span></p></td>
976
<td>DES in CBC mode (56-bit keys).
980
<td><p><a name="GNUTLS-CIPHER-AES-192-CBC:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_AES_192_CBC</code></span></p></td>
981
<td>AES in CBC mode with 192-bit keys.
985
<td><p><a name="GNUTLS-CIPHER-IDEA-PGP-CFB:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_IDEA_PGP_CFB</code></span></p></td>
986
<td>IDEA in CFB mode.
990
<td><p><a name="GNUTLS-CIPHER-3DES-PGP-CFB:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_3DES_PGP_CFB</code></span></p></td>
991
<td>3DES in CFB mode.
995
<td><p><a name="GNUTLS-CIPHER-CAST5-PGP-CFB:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_CAST5_PGP_CFB</code></span></p></td>
996
<td>CAST5 in CFB mode.
1000
<td><p><a name="GNUTLS-CIPHER-BLOWFISH-PGP-CFB:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_BLOWFISH_PGP_CFB</code></span></p></td>
1001
<td>Blowfish in CFB mode.
1005
<td><p><a name="GNUTLS-CIPHER-SAFER-SK128-PGP-CFB:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_SAFER_SK128_PGP_CFB</code></span></p></td>
1006
<td>Safer-SK in CFB mode with 128-bit keys.
1010
<td><p><a name="GNUTLS-CIPHER-AES128-PGP-CFB:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_AES128_PGP_CFB</code></span></p></td>
1011
<td>AES in CFB mode with 128-bit keys.
1015
<td><p><a name="GNUTLS-CIPHER-AES192-PGP-CFB:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_AES192_PGP_CFB</code></span></p></td>
1016
<td>AES in CFB mode with 192-bit keys.
1020
<td><p><a name="GNUTLS-CIPHER-AES256-PGP-CFB:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_AES256_PGP_CFB</code></span></p></td>
1021
<td>AES in CFB mode with 256-bit keys.
1025
<td><p><a name="GNUTLS-CIPHER-TWOFISH-PGP-CFB:CAPS"></a><span class="term"><code class="literal">GNUTLS_CIPHER_TWOFISH_PGP_CFB</code></span></p></td>
1026
<td>Twofish in CFB mode.
909
1033
<div class="refsect2" title="enum gnutls_kx_algorithm_t">
913
1037
GNUTLS_KX_UNKNOWN = 0,
914
1038
GNUTLS_KX_RSA = 1,
919
GNUTLS_KX_RSA_EXPORT,
1039
GNUTLS_KX_DHE_DSS = 2,
1040
GNUTLS_KX_DHE_RSA = 3,
1041
GNUTLS_KX_ANON_DH = 4,
1043
GNUTLS_KX_RSA_EXPORT = 6,
1044
GNUTLS_KX_SRP_RSA = 7,
1045
GNUTLS_KX_SRP_DSS = 8,
1047
GNUTLS_KX_DHE_PSK = 10
924
1048
} gnutls_kx_algorithm_t;
1051
Enumeration of different key exchange algorithms.
1053
<div class="variablelist"><table border="0">
1054
<col align="left" valign="top">
1057
<td><p><a name="GNUTLS-KX-UNKNOWN:CAPS"></a><span class="term"><code class="literal">GNUTLS_KX_UNKNOWN</code></span></p></td>
1058
<td>Unknown key-exchange algorithm.
1062
<td><p><a name="GNUTLS-KX-RSA:CAPS"></a><span class="term"><code class="literal">GNUTLS_KX_RSA</code></span></p></td>
1063
<td>RSA key-exchange algorithm.
1067
<td><p><a name="GNUTLS-KX-DHE-DSS:CAPS"></a><span class="term"><code class="literal">GNUTLS_KX_DHE_DSS</code></span></p></td>
1068
<td>DHE-DSS key-exchange algorithm.
1072
<td><p><a name="GNUTLS-KX-DHE-RSA:CAPS"></a><span class="term"><code class="literal">GNUTLS_KX_DHE_RSA</code></span></p></td>
1073
<td>DHE-RSA key-exchange algorithm.
1077
<td><p><a name="GNUTLS-KX-ANON-DH:CAPS"></a><span class="term"><code class="literal">GNUTLS_KX_ANON_DH</code></span></p></td>
1078
<td>Anon-DH key-exchange algorithm.
1082
<td><p><a name="GNUTLS-KX-SRP:CAPS"></a><span class="term"><code class="literal">GNUTLS_KX_SRP</code></span></p></td>
1083
<td>SRP key-exchange algorithm.
1087
<td><p><a name="GNUTLS-KX-RSA-EXPORT:CAPS"></a><span class="term"><code class="literal">GNUTLS_KX_RSA_EXPORT</code></span></p></td>
1088
<td>RSA-EXPORT key-exchange algorithm.
1092
<td><p><a name="GNUTLS-KX-SRP-RSA:CAPS"></a><span class="term"><code class="literal">GNUTLS_KX_SRP_RSA</code></span></p></td>
1093
<td>SRP-RSA key-exchange algorithm.
1097
<td><p><a name="GNUTLS-KX-SRP-DSS:CAPS"></a><span class="term"><code class="literal">GNUTLS_KX_SRP_DSS</code></span></p></td>
1098
<td>SRP-DSS key-exchange algorithm.
1102
<td><p><a name="GNUTLS-KX-PSK:CAPS"></a><span class="term"><code class="literal">GNUTLS_KX_PSK</code></span></p></td>
1103
<td>PSK key-exchange algorithm.
1107
<td><p><a name="GNUTLS-KX-DHE-PSK:CAPS"></a><span class="term"><code class="literal">GNUTLS_KX_DHE_PSK</code></span></p></td>
1108
<td>DHE-PSK key-exchange algorithm.
930
1115
<div class="refsect2" title="enum gnutls_params_type_t">
977
1209
GNUTLS_MAC_UNKNOWN = 0,
978
1210
GNUTLS_MAC_NULL = 1,
986
/* If you add anything here, make sure you align with
987
gnutls_digest_algorithm_t, in particular SHA-224. */
1212
GNUTLS_MAC_SHA1 = 3,
1213
GNUTLS_MAC_RMD160 = 4,
1215
GNUTLS_MAC_SHA256 = 6,
1216
GNUTLS_MAC_SHA384 = 7,
1217
GNUTLS_MAC_SHA512 = 8,
1218
GNUTLS_MAC_SHA224 = 9
1219
/* If you add anything here, make sure you align with
1220
gnutls_digest_algorithm_t. */
988
1221
} gnutls_mac_algorithm_t;
1224
Enumeration of different Message Authentication Code (MAC)
1227
<div class="variablelist"><table border="0">
1228
<col align="left" valign="top">
1231
<td><p><a name="GNUTLS-MAC-UNKNOWN:CAPS"></a><span class="term"><code class="literal">GNUTLS_MAC_UNKNOWN</code></span></p></td>
1232
<td>Unknown MAC algorithm.
1236
<td><p><a name="GNUTLS-MAC-NULL:CAPS"></a><span class="term"><code class="literal">GNUTLS_MAC_NULL</code></span></p></td>
1237
<td>NULL MAC algorithm (empty output).
1241
<td><p><a name="GNUTLS-MAC-MD5:CAPS"></a><span class="term"><code class="literal">GNUTLS_MAC_MD5</code></span></p></td>
1242
<td>HMAC-MD5 algorithm.
1246
<td><p><a name="GNUTLS-MAC-SHA1:CAPS"></a><span class="term"><code class="literal">GNUTLS_MAC_SHA1</code></span></p></td>
1247
<td>HMAC-SHA-1 algorithm.
1251
<td><p><a name="GNUTLS-MAC-RMD160:CAPS"></a><span class="term"><code class="literal">GNUTLS_MAC_RMD160</code></span></p></td>
1252
<td>HMAC-RMD160 algorithm.
1256
<td><p><a name="GNUTLS-MAC-MD2:CAPS"></a><span class="term"><code class="literal">GNUTLS_MAC_MD2</code></span></p></td>
1257
<td>HMAC-MD2 algorithm.
1261
<td><p><a name="GNUTLS-MAC-SHA256:CAPS"></a><span class="term"><code class="literal">GNUTLS_MAC_SHA256</code></span></p></td>
1262
<td>HMAC-SHA-256 algorithm.
1266
<td><p><a name="GNUTLS-MAC-SHA384:CAPS"></a><span class="term"><code class="literal">GNUTLS_MAC_SHA384</code></span></p></td>
1267
<td>HMAC-SHA-384 algorithm.
1271
<td><p><a name="GNUTLS-MAC-SHA512:CAPS"></a><span class="term"><code class="literal">GNUTLS_MAC_SHA512</code></span></p></td>
1272
<td>HMAC-SHA-512 algorithm.
1276
<td><p><a name="GNUTLS-MAC-SHA224:CAPS"></a><span class="term"><code class="literal">GNUTLS_MAC_SHA224</code></span></p></td>
1277
<td>HMAC-SHA-224 algorithm.
994
1284
<div class="refsect2" title="enum gnutls_digest_algorithm_t">
995
1285
<a name="gnutls-digest-algorithm-t"></a><h3>enum gnutls_digest_algorithm_t</h3>
996
1286
<pre class="programlisting"> typedef enum
1288
GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
998
1289
GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
999
1290
GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
1000
1291
GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
1003
1294
GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
1004
1295
GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
1005
1296
GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
1297
GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224
1298
/* If you add anything here, make sure you align with
1299
gnutls_mac_algorithm_t. */
1007
1300
} gnutls_digest_algorithm_t;
1303
Enumeration of different digest (hash) algorithms.
1305
<div class="variablelist"><table border="0">
1306
<col align="left" valign="top">
1309
<td><p><a name="GNUTLS-DIG-UNKNOWN:CAPS"></a><span class="term"><code class="literal">GNUTLS_DIG_UNKNOWN</code></span></p></td>
1310
<td>Unknown hash algorithm.
1314
<td><p><a name="GNUTLS-DIG-NULL:CAPS"></a><span class="term"><code class="literal">GNUTLS_DIG_NULL</code></span></p></td>
1315
<td>NULL hash algorithm (empty output).
1319
<td><p><a name="GNUTLS-DIG-MD5:CAPS"></a><span class="term"><code class="literal">GNUTLS_DIG_MD5</code></span></p></td>
1324
<td><p><a name="GNUTLS-DIG-SHA1:CAPS"></a><span class="term"><code class="literal">GNUTLS_DIG_SHA1</code></span></p></td>
1325
<td>SHA-1 algorithm.
1329
<td><p><a name="GNUTLS-DIG-RMD160:CAPS"></a><span class="term"><code class="literal">GNUTLS_DIG_RMD160</code></span></p></td>
1330
<td>RMD160 algorithm.
1334
<td><p><a name="GNUTLS-DIG-MD2:CAPS"></a><span class="term"><code class="literal">GNUTLS_DIG_MD2</code></span></p></td>
1339
<td><p><a name="GNUTLS-DIG-SHA256:CAPS"></a><span class="term"><code class="literal">GNUTLS_DIG_SHA256</code></span></p></td>
1340
<td>SHA-256 algorithm.
1344
<td><p><a name="GNUTLS-DIG-SHA384:CAPS"></a><span class="term"><code class="literal">GNUTLS_DIG_SHA384</code></span></p></td>
1345
<td>SHA-384 algorithm.
1349
<td><p><a name="GNUTLS-DIG-SHA512:CAPS"></a><span class="term"><code class="literal">GNUTLS_DIG_SHA512</code></span></p></td>
1350
<td>SHA-512 algorithm.
1354
<td><p><a name="GNUTLS-DIG-SHA224:CAPS"></a><span class="term"><code class="literal">GNUTLS_DIG_SHA224</code></span></p></td>
1355
<td>SHA-224 algorithm.
1013
1362
<div class="refsect2" title="GNUTLS_MAX_ALGORITHM_NUM">
1021
<div class="refsect2" title="GNUTLS_COMP_ZLIB">
1022
<a name="GNUTLS-COMP-ZLIB:CAPS"></a><h3>GNUTLS_COMP_ZLIB</h3>
1023
<pre class="programlisting">#define GNUTLS_COMP_ZLIB GNUTLS_COMP_DEFLATE
1029
1370
<div class="refsect2" title="enum gnutls_compression_method_t">
1030
1371
<a name="gnutls-compression-method-t"></a><h3>enum gnutls_compression_method_t</h3>
1031
1372
<pre class="programlisting"> typedef enum
1033
1374
GNUTLS_COMP_UNKNOWN = 0,
1034
1375
GNUTLS_COMP_NULL = 1,
1035
GNUTLS_COMP_DEFLATE,
1036
GNUTLS_COMP_LZO /* only available if gnutls-extra has
1376
GNUTLS_COMP_DEFLATE = 2,
1377
GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE,
1378
GNUTLS_COMP_LZO = 3 /* only available if gnutls-extra has
1037
1379
been initialized
1039
1381
} gnutls_compression_method_t;
1384
Enumeration of different TLS compression methods.
1386
<div class="variablelist"><table border="0">
1387
<col align="left" valign="top">
1390
<td><p><a name="GNUTLS-COMP-UNKNOWN:CAPS"></a><span class="term"><code class="literal">GNUTLS_COMP_UNKNOWN</code></span></p></td>
1391
<td>Unknown compression method.
1395
<td><p><a name="GNUTLS-COMP-NULL:CAPS"></a><span class="term"><code class="literal">GNUTLS_COMP_NULL</code></span></p></td>
1396
<td>The NULL compression method (uncompressed).
1400
<td><p><a name="GNUTLS-COMP-DEFLATE:CAPS"></a><span class="term"><code class="literal">GNUTLS_COMP_DEFLATE</code></span></p></td>
1401
<td>The deflate/zlib compression method.
1405
<td><p><a name="GNUTLS-COMP-ZLIB:CAPS"></a><span class="term"><code class="literal">GNUTLS_COMP_ZLIB</code></span></p></td>
1406
<td>Same as <a class="link" href="gnutls-gnutls.html#GNUTLS-COMP-DEFLATE:CAPS"><code class="literal">GNUTLS_COMP_DEFLATE</code></a>.
1410
<td><p><a name="GNUTLS-COMP-LZO:CAPS"></a><span class="term"><code class="literal">GNUTLS_COMP_LZO</code></span></p></td>
1411
<td>The non-standard LZO compression method.
1045
1418
<div class="refsect2" title="enum gnutls_connection_end_t">
1103
1508
} gnutls_alert_description_t;
1511
Enumeration of different TLS alerts.
1513
<div class="variablelist"><table border="0">
1514
<col align="left" valign="top">
1517
<td><p><a name="GNUTLS-A-CLOSE-NOTIFY:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_CLOSE_NOTIFY</code></span></p></td>
1522
<td><p><a name="GNUTLS-A-UNEXPECTED-MESSAGE:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_UNEXPECTED_MESSAGE</code></span></p></td>
1523
<td>Unexpected message.
1527
<td><p><a name="GNUTLS-A-BAD-RECORD-MAC:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_BAD_RECORD_MAC</code></span></p></td>
1532
<td><p><a name="GNUTLS-A-DECRYPTION-FAILED:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_DECRYPTION_FAILED</code></span></p></td>
1533
<td>Decryption failed.
1537
<td><p><a name="GNUTLS-A-RECORD-OVERFLOW:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_RECORD_OVERFLOW</code></span></p></td>
1538
<td>Record overflow.
1542
<td><p><a name="GNUTLS-A-DECOMPRESSION-FAILURE:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_DECOMPRESSION_FAILURE</code></span></p></td>
1543
<td>Decompression failed.
1547
<td><p><a name="GNUTLS-A-HANDSHAKE-FAILURE:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_HANDSHAKE_FAILURE</code></span></p></td>
1548
<td>Handshake failed.
1552
<td><p><a name="GNUTLS-A-SSL3-NO-CERTIFICATE:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_SSL3_NO_CERTIFICATE</code></span></p></td>
1557
<td><p><a name="GNUTLS-A-BAD-CERTIFICATE:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_BAD_CERTIFICATE</code></span></p></td>
1558
<td>Certificate is bad.
1562
<td><p><a name="GNUTLS-A-UNSUPPORTED-CERTIFICATE:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_UNSUPPORTED_CERTIFICATE</code></span></p></td>
1563
<td>Certificate is not supported.
1567
<td><p><a name="GNUTLS-A-CERTIFICATE-REVOKED:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_CERTIFICATE_REVOKED</code></span></p></td>
1568
<td>Certificate was revoked.
1572
<td><p><a name="GNUTLS-A-CERTIFICATE-EXPIRED:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_CERTIFICATE_EXPIRED</code></span></p></td>
1573
<td>Certificate is expired.
1577
<td><p><a name="GNUTLS-A-CERTIFICATE-UNKNOWN:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_CERTIFICATE_UNKNOWN</code></span></p></td>
1578
<td>Unknown certificate.
1582
<td><p><a name="GNUTLS-A-ILLEGAL-PARAMETER:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_ILLEGAL_PARAMETER</code></span></p></td>
1583
<td>Illegal parameter.
1587
<td><p><a name="GNUTLS-A-UNKNOWN-CA:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_UNKNOWN_CA</code></span></p></td>
1592
<td><p><a name="GNUTLS-A-ACCESS-DENIED:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_ACCESS_DENIED</code></span></p></td>
1593
<td>Access was denied.
1597
<td><p><a name="GNUTLS-A-DECODE-ERROR:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_DECODE_ERROR</code></span></p></td>
1602
<td><p><a name="GNUTLS-A-DECRYPT-ERROR:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_DECRYPT_ERROR</code></span></p></td>
1607
<td><p><a name="GNUTLS-A-EXPORT-RESTRICTION:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_EXPORT_RESTRICTION</code></span></p></td>
1608
<td>Export restriction.
1612
<td><p><a name="GNUTLS-A-PROTOCOL-VERSION:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_PROTOCOL_VERSION</code></span></p></td>
1613
<td>Error in protocol version.
1617
<td><p><a name="GNUTLS-A-INSUFFICIENT-SECURITY:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_INSUFFICIENT_SECURITY</code></span></p></td>
1618
<td>Insufficient security.
1622
<td><p><a name="GNUTLS-A-INTERNAL-ERROR:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_INTERNAL_ERROR</code></span></p></td>
1627
<td><p><a name="GNUTLS-A-USER-CANCELED:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_USER_CANCELED</code></span></p></td>
1632
<td><p><a name="GNUTLS-A-NO-RENEGOTIATION:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_NO_RENEGOTIATION</code></span></p></td>
1633
<td>No renegotiation is allowed.
1637
<td><p><a name="GNUTLS-A-UNSUPPORTED-EXTENSION:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_UNSUPPORTED_EXTENSION</code></span></p></td>
1638
<td>An unsupported extension was
1643
<td><p><a name="GNUTLS-A-CERTIFICATE-UNOBTAINABLE:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_CERTIFICATE_UNOBTAINABLE</code></span></p></td>
1644
<td>Could not retrieve the
1645
specified certificate.
1649
<td><p><a name="GNUTLS-A-UNRECOGNIZED-NAME:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_UNRECOGNIZED_NAME</code></span></p></td>
1650
<td>The server name sent was not
1655
<td><p><a name="GNUTLS-A-UNKNOWN-PSK-IDENTITY:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_UNKNOWN_PSK_IDENTITY</code></span></p></td>
1656
<td>The SRP/PSK username is missing
1661
<td><p><a name="GNUTLS-A-INNER-APPLICATION-FAILURE:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_INNER_APPLICATION_FAILURE</code></span></p></td>
1662
<td>Inner application
1667
<td><p><a name="GNUTLS-A-INNER-APPLICATION-VERIFICATION:CAPS"></a><span class="term"><code class="literal">GNUTLS_A_INNER_APPLICATION_VERIFICATION</code></span></p></td>
1668
<td>Inner application
1669
verification failed.
1109
1676
<div class="refsect2" title="enum gnutls_handshake_description_t">
1110
1677
<a name="gnutls-handshake-description-t"></a><h3>enum gnutls_handshake_description_t</h3>
1111
1678
<pre class="programlisting"> typedef enum
1112
{ GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
1680
GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
1113
1681
GNUTLS_HANDSHAKE_CLIENT_HELLO = 1,
1114
1682
GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
1683
GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4,
1115
1684
GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
1116
1685
GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
1117
1686
GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
1123
1692
} gnutls_handshake_description_t;
1695
Enumeration of different TLS handshake packets.
1697
<div class="variablelist"><table border="0">
1698
<col align="left" valign="top">
1701
<td><p><a name="GNUTLS-HANDSHAKE-HELLO-REQUEST:CAPS"></a><span class="term"><code class="literal">GNUTLS_HANDSHAKE_HELLO_REQUEST</code></span></p></td>
1706
<td><p><a name="GNUTLS-HANDSHAKE-CLIENT-HELLO:CAPS"></a><span class="term"><code class="literal">GNUTLS_HANDSHAKE_CLIENT_HELLO</code></span></p></td>
1711
<td><p><a name="GNUTLS-HANDSHAKE-SERVER-HELLO:CAPS"></a><span class="term"><code class="literal">GNUTLS_HANDSHAKE_SERVER_HELLO</code></span></p></td>
1716
<td><p><a name="GNUTLS-HANDSHAKE-NEW-SESSION-TICKET:CAPS"></a><span class="term"><code class="literal">GNUTLS_HANDSHAKE_NEW_SESSION_TICKET</code></span></p></td>
1717
<td>New session ticket.
1721
<td><p><a name="GNUTLS-HANDSHAKE-CERTIFICATE-PKT:CAPS"></a><span class="term"><code class="literal">GNUTLS_HANDSHAKE_CERTIFICATE_PKT</code></span></p></td>
1722
<td>Certificate packet.
1726
<td><p><a name="GNUTLS-HANDSHAKE-SERVER-KEY-EXCHANGE:CAPS"></a><span class="term"><code class="literal">GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE</code></span></p></td>
1727
<td>Server key exchange.
1731
<td><p><a name="GNUTLS-HANDSHAKE-CERTIFICATE-REQUEST:CAPS"></a><span class="term"><code class="literal">GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST</code></span></p></td>
1732
<td>Certificate request.
1736
<td><p><a name="GNUTLS-HANDSHAKE-SERVER-HELLO-DONE:CAPS"></a><span class="term"><code class="literal">GNUTLS_HANDSHAKE_SERVER_HELLO_DONE</code></span></p></td>
1737
<td>Server hello done.
1741
<td><p><a name="GNUTLS-HANDSHAKE-CERTIFICATE-VERIFY:CAPS"></a><span class="term"><code class="literal">GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY</code></span></p></td>
1742
<td>Certificate verify.
1746
<td><p><a name="GNUTLS-HANDSHAKE-CLIENT-KEY-EXCHANGE:CAPS"></a><span class="term"><code class="literal">GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE</code></span></p></td>
1747
<td>Client key exchange.
1751
<td><p><a name="GNUTLS-HANDSHAKE-FINISHED:CAPS"></a><span class="term"><code class="literal">GNUTLS_HANDSHAKE_FINISHED</code></span></p></td>
1756
<td><p><a name="GNUTLS-HANDSHAKE-SUPPLEMENTAL:CAPS"></a><span class="term"><code class="literal">GNUTLS_HANDSHAKE_SUPPLEMENTAL</code></span></p></td>
1129
1764
<div class="refsect2" title="enum gnutls_certificate_status_t">
1130
1765
<a name="gnutls-certificate-status-t"></a><h3>enum gnutls_certificate_status_t</h3>
1131
1766
<pre class="programlisting"> typedef enum
1133
GNUTLS_CERT_INVALID = 2, /* will be set if the certificate
1136
GNUTLS_CERT_REVOKED = 32, /* in X.509 this will be set only if CRLs are checked
1139
/* Those are extra information about the verification
1140
* process. Will be set only if the certificate was
1768
GNUTLS_CERT_INVALID = 2,
1769
GNUTLS_CERT_REVOKED = 32,
1143
1770
GNUTLS_CERT_SIGNER_NOT_FOUND = 64,
1144
1771
GNUTLS_CERT_SIGNER_NOT_CA = 128,
1145
1772
GNUTLS_CERT_INSECURE_ALGORITHM = 256,
1147
/* Time verification.
1149
1773
GNUTLS_CERT_NOT_ACTIVATED = 512,
1150
1774
GNUTLS_CERT_EXPIRED = 1024
1152
1775
} gnutls_certificate_status_t;
1778
Enumeration of certificate status codes. Note that the status
1779
bits have different meanings in OpenPGP keys and X.509
1780
certificate verification.
1782
<div class="variablelist"><table border="0">
1783
<col align="left" valign="top">
1786
<td><p><a name="GNUTLS-CERT-INVALID:CAPS"></a><span class="term"><code class="literal">GNUTLS_CERT_INVALID</code></span></p></td>
1787
<td>Will be set if the certificate was not
1792
<td><p><a name="GNUTLS-CERT-REVOKED:CAPS"></a><span class="term"><code class="literal">GNUTLS_CERT_REVOKED</code></span></p></td>
1793
<td>Certificate revoked. In X.509 this will be
1794
set only if CRLs are checked.
1798
<td><p><a name="GNUTLS-CERT-SIGNER-NOT-FOUND:CAPS"></a><span class="term"><code class="literal">GNUTLS_CERT_SIGNER_NOT_FOUND</code></span></p></td>
1799
<td>Certificate not verified. Signer
1804
<td><p><a name="GNUTLS-CERT-SIGNER-NOT-CA:CAPS"></a><span class="term"><code class="literal">GNUTLS_CERT_SIGNER_NOT_CA</code></span></p></td>
1805
<td>Certificate not verified. Signer
1806
not a CA certificate.
1810
<td><p><a name="GNUTLS-CERT-INSECURE-ALGORITHM:CAPS"></a><span class="term"><code class="literal">GNUTLS_CERT_INSECURE_ALGORITHM</code></span></p></td>
1811
<td>Certificate not verified,
1816
<td><p><a name="GNUTLS-CERT-NOT-ACTIVATED:CAPS"></a><span class="term"><code class="literal">GNUTLS_CERT_NOT_ACTIVATED</code></span></p></td>
1817
<td>Certificate not yet activated.
1821
<td><p><a name="GNUTLS-CERT-EXPIRED:CAPS"></a><span class="term"><code class="literal">GNUTLS_CERT_EXPIRED</code></span></p></td>
1822
<td>Certificate expired.
1158
1829
<div class="refsect2" title="enum gnutls_certificate_request_t">
1159
1830
<a name="gnutls-certificate-request-t"></a><h3>enum gnutls_certificate_request_t</h3>
1160
1831
<pre class="programlisting"> typedef enum
1833
GNUTLS_CERT_IGNORE = 0,
1163
1834
GNUTLS_CERT_REQUEST = 1,
1835
GNUTLS_CERT_REQUIRE = 2
1165
1836
} gnutls_certificate_request_t;
1839
Enumeration of certificate request types.
1841
<div class="variablelist"><table border="0">
1842
<col align="left" valign="top">
1845
<td><p><a name="GNUTLS-CERT-IGNORE:CAPS"></a><span class="term"><code class="literal">GNUTLS_CERT_IGNORE</code></span></p></td>
1846
<td>Ignore certificate.
1850
<td><p><a name="GNUTLS-CERT-REQUEST:CAPS"></a><span class="term"><code class="literal">GNUTLS_CERT_REQUEST</code></span></p></td>
1851
<td>Request certificate.
1855
<td><p><a name="GNUTLS-CERT-REQUIRE:CAPS"></a><span class="term"><code class="literal">GNUTLS_CERT_REQUIRE</code></span></p></td>
1856
<td>Require certificate.
1171
1863
<div class="refsect2" title="enum gnutls_openpgp_crt_status_t">
1172
1864
<a name="gnutls-openpgp-crt-status-t"></a><h3>enum gnutls_openpgp_crt_status_t</h3>
1173
1865
<pre class="programlisting"> typedef enum
1174
{ GNUTLS_OPENPGP_CERT,
1175
GNUTLS_OPENPGP_CERT_FINGERPRINT
1867
GNUTLS_OPENPGP_CERT = 0,
1868
GNUTLS_OPENPGP_CERT_FINGERPRINT = 1
1176
1869
} gnutls_openpgp_crt_status_t;
1872
Enumeration of ways to send OpenPGP certificate.
1874
<div class="variablelist"><table border="0">
1875
<col align="left" valign="top">
1878
<td><p><a name="GNUTLS-OPENPGP-CERT:CAPS"></a><span class="term"><code class="literal">GNUTLS_OPENPGP_CERT</code></span></p></td>
1879
<td>Send entire certificate.
1883
<td><p><a name="GNUTLS-OPENPGP-CERT-FINGERPRINT:CAPS"></a><span class="term"><code class="literal">GNUTLS_OPENPGP_CERT_FINGERPRINT</code></span></p></td>
1884
<td>Send only certificate fingerprint.
1182
1891
<div class="refsect2" title="enum gnutls_close_request_t">
1204
1921
<pre class="programlisting"> typedef enum
1206
1923
GNUTLS_SSL3 = 1,
1925
GNUTLS_TLS1 = GNUTLS_TLS1_0,
1928
GNUTLS_VERSION_MAX = GNUTLS_TLS1_2,
1210
1929
GNUTLS_VERSION_UNKNOWN = 0xff
1211
1930
} gnutls_protocol_t;
1933
Enumeration of different SSL/TLS protocol versions.
1935
<div class="variablelist"><table border="0">
1936
<col align="left" valign="top">
1939
<td><p><a name="GNUTLS-SSL3:CAPS"></a><span class="term"><code class="literal">GNUTLS_SSL3</code></span></p></td>
1940
<td>SSL version 3.0.
1944
<td><p><a name="GNUTLS-TLS1-0:CAPS"></a><span class="term"><code class="literal">GNUTLS_TLS1_0</code></span></p></td>
1945
<td>TLS version 1.0.
1949
<td><p><a name="GNUTLS-TLS1:CAPS"></a><span class="term"><code class="literal">GNUTLS_TLS1</code></span></p></td>
1950
<td>Same as <a class="link" href="gnutls-gnutls.html#GNUTLS-TLS1-0:CAPS"><code class="literal">GNUTLS_TLS1_0</code></a>.
1954
<td><p><a name="GNUTLS-TLS1-1:CAPS"></a><span class="term"><code class="literal">GNUTLS_TLS1_1</code></span></p></td>
1955
<td>TLS version 1.1.
1959
<td><p><a name="GNUTLS-TLS1-2:CAPS"></a><span class="term"><code class="literal">GNUTLS_TLS1_2</code></span></p></td>
1960
<td>TLS version 1.2.
1964
<td><p><a name="GNUTLS-VERSION-MAX:CAPS"></a><span class="term"><code class="literal">GNUTLS_VERSION_MAX</code></span></p></td>
1965
<td>Maps to the highest supported TLS version.
1969
<td><p><a name="GNUTLS-VERSION-UNKNOWN:CAPS"></a><span class="term"><code class="literal">GNUTLS_VERSION_UNKNOWN</code></span></p></td>
1970
<td>Unknown SSL/TLS version.
1217
1977
<div class="refsect2" title="enum gnutls_certificate_type_t">
1221
1981
GNUTLS_CRT_UNKNOWN = 0,
1222
1982
GNUTLS_CRT_X509 = 1,
1983
GNUTLS_CRT_OPENPGP = 2
1224
1984
} gnutls_certificate_type_t;
1987
Enumeration of different certificate types.
1989
<div class="variablelist"><table border="0">
1990
<col align="left" valign="top">
1993
<td><p><a name="GNUTLS-CRT-UNKNOWN:CAPS"></a><span class="term"><code class="literal">GNUTLS_CRT_UNKNOWN</code></span></p></td>
1994
<td>Unknown certificate type.
1998
<td><p><a name="GNUTLS-CRT-X509:CAPS"></a><span class="term"><code class="literal">GNUTLS_CRT_X509</code></span></p></td>
1999
<td>X.509 Certificate.
2003
<td><p><a name="GNUTLS-CRT-OPENPGP:CAPS"></a><span class="term"><code class="literal">GNUTLS_CRT_OPENPGP</code></span></p></td>
2004
<td>OpenPGP certificate.
1230
2011
<div class="refsect2" title="enum gnutls_x509_crt_fmt_t">
1231
2012
<a name="gnutls-x509-crt-fmt-t"></a><h3>enum gnutls_x509_crt_fmt_t</h3>
1232
2013
<pre class="programlisting"> typedef enum
1234
GNUTLS_X509_FMT_DER,
2015
GNUTLS_X509_FMT_DER = 0,
2016
GNUTLS_X509_FMT_PEM = 1
1236
2017
} gnutls_x509_crt_fmt_t;
2020
Enumeration of different certificate encoding formats.
2022
<div class="variablelist"><table border="0">
2023
<col align="left" valign="top">
2026
<td><p><a name="GNUTLS-X509-FMT-DER:CAPS"></a><span class="term"><code class="literal">GNUTLS_X509_FMT_DER</code></span></p></td>
2027
<td>X.509 certificate in DER format (binary).
2031
<td><p><a name="GNUTLS-X509-FMT-PEM:CAPS"></a><span class="term"><code class="literal">GNUTLS_X509_FMT_PEM</code></span></p></td>
2032
<td>X.509 certificate in PEM format (text).
1242
2039
<div class="refsect2" title="enum gnutls_certificate_print_formats_t">
1243
2040
<a name="gnutls-certificate-print-formats-t"></a><h3>enum gnutls_certificate_print_formats_t</h3>
1244
2041
<pre class="programlisting"> typedef enum gnutls_certificate_print_formats
1246
GNUTLS_CRT_PRINT_FULL,
1247
GNUTLS_CRT_PRINT_ONELINE,
1248
GNUTLS_CRT_PRINT_UNSIGNED_FULL
1249
} gnutls_certificate_print_formats_t;
2043
GNUTLS_CRT_PRINT_FULL = 0,
2044
GNUTLS_CRT_PRINT_ONELINE = 1,
2045
GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2
2046
} gnutls_certificate_print_formats_t;
2049
Enumeration of different certificate printing variants.
2051
<div class="variablelist"><table border="0">
2052
<col align="left" valign="top">
2055
<td><p><a name="GNUTLS-CRT-PRINT-FULL:CAPS"></a><span class="term"><code class="literal">GNUTLS_CRT_PRINT_FULL</code></span></p></td>
2056
<td>Full information about certificate.
2060
<td><p><a name="GNUTLS-CRT-PRINT-ONELINE:CAPS"></a><span class="term"><code class="literal">GNUTLS_CRT_PRINT_ONELINE</code></span></p></td>
2061
<td>Information about certificate in one line.
2065
<td><p><a name="GNUTLS-CRT-PRINT-UNSIGNED-FULL:CAPS"></a><span class="term"><code class="literal">GNUTLS_CRT_PRINT_UNSIGNED_FULL</code></span></p></td>
2066
<td>All info for an unsigned certificate.
1255
2073
<div class="refsect2" title="enum gnutls_pk_algorithm_t">
1259
2077
GNUTLS_PK_UNKNOWN = 0,
1260
2078
GNUTLS_PK_RSA = 1,
1262
2080
} gnutls_pk_algorithm_t;
2083
Enumeration of different public-key algorithms.
2085
<div class="variablelist"><table border="0">
2086
<col align="left" valign="top">
2089
<td><p><a name="GNUTLS-PK-UNKNOWN:CAPS"></a><span class="term"><code class="literal">GNUTLS_PK_UNKNOWN</code></span></p></td>
2090
<td>Unknown public-key algorithm.
2094
<td><p><a name="GNUTLS-PK-RSA:CAPS"></a><span class="term"><code class="literal">GNUTLS_PK_RSA</code></span></p></td>
2095
<td>RSA public-key algorithm.
2099
<td><p><a name="GNUTLS-PK-DSA:CAPS"></a><span class="term"><code class="literal">GNUTLS_PK_DSA</code></span></p></td>
2100
<td>DSA public-key algorithm.
1268
2107
<div class="refsect2" title="gnutls_pk_algorithm_get_name ()">
1269
2108
<a name="gnutls-pk-algorithm-get-name"></a><h3>gnutls_pk_algorithm_get_name ()</h3>
1270
2109
<pre class="programlisting">const <span class="returnvalue">char</span> * gnutls_pk_algorithm_get_name (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-pk-algorithm-t" title="enum gnutls_pk_algorithm_t"><span class="type">gnutls_pk_algorithm_t</span></a> algorithm</code></em>);</pre>
2111
Convert a <a class="link" href="gnutls-gnutls.html#gnutls-pk-algorithm-t" title="enum gnutls_pk_algorithm_t"><span class="type">gnutls_pk_algorithm_t</span></a> value to a string.
1273
2113
<div class="variablelist"><table border="0">
1274
2114
<col align="left" valign="top">
1277
2117
<td><p><span class="term"><em class="parameter"><code>algorithm</code></em> :</span></p></td>
2118
<td>is a pk algorithm
1282
2122
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
2123
<td> a string that contains the name of the specified public
2124
key algorithm, or <code class="literal">NULL</code>.
1290
<div class="refsect2" title="GNUTLS_SIGN_RSA_SHA">
1291
<a name="GNUTLS-SIGN-RSA-SHA:CAPS"></a><h3>GNUTLS_SIGN_RSA_SHA</h3>
1292
<pre class="programlisting">#define GNUTLS_SIGN_RSA_SHA GNUTLS_SIGN_RSA_SHA1
1298
<div class="refsect2" title="GNUTLS_SIGN_DSA_SHA">
1299
<a name="GNUTLS-SIGN-DSA-SHA:CAPS"></a><h3>GNUTLS_SIGN_DSA_SHA</h3>
1300
<pre class="programlisting">#define GNUTLS_SIGN_DSA_SHA GNUTLS_SIGN_DSA_SHA1
1306
2131
<div class="refsect2" title="enum gnutls_sign_algorithm_t">
1307
2132
<a name="gnutls-sign-algorithm-t"></a><h3>enum gnutls_sign_algorithm_t</h3>
1308
2133
<pre class="programlisting"> typedef enum
1310
2135
GNUTLS_SIGN_UNKNOWN = 0,
1311
2136
GNUTLS_SIGN_RSA_SHA1 = 1,
1312
GNUTLS_SIGN_DSA_SHA1,
1313
GNUTLS_SIGN_RSA_MD5,
1314
GNUTLS_SIGN_RSA_MD2,
1315
GNUTLS_SIGN_RSA_RMD160,
1316
GNUTLS_SIGN_RSA_SHA256,
1317
GNUTLS_SIGN_RSA_SHA384,
1318
GNUTLS_SIGN_RSA_SHA512,
1319
GNUTLS_SIGN_RSA_SHA224
2137
GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
2138
GNUTLS_SIGN_DSA_SHA1 = 2,
2139
GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
2140
GNUTLS_SIGN_RSA_MD5 = 3,
2141
GNUTLS_SIGN_RSA_MD2 = 4,
2142
GNUTLS_SIGN_RSA_RMD160 = 5,
2143
GNUTLS_SIGN_RSA_SHA256 = 6,
2144
GNUTLS_SIGN_RSA_SHA384 = 7,
2145
GNUTLS_SIGN_RSA_SHA512 = 8,
2146
GNUTLS_SIGN_RSA_SHA224 = 9
1320
2147
} gnutls_sign_algorithm_t;
2150
Enumeration of different digital signature algorithms.
2152
<div class="variablelist"><table border="0">
2153
<col align="left" valign="top">
2156
<td><p><a name="GNUTLS-SIGN-UNKNOWN:CAPS"></a><span class="term"><code class="literal">GNUTLS_SIGN_UNKNOWN</code></span></p></td>
2157
<td>Unknown signature algorithm.
2161
<td><p><a name="GNUTLS-SIGN-RSA-SHA1:CAPS"></a><span class="term"><code class="literal">GNUTLS_SIGN_RSA_SHA1</code></span></p></td>
2162
<td>Digital signature algorithm RSA with SHA-1
2166
<td><p><a name="GNUTLS-SIGN-RSA-SHA:CAPS"></a><span class="term"><code class="literal">GNUTLS_SIGN_RSA_SHA</code></span></p></td>
2167
<td>Same as <a class="link" href="gnutls-gnutls.html#GNUTLS-SIGN-RSA-SHA1:CAPS"><code class="literal">GNUTLS_SIGN_RSA_SHA1</code></a>.
2171
<td><p><a name="GNUTLS-SIGN-DSA-SHA1:CAPS"></a><span class="term"><code class="literal">GNUTLS_SIGN_DSA_SHA1</code></span></p></td>
2172
<td>Digital signature algorithm DSA with SHA-1
2176
<td><p><a name="GNUTLS-SIGN-DSA-SHA:CAPS"></a><span class="term"><code class="literal">GNUTLS_SIGN_DSA_SHA</code></span></p></td>
2177
<td>Same as <a class="link" href="gnutls-gnutls.html#GNUTLS-SIGN-DSA-SHA1:CAPS"><code class="literal">GNUTLS_SIGN_DSA_SHA1</code></a>.
2181
<td><p><a name="GNUTLS-SIGN-RSA-MD5:CAPS"></a><span class="term"><code class="literal">GNUTLS_SIGN_RSA_MD5</code></span></p></td>
2182
<td>Digital signature algorithm RSA with MD5.
2186
<td><p><a name="GNUTLS-SIGN-RSA-MD2:CAPS"></a><span class="term"><code class="literal">GNUTLS_SIGN_RSA_MD2</code></span></p></td>
2187
<td>Digital signature algorithm RSA with MD2.
2191
<td><p><a name="GNUTLS-SIGN-RSA-RMD160:CAPS"></a><span class="term"><code class="literal">GNUTLS_SIGN_RSA_RMD160</code></span></p></td>
2192
<td>Digital signature algorithm RSA with RMD-160.
2196
<td><p><a name="GNUTLS-SIGN-RSA-SHA256:CAPS"></a><span class="term"><code class="literal">GNUTLS_SIGN_RSA_SHA256</code></span></p></td>
2197
<td>Digital signature algorithm RSA with SHA-256.
2201
<td><p><a name="GNUTLS-SIGN-RSA-SHA384:CAPS"></a><span class="term"><code class="literal">GNUTLS_SIGN_RSA_SHA384</code></span></p></td>
2202
<td>Digital signature algorithm RSA with SHA-384.
2206
<td><p><a name="GNUTLS-SIGN-RSA-SHA512:CAPS"></a><span class="term"><code class="literal">GNUTLS_SIGN_RSA_SHA512</code></span></p></td>
2207
<td>Digital signature algorithm RSA with SHA-512.
2211
<td><p><a name="GNUTLS-SIGN-RSA-SHA224:CAPS"></a><span class="term"><code class="literal">GNUTLS_SIGN_RSA_SHA224</code></span></p></td>
2212
<td>Digital signature algorithm RSA with SHA-224.
1326
2219
<div class="refsect2" title="gnutls_sign_algorithm_get_name ()">
1327
2220
<a name="gnutls-sign-algorithm-get-name"></a><h3>gnutls_sign_algorithm_get_name ()</h3>
1328
2221
<pre class="programlisting">const <span class="returnvalue">char</span> * gnutls_sign_algorithm_get_name (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-sign-algorithm-t" title="enum gnutls_sign_algorithm_t"><span class="type">gnutls_sign_algorithm_t</span></a> sign</code></em>);</pre>
2223
Convert a <a class="link" href="gnutls-gnutls.html#gnutls-sign-algorithm-t" title="enum gnutls_sign_algorithm_t"><span class="type">gnutls_sign_algorithm_t</span></a> value to a string.
1331
2225
<div class="variablelist"><table border="0">
1332
2226
<col align="left" valign="top">
1335
2229
<td><p><span class="term"><em class="parameter"><code>sign</code></em> :</span></p></td>
2230
<td>is a sign algorithm
1340
2234
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
2235
<td> a string that contains the name of the specified sign
2236
algorithm, or <code class="literal">NULL</code>.
1418
2313
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_init (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> *session</code></em>,
1419
2314
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-connection-end-t" title="enum gnutls_connection_end_t"><span class="type">gnutls_connection_end_t</span></a> con_end</code></em>);</pre>
2316
This function initializes the current session to null. Every
2317
session must be initialized before use, so internal structures can
2318
be allocated. This function allocates structures which can only
2319
be free'd by calling <a class="link" href="gnutls-gnutls.html#gnutls-deinit" title="gnutls_deinit ()"><code class="function">gnutls_deinit()</code></a>. Returns zero on success.
2322
<em class="parameter"><code>con_end</code></em> can be one of <a class="link" href="gnutls-gnutls.html#GNUTLS-CLIENT:CAPS"><code class="literal">GNUTLS_CLIENT</code></a> and <a class="link" href="gnutls-gnutls.html#GNUTLS-SERVER:CAPS"><code class="literal">GNUTLS_SERVER</code></a>.
1422
2324
<div class="variablelist"><table border="0">
1423
2325
<col align="left" valign="top">
1426
2328
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
2329
<td>is a pointer to a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
1431
2333
<td><p><span class="term"><em class="parameter"><code>con_end</code></em> :</span></p></td>
2334
<td>indicate if this session is to be used for server or client.
1436
2338
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
2339
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
1461
2366
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_bye (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
1462
2367
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-close-request-t" title="enum gnutls_close_request_t"><span class="type">gnutls_close_request_t</span></a> how</code></em>);</pre>
2369
Terminates the current TLS/SSL connection. The connection should
2370
have been initiated using <a class="link" href="gnutls-gnutls.html#gnutls-handshake" title="gnutls_handshake ()"><code class="function">gnutls_handshake()</code></a>. <em class="parameter"><code>how</code></em> should be one
2371
of <a class="link" href="gnutls-gnutls.html#GNUTLS-SHUT-RDWR:CAPS"><code class="literal">GNUTLS_SHUT_RDWR</code></a>, <a class="link" href="gnutls-gnutls.html#GNUTLS-SHUT-WR:CAPS"><code class="literal">GNUTLS_SHUT_WR</code></a>.
2374
In case of <a class="link" href="gnutls-gnutls.html#GNUTLS-SHUT-RDWR:CAPS"><code class="literal">GNUTLS_SHUT_RDWR</code></a> then the TLS connection gets
2375
terminated and further receives and sends will be disallowed. If
2376
the return value is zero you may continue using the connection.
2377
<a class="link" href="gnutls-gnutls.html#GNUTLS-SHUT-RDWR:CAPS"><code class="literal">GNUTLS_SHUT_RDWR</code></a> actually sends an alert containing a close
2378
request and waits for the peer to reply with the same message.
2381
In case of <a class="link" href="gnutls-gnutls.html#GNUTLS-SHUT-WR:CAPS"><code class="literal">GNUTLS_SHUT_WR</code></a> then the TLS connection gets terminated
2382
and further sends will be disallowed. In order to reuse the
2383
connection you should wait for an EOF from the peer.
2384
<a class="link" href="gnutls-gnutls.html#GNUTLS-SHUT-WR:CAPS"><code class="literal">GNUTLS_SHUT_WR</code></a> sends an alert containing a close request.
2387
Note that not all implementations will properly terminate a TLS
2388
connection. Some of them, usually for performance reasons, will
2389
terminate only the underlying transport layer, thus causing a
2390
transmission error to the peer. This error cannot be
2391
distinguished from a malicious party prematurely terminating the
2392
session, thus this behavior is not recommended.
2395
This function may also return <a class="link" href="gnutls-gnutls.html#GNUTLS-E-AGAIN:CAPS" title="GNUTLS_E_AGAIN"><code class="literal">GNUTLS_E_AGAIN</code></a> or
2396
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-INTERRUPTED:CAPS" title="GNUTLS_E_INTERRUPTED"><code class="literal">GNUTLS_E_INTERRUPTED</code></a>; cf. <a class="link" href="gnutls-gnutls.html#gnutls-record-get-direction" title="gnutls_record_get_direction ()"><code class="function">gnutls_record_get_direction()</code></a>.
1465
2398
<div class="variablelist"><table border="0">
1466
2399
<col align="left" valign="top">
1469
2402
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
2403
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
1474
2407
<td><p><span class="term"><em class="parameter"><code>how</code></em> :</span></p></td>
1479
2412
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
2413
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code, see
2414
function documentation for entire semantics.
1488
2422
<a name="gnutls-handshake"></a><h3>gnutls_handshake ()</h3>
1489
2423
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_handshake (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
2425
This function does the handshake of the TLS/SSL protocol, and
2426
initializes the TLS connection.
2429
This function will fail if any problem is encountered, and will
2430
return a negative error code. In case of a client, if the client
2431
has asked to resume a session, but the server couldn't, then a
2432
full handshake will be performed.
2435
The non-fatal errors such as <a class="link" href="gnutls-gnutls.html#GNUTLS-E-AGAIN:CAPS" title="GNUTLS_E_AGAIN"><code class="literal">GNUTLS_E_AGAIN</code></a> and
2436
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-INTERRUPTED:CAPS" title="GNUTLS_E_INTERRUPTED"><code class="literal">GNUTLS_E_INTERRUPTED</code></a> interrupt the handshake procedure, which
2437
should be later be resumed. Call this function again, until it
2438
returns 0; cf. <a class="link" href="gnutls-gnutls.html#gnutls-record-get-direction" title="gnutls_record_get_direction ()"><code class="function">gnutls_record_get_direction()</code></a> and
2439
<a class="link" href="gnutls-gnutls.html#gnutls-error-is-fatal" title="gnutls_error_is_fatal ()"><code class="function">gnutls_error_is_fatal()</code></a>.
2442
If this function is called by a server after a rehandshake request
2443
then <a class="link" href="gnutls-gnutls.html#GNUTLS-E-GOT-APPLICATION-DATA:CAPS" title="GNUTLS_E_GOT_APPLICATION_DATA"><code class="literal">GNUTLS_E_GOT_APPLICATION_DATA</code></a> or
2444
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-WARNING-ALERT-RECEIVED:CAPS" title="GNUTLS_E_WARNING_ALERT_RECEIVED"><code class="literal">GNUTLS_E_WARNING_ALERT_RECEIVED</code></a> may be returned. Note that these
2445
are non fatal errors, only in the specific case of a rehandshake.
2446
Their meaning is that the client rejected the rehandshake request or
2447
in the case of <a class="link" href="gnutls-gnutls.html#GNUTLS-E-GOT-APPLICATION-DATA:CAPS" title="GNUTLS_E_GOT_APPLICATION_DATA"><code class="literal">GNUTLS_E_GOT_APPLICATION_DATA</code></a> it might also mean that
2448
some data were pending.
1492
2450
<div class="variablelist"><table border="0">
1493
2451
<col align="left" valign="top">
1496
2454
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
2455
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
1501
2459
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
2460
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, otherwise an error.
1510
2468
<a name="gnutls-rehandshake"></a><h3>gnutls_rehandshake ()</h3>
1511
2469
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_rehandshake (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
2471
This function will renegotiate security parameters with the
2472
client. This should only be called in case of a server.
2475
This message informs the peer that we want to renegotiate
2476
parameters (perform a handshake).
2479
If this function succeeds (returns 0), you must call the
2480
<a class="link" href="gnutls-gnutls.html#gnutls-handshake" title="gnutls_handshake ()"><code class="function">gnutls_handshake()</code></a> function in order to negotiate the new
2484
Since TLS is full duplex some application data might have been
2485
sent during peer's processing of this message. In that case
2486
one should call <a class="link" href="gnutls-gnutls.html#gnutls-record-recv" title="gnutls_record_recv ()"><code class="function">gnutls_record_recv()</code></a> until GNUTLS_E_REHANDSHAKE
2487
is returned to clear any pending data. Care must be taken if
2488
rehandshake is mandatory to terminate if it does not start after
2492
If the client does not wish to renegotiate parameters he will
2493
should with an alert message, thus the return code will be
2494
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-WARNING-ALERT-RECEIVED:CAPS" title="GNUTLS_E_WARNING_ALERT_RECEIVED"><code class="literal">GNUTLS_E_WARNING_ALERT_RECEIVED</code></a> and the alert will be
2495
<a class="link" href="gnutls-gnutls.html#GNUTLS-A-NO-RENEGOTIATION:CAPS"><code class="literal">GNUTLS_A_NO_RENEGOTIATION</code></a>. A client may also choose to ignore
1514
2498
<div class="variablelist"><table border="0">
1515
2499
<col align="left" valign="top">
1518
2502
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
2503
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
1523
2507
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
2508
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, otherwise an error.
1532
2516
<a name="gnutls-alert-get"></a><h3>gnutls_alert_get ()</h3>
1533
2517
<pre class="programlisting"><a class="link" href="gnutls-gnutls.html#gnutls-alert-description-t" title="enum gnutls_alert_description_t"><span class="returnvalue">gnutls_alert_description_t</span></a> gnutls_alert_get (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
2519
This function will return the last alert number received. This
2520
function should be called if <a class="link" href="gnutls-gnutls.html#GNUTLS-E-WARNING-ALERT-RECEIVED:CAPS" title="GNUTLS_E_WARNING_ALERT_RECEIVED"><code class="literal">GNUTLS_E_WARNING_ALERT_RECEIVED</code></a> or
2521
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-FATAL-ALERT-RECEIVED:CAPS" title="GNUTLS_E_FATAL_ALERT_RECEIVED"><code class="literal">GNUTLS_E_FATAL_ALERT_RECEIVED</code></a> has been returned by a gnutls
2522
function. The peer may send alerts if he thinks some things were
2523
not right. Check gnutls.h for the available alert descriptions.
2526
If no alert has been received the returned value is undefined.
1536
2528
<div class="variablelist"><table border="0">
1537
2529
<col align="left" valign="top">
1540
2532
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
2533
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
1545
2537
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
2538
<td> returns the last alert received, a
2539
<a class="link" href="gnutls-gnutls.html#gnutls-alert-description-t" title="enum gnutls_alert_description_t"><span class="type">gnutls_alert_description_t</span></a> value.
1556
2549
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-alert-level-t" title="enum gnutls_alert_level_t"><span class="type">gnutls_alert_level_t</span></a> level</code></em>,
1557
2550
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-alert-description-t" title="enum gnutls_alert_description_t"><span class="type">gnutls_alert_description_t</span></a> desc</code></em>);</pre>
2552
This function will send an alert to the peer in order to inform
2553
him of something important (eg. his Certificate could not be verified).
2554
If the alert level is Fatal then the peer is expected to close the
2555
connection, otherwise he may ignore the alert and continue.
2558
The error code of the underlying record send function will be
2559
returned, so you may also receive <a class="link" href="gnutls-gnutls.html#GNUTLS-E-INTERRUPTED:CAPS" title="GNUTLS_E_INTERRUPTED"><code class="literal">GNUTLS_E_INTERRUPTED</code></a> or
2560
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-AGAIN:CAPS" title="GNUTLS_E_AGAIN"><code class="literal">GNUTLS_E_AGAIN</code></a> as well.
1560
2562
<div class="variablelist"><table border="0">
1561
2563
<col align="left" valign="top">
1564
2566
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
2567
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
1569
2571
<td><p><span class="term"><em class="parameter"><code>level</code></em> :</span></p></td>
2572
<td>is the level of the alert
1574
2576
<td><p><span class="term"><em class="parameter"><code>desc</code></em> :</span></p></td>
2577
<td>is the alert description
1579
2581
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
2582
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, otherwise
2583
an error code is returned.
1589
2592
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_alert_send_appropriate (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
1590
2593
<em class="parameter"><code><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> err</code></em>);</pre>
2595
Sends an alert to the peer depending on the error code returned by
2596
a gnutls function. This function will call <a class="link" href="gnutls-gnutls.html#gnutls-error-to-alert" title="gnutls_error_to_alert ()"><code class="function">gnutls_error_to_alert()</code></a>
2597
to determine the appropriate alert to send.
2600
This function may also return <a class="link" href="gnutls-gnutls.html#GNUTLS-E-AGAIN:CAPS" title="GNUTLS_E_AGAIN"><code class="literal">GNUTLS_E_AGAIN</code></a>, or
2601
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-INTERRUPTED:CAPS" title="GNUTLS_E_INTERRUPTED"><code class="literal">GNUTLS_E_INTERRUPTED</code></a>.
2604
If the return value is <a class="link" href="gnutls-gnutls.html#GNUTLS-E-INVALID-REQUEST:CAPS" title="GNUTLS_E_INVALID_REQUEST"><code class="literal">GNUTLS_E_INVALID_REQUEST</code></a>, then no alert has
2605
been sent to the peer.
1593
2607
<div class="variablelist"><table border="0">
1594
2608
<col align="left" valign="top">
1597
2611
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
2612
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
1602
2616
<td><p><span class="term"><em class="parameter"><code>err</code></em> :</span></p></td>
1607
2621
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
2622
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, otherwise
2623
an error code is returned.
1726
2751
<a name="gnutls-certificate-type-get"></a><h3>gnutls_certificate_type_get ()</h3>
1727
2752
<pre class="programlisting"><a class="link" href="gnutls-gnutls.html#gnutls-certificate-type-t" title="enum gnutls_certificate_type_t"><span class="returnvalue">gnutls_certificate_type_t</span></a> gnutls_certificate_type_get (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
1730
<div class="variablelist"><table border="0">
1731
<col align="left" valign="top">
1734
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
1739
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
2754
The certificate type is by default X.509, unless it is negotiated
2757
<div class="variablelist"><table border="0">
2758
<col align="left" valign="top">
2761
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
2762
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
2766
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
2767
<td> the currently used <a class="link" href="gnutls-gnutls.html#gnutls-certificate-type-t" title="enum gnutls_certificate_type_t"><span class="type">gnutls_certificate_type_t</span></a> certificate
2775
<div class="refsect2" title="gnutls_sign_algorithm_get_requested ()">
2776
<a name="gnutls-sign-algorithm-get-requested"></a><h3>gnutls_sign_algorithm_get_requested ()</h3>
2777
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_sign_algorithm_get_requested (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
2778
<em class="parameter"><code><span class="type">size_t</span> indx</code></em>,
2779
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-sign-algorithm-t" title="enum gnutls_sign_algorithm_t"><span class="type">gnutls_sign_algorithm_t</span></a> *algo</code></em>);</pre>
2781
Returns the signature algorithm specified by index that was
2782
requested by the peer. If the specified index has no data available
2783
this function returns <a class="link" href="gnutls-gnutls.html#GNUTLS-E-REQUESTED-DATA-NOT-AVAILABLE:CAPS" title="GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE"><code class="literal">GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE</code></a>. If
2784
the negotiated TLS version does not support signature algorithms
2785
then <a class="link" href="gnutls-gnutls.html#GNUTLS-E-REQUESTED-DATA-NOT-AVAILABLE:CAPS" title="GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE"><code class="literal">GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE</code></a> will be returned even
2786
for the first index. The first index is 0.
2789
This function is useful in the certificate callback functions
2790
to assist in selecting the correct certificate.
2792
<div class="variablelist"><table border="0">
2793
<col align="left" valign="top">
2796
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
2797
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
2801
<td><p><span class="term"><em class="parameter"><code>indx</code></em> :</span></p></td>
2802
<td>is an index of the signature algorithm to return
2806
<td><p><span class="term"><em class="parameter"><code>algo</code></em> :</span></p></td>
2807
<td>the returned certificate type will be stored there
2811
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
2812
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, otherwise
2813
an error code is returned.
2819
<p class="since">Since 2.10.0</p>
1747
2822
<div class="refsect2" title="gnutls_cipher_get_key_size ()">
1748
2823
<a name="gnutls-cipher-get-key-size"></a><h3>gnutls_cipher_get_key_size ()</h3>
1749
2824
<pre class="programlisting"><span class="returnvalue">size_t</span> gnutls_cipher_get_key_size (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-cipher-algorithm-t" title="enum gnutls_cipher_algorithm_t"><span class="type">gnutls_cipher_algorithm_t</span></a> algorithm</code></em>);</pre>
2826
Get key size for cipher.
1752
2828
<div class="variablelist"><table border="0">
1753
2829
<col align="left" valign="top">
1756
2832
<td><p><span class="term"><em class="parameter"><code>algorithm</code></em> :</span></p></td>
2833
<td>is an encryption algorithm
1761
2837
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
2838
<td> length (in bytes) of the given cipher's key size, or 0 if
2839
the given cipher is invalid.
1902
2991
<a name="gnutls-pk-get-name"></a><h3>gnutls_pk_get_name ()</h3>
1903
2992
<pre class="programlisting">const <span class="returnvalue">char</span> * gnutls_pk_get_name (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-pk-algorithm-t" title="enum gnutls_pk_algorithm_t"><span class="type">gnutls_pk_algorithm_t</span></a> algorithm</code></em>);</pre>
2994
Convert a <a class="link" href="gnutls-gnutls.html#gnutls-pk-algorithm-t" title="enum gnutls_pk_algorithm_t"><span class="type">gnutls_pk_algorithm_t</span></a> value to a string.
1906
2996
<div class="variablelist"><table border="0">
1907
2997
<col align="left" valign="top">
1910
3000
<td><p><span class="term"><em class="parameter"><code>algorithm</code></em> :</span></p></td>
3001
<td>is a public key algorithm
1915
3005
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3006
<td> a pointer to a string that contains the name of the
3007
specified public key algorithm, or <code class="literal">NULL</code>.
3013
<p class="since">Since 2.6.0</p>
1923
3016
<div class="refsect2" title="gnutls_sign_get_name ()">
1924
3017
<a name="gnutls-sign-get-name"></a><h3>gnutls_sign_get_name ()</h3>
1925
3018
<pre class="programlisting">const <span class="returnvalue">char</span> * gnutls_sign_get_name (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-sign-algorithm-t" title="enum gnutls_sign_algorithm_t"><span class="type">gnutls_sign_algorithm_t</span></a> algorithm</code></em>);</pre>
3020
Convert a <a class="link" href="gnutls-gnutls.html#gnutls-sign-algorithm-t" title="enum gnutls_sign_algorithm_t"><span class="type">gnutls_sign_algorithm_t</span></a> value to a string.
1928
3022
<div class="variablelist"><table border="0">
1929
3023
<col align="left" valign="top">
1932
3026
<td><p><span class="term"><em class="parameter"><code>algorithm</code></em> :</span></p></td>
3027
<td>is a public key signature algorithm
1937
3031
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3032
<td> a pointer to a string that contains the name of the
3033
specified public key signature algorithm, or <code class="literal">NULL</code>.
3039
<p class="since">Since 2.6.0</p>
1945
3042
<div class="refsect2" title="gnutls_mac_get_id ()">
1946
3043
<a name="gnutls-mac-get-id"></a><h3>gnutls_mac_get_id ()</h3>
1947
3044
<pre class="programlisting"><a class="link" href="gnutls-gnutls.html#gnutls-mac-algorithm-t" title="enum gnutls_mac_algorithm_t"><span class="returnvalue">gnutls_mac_algorithm_t</span></a> gnutls_mac_get_id (<em class="parameter"><code>const <span class="type">char</span> *name</code></em>);</pre>
3046
Convert a string to a <a class="link" href="gnutls-gnutls.html#gnutls-mac-algorithm-t" title="enum gnutls_mac_algorithm_t"><span class="type">gnutls_mac_algorithm_t</span></a> value. The names are
3047
compared in a case insensitive way.
1950
3049
<div class="variablelist"><table border="0">
1951
3050
<col align="left" valign="top">
1954
3053
<td><p><span class="term"><em class="parameter"><code>name</code></em> :</span></p></td>
3054
<td>is a MAC algorithm name
1959
3058
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3059
<td> a <a class="link" href="gnutls-gnutls.html#gnutls-mac-algorithm-t" title="enum gnutls_mac_algorithm_t"><span class="type">gnutls_mac_algorithm_t</span></a> id of the specified MAC
3060
algorithm string, or <a class="link" href="gnutls-gnutls.html#GNUTLS-MAC-UNKNOWN:CAPS"><code class="literal">GNUTLS_MAC_UNKNOWN</code></a> on failures.
2079
3190
<a name="gnutls-pk-get-id"></a><h3>gnutls_pk_get_id ()</h3>
2080
3191
<pre class="programlisting"><a class="link" href="gnutls-gnutls.html#gnutls-pk-algorithm-t" title="enum gnutls_pk_algorithm_t"><span class="returnvalue">gnutls_pk_algorithm_t</span></a> gnutls_pk_get_id (<em class="parameter"><code>const <span class="type">char</span> *name</code></em>);</pre>
3193
Convert a string to a <a class="link" href="gnutls-gnutls.html#gnutls-pk-algorithm-t" title="enum gnutls_pk_algorithm_t"><span class="type">gnutls_pk_algorithm_t</span></a> value. The names are
3194
compared in a case insensitive way. For example,
3195
gnutls_pk_get_id("RSA") will return <a class="link" href="gnutls-gnutls.html#GNUTLS-PK-RSA:CAPS"><code class="literal">GNUTLS_PK_RSA</code></a>.
2083
3197
<div class="variablelist"><table border="0">
2084
3198
<col align="left" valign="top">
2087
3201
<td><p><span class="term"><em class="parameter"><code>name</code></em> :</span></p></td>
3202
<td>is a string containing a public key algorithm name.
2092
3206
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3207
<td> a <a class="link" href="gnutls-gnutls.html#gnutls-pk-algorithm-t" title="enum gnutls_pk_algorithm_t"><span class="type">gnutls_pk_algorithm_t</span></a> id of the specified public key
3208
algorithm string, or <a class="link" href="gnutls-gnutls.html#GNUTLS-PK-UNKNOWN:CAPS"><code class="literal">GNUTLS_PK_UNKNOWN</code></a> on failures.
3214
<p class="since">Since 2.6.0</p>
2100
3217
<div class="refsect2" title="gnutls_sign_get_id ()">
2101
3218
<a name="gnutls-sign-get-id"></a><h3>gnutls_sign_get_id ()</h3>
2102
3219
<pre class="programlisting"><a class="link" href="gnutls-gnutls.html#gnutls-sign-algorithm-t" title="enum gnutls_sign_algorithm_t"><span class="returnvalue">gnutls_sign_algorithm_t</span></a> gnutls_sign_get_id (<em class="parameter"><code>const <span class="type">char</span> *name</code></em>);</pre>
3221
The names are compared in a case insensitive way.
2105
3223
<div class="variablelist"><table border="0">
2106
3224
<col align="left" valign="top">
2109
3227
<td><p><span class="term"><em class="parameter"><code>name</code></em> :</span></p></td>
3228
<td>is a MAC algorithm name
2114
3232
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3233
<td> return a <a class="link" href="gnutls-gnutls.html#gnutls-sign-algorithm-t" title="enum gnutls_sign_algorithm_t"><span class="type">gnutls_sign_algorithm_t</span></a> value corresponding to
3234
the specified cipher, or <a class="link" href="gnutls-gnutls.html#GNUTLS-SIGN-UNKNOWN:CAPS"><code class="literal">GNUTLS_SIGN_UNKNOWN</code></a> on error.
2215
3358
<a name="gnutls-pk-list"></a><h3>gnutls_pk_list ()</h3>
2216
3359
<pre class="programlisting">const <a class="link" href="gnutls-gnutls.html#gnutls-pk-algorithm-t" title="enum gnutls_pk_algorithm_t"><span class="returnvalue">gnutls_pk_algorithm_t</span></a> * gnutls_pk_list (<em class="parameter"><code><span class="type">void</span></code></em>);</pre>
3361
Get a list of supported public key algorithms.
2219
3363
<div class="variablelist"><table border="0">
2220
3364
<col align="left" valign="top">
2222
3366
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3367
<td> a zero-terminated list of <a class="link" href="gnutls-gnutls.html#gnutls-pk-algorithm-t" title="enum gnutls_pk_algorithm_t"><span class="type">gnutls_pk_algorithm_t</span></a> integers
3368
indicating the available ciphers.
3373
<p class="since">Since 2.6.0</p>
2229
3376
<div class="refsect2" title="gnutls_sign_list ()">
2230
3377
<a name="gnutls-sign-list"></a><h3>gnutls_sign_list ()</h3>
2231
3378
<pre class="programlisting">const <a class="link" href="gnutls-gnutls.html#gnutls-sign-algorithm-t" title="enum gnutls_sign_algorithm_t"><span class="returnvalue">gnutls_sign_algorithm_t</span></a> * gnutls_sign_list (<em class="parameter"><code><span class="type">void</span></code></em>);</pre>
3380
Get a list of supported public key signature algorithms.
2234
3382
<div class="variablelist"><table border="0">
2235
3383
<col align="left" valign="top">
2237
3385
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3386
<td> a zero-terminated list of <a class="link" href="gnutls-gnutls.html#gnutls-sign-algorithm-t" title="enum gnutls_sign_algorithm_t"><span class="type">gnutls_sign_algorithm_t</span></a>
3387
integers indicating the available ciphers.
2302
3453
<a name="gnutls-error-is-fatal"></a><h3>gnutls_error_is_fatal ()</h3>
2303
3454
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_error_is_fatal (<em class="parameter"><code><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> error</code></em>);</pre>
3456
If a GnuTLS function returns a negative value you may feed that
3457
value to this function to see if the error condition is fatal.
3460
Note that you may want to check the error code manually, since some
3461
non-fatal errors to the protocol may be fatal for you program.
3464
This function is only useful if you are dealing with errors from
3465
the record layer or the handshake layer.
2306
3467
<div class="variablelist"><table border="0">
2307
3468
<col align="left" valign="top">
2310
3471
<td><p><span class="term"><em class="parameter"><code>error</code></em> :</span></p></td>
3472
<td>is a GnuTLS error code, a negative value
2315
3476
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3477
<td> 1 if the error code is fatal, for positive <em class="parameter"><code>error</code></em> values,
3478
0 is returned. For unknown <em class="parameter"><code>error</code></em> values, -1 is returned.
2325
3487
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_error_to_alert (<em class="parameter"><code><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> err</code></em>,
2326
3488
<em class="parameter"><code><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> *level</code></em>);</pre>
3490
Get an alert depending on the error code returned by a gnutls
3491
function. All alerts sent by this function should be considered
3492
fatal. The only exception is when <em class="parameter"><code>err</code></em> is <a class="link" href="gnutls-gnutls.html#GNUTLS-E-REHANDSHAKE:CAPS" title="GNUTLS_E_REHANDSHAKE"><code class="literal">GNUTLS_E_REHANDSHAKE</code></a>,
3493
where a warning alert should be sent to the peer indicating that no
3494
renegotiation will be performed.
3497
If there is no mapping to a valid alert the alert to indicate
3498
internal error is returned.
2329
3500
<div class="variablelist"><table border="0">
2330
3501
<col align="left" valign="top">
2333
3504
<td><p><span class="term"><em class="parameter"><code>err</code></em> :</span></p></td>
3505
<td>is a negative integer
2338
3509
<td><p><span class="term"><em class="parameter"><code>level</code></em> :</span></p></td>
3510
<td>the alert level will be stored there
2343
3514
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3515
<td> the alert code to use for a particular error code.
2418
3598
(<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
2419
3599
<em class="parameter"><code><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> allow</code></em>);</pre>
3601
This function will enable or disable the use of private cipher
3602
suites (the ones that start with 0xFF). By default or if <em class="parameter"><code>allow</code></em>
3603
is 0 then these cipher suites will not be advertized nor used.
3606
Unless this function is called with the option to allow (1), then
3607
no compression algorithms, like LZO. That is because these
3608
algorithms are not yet defined in any RFC or even internet draft.
3611
Enabling the private ciphersuites when talking to other than
3612
gnutls servers and clients may cause interoperability problems.
2422
3614
<div class="variablelist"><table border="0">
2423
3615
<col align="left" valign="top">
2426
3618
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
3619
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
2431
3623
<td><p><span class="term"><em class="parameter"><code>allow</code></em> :</span></p></td>
3624
<td>is an integer (0 or 1)
2441
3633
<pre class="programlisting"><a class="link" href="gnutls-gnutls.html#gnutls-handshake-description-t" title="enum gnutls_handshake_description_t"><span class="returnvalue">gnutls_handshake_description_t</span></a> gnutls_handshake_get_last_out
2442
3634
(<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
3636
This function is only useful to check where the last performed
3637
handshake failed. If the previous handshake succeed or was not
3638
performed at all then no meaningful value will be returned.
3641
Check <a class="link" href="gnutls-gnutls.html#gnutls-handshake-description-t" title="enum gnutls_handshake_description_t"><code class="literal">gnutls_handshake_description_t</code></a> in gnutls.h for the
3642
available handshake descriptions.
2445
3644
<div class="variablelist"><table border="0">
2446
3645
<col align="left" valign="top">
2449
3648
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
3649
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
2454
3653
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3654
<td> the last handshake message type sent, a
3655
<a class="link" href="gnutls-gnutls.html#gnutls-handshake-description-t" title="enum gnutls_handshake_description_t"><code class="literal">gnutls_handshake_description_t</code></a>.
2464
3664
<pre class="programlisting"><a class="link" href="gnutls-gnutls.html#gnutls-handshake-description-t" title="enum gnutls_handshake_description_t"><span class="returnvalue">gnutls_handshake_description_t</span></a> gnutls_handshake_get_last_in
2465
3665
(<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
3667
This function is only useful to check where the last performed
3668
handshake failed. If the previous handshake succeed or was not
3669
performed at all then no meaningful value will be returned.
3672
Check <a class="link" href="gnutls-gnutls.html#gnutls-handshake-description-t" title="enum gnutls_handshake_description_t"><code class="literal">gnutls_handshake_description_t</code></a> in gnutls.h for the
3673
available handshake descriptions.
2468
3675
<div class="variablelist"><table border="0">
2469
3676
<col align="left" valign="top">
2472
3679
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
3680
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
2477
3684
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3685
<td> the last handshake message type received, a
3686
<a class="link" href="gnutls-gnutls.html#gnutls-handshake-description-t" title="enum gnutls_handshake_description_t"><code class="literal">gnutls_handshake_description_t</code></a>.
2488
3696
<em class="parameter"><code>const <span class="type">void</span> *data</code></em>,
2489
3697
<em class="parameter"><code><span class="type">size_t</span> sizeofdata</code></em>);</pre>
3699
This function has the similar semantics with <code class="function">send()</code>. The only
3700
difference is that it accepts a GnuTLS session, and uses different
3704
Note that if the send buffer is full, <code class="function">send()</code> will block this
3705
function. See the <code class="function">send()</code> documentation for full information. You
3706
can replace the default push function by using
3707
<a class="link" href="gnutls-gnutls.html#gnutls-transport-set-ptr2" title="gnutls_transport_set_ptr2 ()"><code class="function">gnutls_transport_set_ptr2()</code></a> with a call to <code class="function">send()</code> with a
3708
MSG_DONTWAIT flag if blocking is a problem.
3711
If the EINTR is returned by the internal push function (the
3712
default is <code class="function">send()</code>} then <a class="link" href="gnutls-gnutls.html#GNUTLS-E-INTERRUPTED:CAPS" title="GNUTLS_E_INTERRUPTED"><code class="literal">GNUTLS_E_INTERRUPTED</code></a> will be returned. If
3713
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-INTERRUPTED:CAPS" title="GNUTLS_E_INTERRUPTED"><code class="literal">GNUTLS_E_INTERRUPTED</code></a> or <a class="link" href="gnutls-gnutls.html#GNUTLS-E-AGAIN:CAPS" title="GNUTLS_E_AGAIN"><code class="literal">GNUTLS_E_AGAIN</code></a> is returned, you must
3714
call this function again, with the same parameters; alternatively
3715
you could provide a <code class="literal">NULL</code> pointer for data, and 0 for
3716
size. cf. <a class="link" href="gnutls-gnutls.html#gnutls-record-get-direction" title="gnutls_record_get_direction ()"><code class="function">gnutls_record_get_direction()</code></a>.
2492
3718
<div class="variablelist"><table border="0">
2493
3719
<col align="left" valign="top">
2496
3722
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
3723
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
2501
3727
<td><p><span class="term"><em class="parameter"><code>data</code></em> :</span></p></td>
3728
<td>contains the data to send
2506
3732
<td><p><span class="term"><em class="parameter"><code>sizeofdata</code></em> :</span></p></td>
3733
<td>is the length of the data
2511
3737
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3738
<td> the number of bytes sent, or a negative error code. The
3739
number of bytes sent might be less than <em class="parameter"><code>sizeofdata</code></em>. The maximum
3740
number of bytes this function can send in a single call depends
3741
on the negotiated maximum record size.
2522
3751
<em class="parameter"><code><span class="type">void</span> *data</code></em>,
2523
3752
<em class="parameter"><code><span class="type">size_t</span> sizeofdata</code></em>);</pre>
3754
This function has the similar semantics with <code class="function">recv()</code>. The only
3755
difference is that it accepts a GnuTLS session, and uses different
3759
In the special case that a server requests a renegotiation, the
3760
client may receive an error code of <a class="link" href="gnutls-gnutls.html#GNUTLS-E-REHANDSHAKE:CAPS" title="GNUTLS_E_REHANDSHAKE"><code class="literal">GNUTLS_E_REHANDSHAKE</code></a>. This
3761
message may be simply ignored, replied with an alert
3762
<a class="link" href="gnutls-gnutls.html#GNUTLS-A-NO-RENEGOTIATION:CAPS"><code class="literal">GNUTLS_A_NO_RENEGOTIATION</code></a>, or replied with a new handshake,
3763
depending on the client's will.
3766
If <code class="literal">EINTR</code> is returned by the internal push function (the default
3767
is <code class="function">recv()</code>) then <a class="link" href="gnutls-gnutls.html#GNUTLS-E-INTERRUPTED:CAPS" title="GNUTLS_E_INTERRUPTED"><code class="literal">GNUTLS_E_INTERRUPTED</code></a> will be returned. If
3768
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-INTERRUPTED:CAPS" title="GNUTLS_E_INTERRUPTED"><code class="literal">GNUTLS_E_INTERRUPTED</code></a> or <a class="link" href="gnutls-gnutls.html#GNUTLS-E-AGAIN:CAPS" title="GNUTLS_E_AGAIN"><code class="literal">GNUTLS_E_AGAIN</code></a> is returned, you must
3769
call this function again to get the data. See also
3770
<a class="link" href="gnutls-gnutls.html#gnutls-record-get-direction" title="gnutls_record_get_direction ()"><code class="function">gnutls_record_get_direction()</code></a>.
3773
A server may also receive <a class="link" href="gnutls-gnutls.html#GNUTLS-E-REHANDSHAKE:CAPS" title="GNUTLS_E_REHANDSHAKE"><code class="literal">GNUTLS_E_REHANDSHAKE</code></a> when a client has
3774
initiated a handshake. In that case the server can only initiate a
3775
handshake or terminate the connection.
2526
3777
<div class="variablelist"><table border="0">
2527
3778
<col align="left" valign="top">
2530
3781
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
3782
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
2535
3786
<td><p><span class="term"><em class="parameter"><code>data</code></em> :</span></p></td>
3787
<td>the buffer that the data will be read into
2540
3791
<td><p><span class="term"><em class="parameter"><code>sizeofdata</code></em> :</span></p></td>
3792
<td>the number of requested bytes
2545
3796
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3797
<td> the number of bytes received and zero on EOF. A negative
3798
error code is returned in case of an error. The number of bytes
3799
received might be less than <em class="parameter"><code>sizeofdata</code></em>.
2601
3870
<a name="gnutls-record-get-direction"></a><h3>gnutls_record_get_direction ()</h3>
2602
3871
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_record_get_direction (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
3873
This function provides information about the internals of the
3874
record protocol and is only useful if a prior gnutls function call
3875
(e.g. <a class="link" href="gnutls-gnutls.html#gnutls-handshake" title="gnutls_handshake ()"><code class="function">gnutls_handshake()</code></a>) was interrupted for some reason, that
3876
is, if a function returned <a class="link" href="gnutls-gnutls.html#GNUTLS-E-INTERRUPTED:CAPS" title="GNUTLS_E_INTERRUPTED"><code class="literal">GNUTLS_E_INTERRUPTED</code></a> or
3877
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-AGAIN:CAPS" title="GNUTLS_E_AGAIN"><code class="literal">GNUTLS_E_AGAIN</code></a>. In such a case, you might want to call <code class="function">select()</code>
3878
or <code class="function">poll()</code> before calling the interrupted gnutls function again. To
3879
tell you whether a file descriptor should be selected for either
3880
reading or writing, <a class="link" href="gnutls-gnutls.html#gnutls-record-get-direction" title="gnutls_record_get_direction ()"><code class="function">gnutls_record_get_direction()</code></a> returns 0 if the
3881
interrupted function was trying to read data, and 1 if it was
3882
trying to write data.
2605
3884
<div class="variablelist"><table border="0">
2606
3885
<col align="left" valign="top">
2609
3888
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
3889
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
2614
3893
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3894
<td> 0 if trying to read data, 1 if trying to write data.
2646
3927
<pre class="programlisting"><span class="returnvalue">ssize_t</span> gnutls_record_set_max_size (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
2647
3928
<em class="parameter"><code><span class="type">size_t</span> size</code></em>);</pre>
3930
This function sets the maximum record packet size in this
3931
connection. This property can only be set to clients. The server
3932
may choose not to accept the requested size.
3935
Acceptable values are 512(=2^9), 1024(=2^10), 2048(=2^11) and
3936
4096(=2^12). The requested record size does get in effect
3937
immediately only while sending data. The receive part will take
3938
effect after a successful handshake.
3941
This function uses a TLS extension called 'max record size'. Not
3942
all TLS implementations use or even understand this extension.
2650
3944
<div class="variablelist"><table border="0">
2651
3945
<col align="left" valign="top">
2654
3948
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
3949
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
2659
3953
<td><p><span class="term"><em class="parameter"><code>size</code></em> :</span></p></td>
2664
3958
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
3959
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (zero) is returned,
3960
otherwise an error code is returned.
2702
4004
<em class="parameter"><code><span class="type">size_t</span> outsize</code></em>,
2703
4005
<em class="parameter"><code><span class="type">char</span> *out</code></em>);</pre>
4007
Apply the TLS Pseudo-Random-Function (PRF) using the master secret
4008
on some data, seeded with the client and server random fields.
4011
The <em class="parameter"><code>label</code></em> variable usually contain a string denoting the purpose
4012
for the generated data. The <em class="parameter"><code>server_random_first</code></em> indicate whether
4013
the client random field or the server random field should be first
4014
in the seed. Non-0 indicate that the server random field is first,
4015
0 that the client random field is first.
4018
The <em class="parameter"><code>extra</code></em> variable can be used to add more data to the seed, after
4019
the random variables. It can be used to tie make sure the
4020
generated output is strongly connected to some additional data
4021
(e.g., a string used in user authentication).
4024
The output is placed in *<em class="parameter"><code>OUT</code></em>, which must be pre-allocated.
2706
4026
<div class="variablelist"><table border="0">
2707
4027
<col align="left" valign="top">
2710
4030
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
4031
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
2715
4035
<td><p><span class="term"><em class="parameter"><code>label_size</code></em> :</span></p></td>
4036
<td>length of the <em class="parameter"><code>label</code></em> variable.
2720
4040
<td><p><span class="term"><em class="parameter"><code>label</code></em> :</span></p></td>
4041
<td>label used in PRF computation, typically a short string.
2725
4045
<td><p><span class="term"><em class="parameter"><code>server_random_first</code></em> :</span></p></td>
4046
<td>non-0 if server random field should be first in seed
2730
4050
<td><p><span class="term"><em class="parameter"><code>extra_size</code></em> :</span></p></td>
4051
<td>length of the <em class="parameter"><code>extra</code></em> variable.
2735
4055
<td><p><span class="term"><em class="parameter"><code>extra</code></em> :</span></p></td>
4056
<td>optional extra data to seed the PRF with.
2740
4060
<td><p><span class="term"><em class="parameter"><code>outsize</code></em> :</span></p></td>
4061
<td>size of pre-allocated output buffer to hold the output.
2745
4065
<td><p><span class="term"><em class="parameter"><code>out</code></em> :</span></p></td>
4066
<td>pre-allocate buffer to hold the generated data.
2750
4070
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4071
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
2765
4085
<em class="parameter"><code><span class="type">size_t</span> outsize</code></em>,
2766
4086
<em class="parameter"><code><span class="type">char</span> *out</code></em>);</pre>
4088
Apply the TLS Pseudo-Random-Function (PRF) using the master secret
4092
The <em class="parameter"><code>label</code></em> variable usually contain a string denoting the purpose
4093
for the generated data. The <em class="parameter"><code>seed</code></em> usually contain data such as the
4094
client and server random, perhaps together with some additional
4095
data that is added to guarantee uniqueness of the output for a
4099
Because the output is not guaranteed to be unique for a particular
4100
session unless <em class="parameter"><code>seed</code></em> include the client random and server random
4101
fields (the PRF would output the same data on another connection
4102
resumed from the first one), it is not recommended to use this
4103
function directly. The <a class="link" href="gnutls-gnutls.html#gnutls-prf" title="gnutls_prf ()"><code class="function">gnutls_prf()</code></a> function seed the PRF with the
4104
client and server random fields directly, and is recommended if you
4105
want to generate pseudo random data unique for each session.
2769
4107
<div class="variablelist"><table border="0">
2770
4108
<col align="left" valign="top">
2773
4111
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
4112
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
2778
4116
<td><p><span class="term"><em class="parameter"><code>label_size</code></em> :</span></p></td>
4117
<td>length of the <em class="parameter"><code>label</code></em> variable.
2783
4121
<td><p><span class="term"><em class="parameter"><code>label</code></em> :</span></p></td>
4122
<td>label used in PRF computation, typically a short string.
2788
4126
<td><p><span class="term"><em class="parameter"><code>seed_size</code></em> :</span></p></td>
4127
<td>length of the <em class="parameter"><code>seed</code></em> variable.
2793
4131
<td><p><span class="term"><em class="parameter"><code>seed</code></em> :</span></p></td>
4132
<td>optional extra data to seed the PRF with.
2798
4136
<td><p><span class="term"><em class="parameter"><code>outsize</code></em> :</span></p></td>
4137
<td>size of pre-allocated output buffer to hold the output.
2803
4141
<td><p><span class="term"><em class="parameter"><code>out</code></em> :</span></p></td>
4142
<td>pre-allocate buffer to hold the generated data.
2808
4146
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4147
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
2884
4222
<div class="refsect2" title="enum gnutls_ext_parse_type_t">
2885
4223
<a name="gnutls-ext-parse-type-t"></a><h3>enum gnutls_ext_parse_type_t</h3>
2886
4224
<pre class="programlisting"> typedef enum
2889
GNUTLS_EXT_APPLICATION,
2891
} gnutls_ext_parse_type_t;
4227
GNUTLS_EXT_APPLICATION = 1,
4229
GNUTLS_EXT_MANDATORY = 3,
4231
} gnutls_ext_parse_type_t;
4234
Enumeration of different TLS extension types. This flag
4235
indicates for an extension whether it is useful to application
4236
level or TLS level only. This is (only) used to parse the
4237
application level extensions before the "client_hello" callback
4240
<div class="variablelist"><table border="0">
4241
<col align="left" valign="top">
4244
<td><p><a name="GNUTLS-EXT-ANY:CAPS"></a><span class="term"><code class="literal">GNUTLS_EXT_ANY</code></span></p></td>
4245
<td>Any extension type.
4249
<td><p><a name="GNUTLS-EXT-APPLICATION:CAPS"></a><span class="term"><code class="literal">GNUTLS_EXT_APPLICATION</code></span></p></td>
4250
<td>Application extension.
4254
<td><p><a name="GNUTLS-EXT-TLS:CAPS"></a><span class="term"><code class="literal">GNUTLS_EXT_TLS</code></span></p></td>
4255
<td>TLS-internal extension.
4259
<td><p><a name="GNUTLS-EXT-MANDATORY:CAPS"></a><span class="term"><code class="literal">GNUTLS_EXT_MANDATORY</code></span></p></td>
4260
<td>Extension parsed even if resuming (or extensions are disabled).
4264
<td><p><a name="GNUTLS-EXT-NONE:CAPS"></a><span class="term"><code class="literal">GNUTLS_EXT_NONE</code></span></p></td>
2897
4272
<div class="refsect2" title="gnutls_ext_register ()">
2902
4277
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-ext-recv-func" title="gnutls_ext_recv_func ()"><span class="type">gnutls_ext_recv_func</span></a> recv_func</code></em>,
2903
4278
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-ext-send-func" title="gnutls_ext_send_func ()"><span class="type">gnutls_ext_send_func</span></a> send_func</code></em>);</pre>
4280
This function is used to register a new TLS extension handler.
2906
4282
<div class="variablelist"><table border="0">
2907
4283
<col align="left" valign="top">
2910
4286
<td><p><span class="term"><em class="parameter"><code>type</code></em> :</span></p></td>
4287
<td>the 16-bit integer referring to the extension type
2915
4291
<td><p><span class="term"><em class="parameter"><code>name</code></em> :</span></p></td>
4292
<td>human printable name of the extension used for debugging
2920
4296
<td><p><span class="term"><em class="parameter"><code>parse_type</code></em> :</span></p></td>
4297
<td>either <a class="link" href="gnutls-gnutls.html#GNUTLS-EXT-TLS:CAPS"><span class="type">GNUTLS_EXT_TLS</span></a> or <a class="link" href="gnutls-gnutls.html#GNUTLS-EXT-APPLICATION:CAPS"><code class="literal">GNUTLS_EXT_APPLICATION</code></a>.
2925
4301
<td><p><span class="term"><em class="parameter"><code>recv_func</code></em> :</span></p></td>
4302
<td>a function to receive extension data
2930
4306
<td><p><span class="term"><em class="parameter"><code>send_func</code></em> :</span></p></td>
4307
<td>a function to send extension data
2935
4311
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4312
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
4318
<p class="since">Since 2.6.0</p>
2943
4321
<div class="refsect2" title="enum gnutls_server_name_type_t">
2958
4345
<em class="parameter"><code>const <span class="type">void</span> *name</code></em>,
2959
4346
<em class="parameter"><code><span class="type">size_t</span> name_length</code></em>);</pre>
4348
This function is to be used by clients that want to inform (via a
4349
TLS extension mechanism) the server of the name they connected to.
4350
This should be used by clients that connect to servers that do
4354
The value of <em class="parameter"><code>name</code></em> depends on the <em class="parameter"><code>type</code></em> type. In case of
4355
<a class="link" href="gnutls-gnutls.html#GNUTLS-NAME-DNS:CAPS"><code class="literal">GNUTLS_NAME_DNS</code></a>, an ASCII zero-terminated domain name string,
4356
without the trailing dot, is expected. IPv4 or IPv6 addresses are
2962
4359
<div class="variablelist"><table border="0">
2963
4360
<col align="left" valign="top">
2966
4363
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
4364
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
2971
4368
<td><p><span class="term"><em class="parameter"><code>type</code></em> :</span></p></td>
4369
<td>specifies the indicator type
2976
4373
<td><p><span class="term"><em class="parameter"><code>name</code></em> :</span></p></td>
4374
<td>is a string that contains the server name.
2981
4378
<td><p><span class="term"><em class="parameter"><code>name_length</code></em> :</span></p></td>
4379
<td>holds the length of name
2986
4383
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4384
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (zero) is returned,
4385
otherwise an error code is returned.
2999
4397
<em class="parameter"><code>unsigned <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> *type</code></em>,
3000
4398
<em class="parameter"><code>unsigned <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> indx</code></em>);</pre>
4400
This function will allow you to get the name indication (if any), a
4401
client has sent. The name indication may be any of the enumeration
4402
gnutls_server_name_type_t.
4405
If <em class="parameter"><code>type</code></em> is GNUTLS_NAME_DNS, then this function is to be used by
4406
servers that support virtual hosting, and the data will be a null
4407
terminated UTF-8 string.
4410
If <em class="parameter"><code>data</code></em> has not enough size to hold the server name
4411
GNUTLS_E_SHORT_MEMORY_BUFFER is returned, and <em class="parameter"><code>data_length</code></em> will
4412
hold the required size.
4415
<em class="parameter"><code>index</code></em> is used to retrieve more than one server names (if sent by
4416
the client). The first server name has an index of 0, the second 1
4417
and so on. If no name with the given index exists
4418
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
3003
4420
<div class="variablelist"><table border="0">
3004
4421
<col align="left" valign="top">
3007
4424
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
4425
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3012
4429
<td><p><span class="term"><em class="parameter"><code>data</code></em> :</span></p></td>
4430
<td>will hold the data
3017
4434
<td><p><span class="term"><em class="parameter"><code>data_length</code></em> :</span></p></td>
4435
<td>will hold the data length. Must hold the maximum size of data.
3022
4439
<td><p><span class="term"><em class="parameter"><code>type</code></em> :</span></p></td>
4440
<td>will hold the server name indicator type
3027
4444
<td><p><span class="term"><em class="parameter"><code>indx</code></em> :</span></p></td>
3032
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4445
<td>is the index of the server_name
4449
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4450
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (zero) is returned,
4451
otherwise an error code is returned.
4458
<div class="refsect2" title="gnutls_safe_renegotiation_status ()">
4459
<a name="gnutls-safe-renegotiation-status"></a><h3>gnutls_safe_renegotiation_status ()</h3>
4460
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_safe_renegotiation_status (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
4462
Can be used to check whether safe renegotiation is being used
4463
in the current session.
4465
<div class="variablelist"><table border="0">
4466
<col align="left" valign="top">
4469
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
4470
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
4474
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4475
<td> 0 when safe renegotiation is not used and non zero when
4476
safe renegotiation is used.
4482
<p class="since">Since 2.10.0</p>
3040
4485
<div class="refsect2" title="gnutls_oprfi_enable_client ()">
3164
4611
<div class="refsect2" title="enum gnutls_supplemental_data_format_type_t">
3165
4612
<a name="gnutls-supplemental-data-format-type-t"></a><h3>enum gnutls_supplemental_data_format_type_t</h3>
3166
4613
<pre class="programlisting"> typedef enum
3168
GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
3169
} gnutls_supplemental_data_format_type_t;
4615
GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
4616
} gnutls_supplemental_data_format_type_t;
3175
<div class="refsect2" title="gnutls_supplemental_get_name ()">
3176
<a name="gnutls-supplemental-get-name"></a><h3>gnutls_supplemental_get_name ()</h3>
3177
<pre class="programlisting">const <span class="returnvalue">char</span> * gnutls_supplemental_get_name (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-supplemental-data-format-type-t" title="enum gnutls_supplemental_data_format_type_t"><span class="type">gnutls_supplemental_data_format_type_t</span></a> type</code></em>);</pre>
3180
<div class="variablelist"><table border="0">
3181
<col align="left" valign="top">
3184
<td><p><span class="term"><em class="parameter"><code>type</code></em> :</span></p></td>
3189
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4619
Enumeration of different supplemental data types (RFC 4680).
4621
<div class="variablelist"><table border="0">
4622
<col align="left" valign="top">
4624
<td><p><a name="GNUTLS-SUPPLEMENTAL-USER-MAPPING-DATA:CAPS"></a><span class="term"><code class="literal">GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA</code></span></p></td>
4625
<td>Supplemental user mapping data.
4631
<div class="refsect2" title="gnutls_session_ticket_key_generate ()">
4632
<a name="gnutls-session-ticket-key-generate"></a><h3>gnutls_session_ticket_key_generate ()</h3>
4633
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_session_ticket_key_generate (<em class="parameter"><code><span class="type">gnutls_datum_t</span> *key</code></em>);</pre>
4635
Generate a random key to encrypt security parameters within
4638
<div class="variablelist"><table border="0">
4639
<col align="left" valign="top">
4642
<td><p><span class="term"><em class="parameter"><code>key</code></em> :</span></p></td>
4643
<td>is a pointer to a <span class="type">gnutls_datum_t</span> which will contain a newly
4648
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4649
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, or an
4656
<p class="since">Since 2.10.0</p>
4659
<div class="refsect2" title="gnutls_session_ticket_enable_client ()">
4660
<a name="gnutls-session-ticket-enable-client"></a><h3>gnutls_session_ticket_enable_client ()</h3>
4661
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_session_ticket_enable_client (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
4663
Request that the client should attempt session resumption using
4666
<div class="variablelist"><table border="0">
4667
<col align="left" valign="top">
4670
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
4671
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
4675
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4676
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, or an
4683
<p class="since">Since 2.10.0</p>
4686
<div class="refsect2" title="gnutls_session_ticket_enable_server ()">
4687
<a name="gnutls-session-ticket-enable-server"></a><h3>gnutls_session_ticket_enable_server ()</h3>
4688
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_session_ticket_enable_server (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
4689
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *key</code></em>);</pre>
4691
Request that the server should attempt session resumption using
4692
SessionTicket. <em class="parameter"><code>key</code></em> must be initialized with
4693
<a class="link" href="gnutls-gnutls.html#gnutls-session-ticket-key-generate" title="gnutls_session_ticket_key_generate ()"><code class="function">gnutls_session_ticket_key_generate()</code></a>.
4695
<div class="variablelist"><table border="0">
4696
<col align="left" valign="top">
4699
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
4700
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
4704
<td><p><span class="term"><em class="parameter"><code>key</code></em> :</span></p></td>
4705
<td>key to encrypt session parameters.
4709
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4710
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, or an
4717
<p class="since">Since 2.10.0</p>
3197
4720
<div class="refsect2" title="gnutls_cipher_set_priority ()">
3199
4722
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_cipher_set_priority (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
3200
4723
<em class="parameter"><code>const <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> *list</code></em>);</pre>
4725
Sets the priority on the ciphers supported by gnutls. Priority is
4726
higher for elements specified before others. After specifying the
4727
ciphers you want, you must append a 0. Note that the priority is
4728
set on the client. The server does not use the algorithm's
4729
priority except for disabling algorithms that were not specified.
3203
4731
<div class="variablelist"><table border="0">
3204
4732
<col align="left" valign="top">
3207
4735
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
4736
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3212
4740
<td><p><span class="term"><em class="parameter"><code>list</code></em> :</span></p></td>
4741
<td>is a 0 terminated list of gnutls_cipher_algorithm_t elements.
3217
4745
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4746
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
3227
4755
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_mac_set_priority (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
3228
4756
<em class="parameter"><code>const <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> *list</code></em>);</pre>
4758
Sets the priority on the mac algorithms supported by gnutls.
4759
Priority is higher for elements specified before others. After
4760
specifying the algorithms you want, you must append a 0. Note
4761
that the priority is set on the client. The server does not use
4762
the algorithm's priority except for disabling algorithms that were
3231
4765
<div class="variablelist"><table border="0">
3232
4766
<col align="left" valign="top">
3235
4769
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
4770
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3240
4774
<td><p><span class="term"><em class="parameter"><code>list</code></em> :</span></p></td>
4775
<td>is a 0 terminated list of gnutls_mac_algorithm_t elements.
3245
4779
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4780
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
3255
4789
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_compression_set_priority (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
3256
4790
<em class="parameter"><code>const <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> *list</code></em>);</pre>
4792
Sets the priority on the compression algorithms supported by
4793
gnutls. Priority is higher for elements specified before others.
4794
After specifying the algorithms you want, you must append a 0.
4795
Note that the priority is set on the client. The server does not
4796
use the algorithm's priority except for disabling algorithms that
4800
TLS 1.0 does not define any compression algorithms except
4801
NULL. Other compression algorithms are to be considered as gnutls
3259
4804
<div class="variablelist"><table border="0">
3260
4805
<col align="left" valign="top">
3263
4808
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
4809
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3268
4813
<td><p><span class="term"><em class="parameter"><code>list</code></em> :</span></p></td>
4814
<td>is a 0 terminated list of gnutls_compression_method_t elements.
3273
4818
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4819
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
3283
4828
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_kx_set_priority (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
3284
4829
<em class="parameter"><code>const <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> *list</code></em>);</pre>
4831
Sets the priority on the key exchange algorithms supported by
4832
gnutls. Priority is higher for elements specified before others.
4833
After specifying the algorithms you want, you must append a 0.
4834
Note that the priority is set on the client. The server does not
4835
use the algorithm's priority except for disabling algorithms that
3287
4838
<div class="variablelist"><table border="0">
3288
4839
<col align="left" valign="top">
3291
4842
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
4843
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3296
4847
<td><p><span class="term"><em class="parameter"><code>list</code></em> :</span></p></td>
4848
<td>is a 0 terminated list of gnutls_kx_algorithm_t elements.
3301
4852
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4853
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
3311
4862
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_protocol_set_priority (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
3312
4863
<em class="parameter"><code>const <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> *list</code></em>);</pre>
4865
Sets the priority on the protocol versions supported by gnutls.
4866
This function actually enables or disables protocols. Newer protocol
4867
versions always have highest priority.
3315
4869
<div class="variablelist"><table border="0">
3316
4870
<col align="left" valign="top">
3319
4873
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
4874
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3324
4878
<td><p><span class="term"><em class="parameter"><code>list</code></em> :</span></p></td>
4879
<td>is a 0 terminated list of gnutls_protocol_t elements.
3329
4883
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4884
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
3340
4894
(<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
3341
4895
<em class="parameter"><code>const <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> *list</code></em>);</pre>
4897
Sets the priority on the certificate types supported by gnutls.
4898
Priority is higher for elements specified before others.
4899
After specifying the types you want, you must append a 0.
4900
Note that the certificate type priority is set on the client.
4901
The server does not use the cert type priority except for disabling
4902
types that were not specified.
3344
4904
<div class="variablelist"><table border="0">
3345
4905
<col align="left" valign="top">
3348
4908
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
4909
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3353
4913
<td><p><span class="term"><em class="parameter"><code>list</code></em> :</span></p></td>
4914
<td>is a 0 terminated list of gnutls_certificate_type_t elements.
3358
4918
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
4919
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
3369
4929
<em class="parameter"><code>const <span class="type">char</span> *priorities</code></em>,
3370
4930
<em class="parameter"><code>const <span class="type">char</span> **err_pos</code></em>);</pre>
4932
Sets priorities for the ciphers, key exchange methods, MACs and
4933
compression methods. This provides a more flexible interface
4934
compared to the gnutls_*_priority functions.
4937
The <em class="parameter"><code>priorities</code></em> parameter allows you to specify a colon separated
4938
list of the cipher priorities to enable.
4941
Unless the first keyword is "NONE" the defaults (in preference
4942
order) are for TLS protocols TLS1.1, TLS1.0, SSL3.0; for
4943
compression NULL; for certificate types X.509, OpenPGP.
4946
For key exchange algorithms when in NORMAL or SECURE levels the
4947
perfect forward secrecy algorithms take precedence of the other
4948
protocols. In all cases all the supported key exchange algorithms
4949
are enabled (except for the RSA-EXPORT which is only enabled in
4953
Note that although one can select very long key sizes (such as 256
4954
bits) for symmetric algorithms, to actually increase security the
4955
public key algorithms have to use longer key sizes as well.
4958
For all the current available algorithms and protocols use
4959
"gnutls-cli -l" to get a listing.
4962
Common keywords: Some keywords are defined to provide quick access
4963
to common preferences.
4966
"PERFORMANCE" means all the "secure" ciphersuites are enabled,
4967
limited to 128 bit ciphers and sorted by terms of speed
4971
"NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are
4972
included as a fallback only. The ciphers are sorted by security
4976
"SECURE128" means all "secure" ciphersuites with ciphers up to 128
4977
bits, sorted by security margin.
4980
"SECURE256" means all "secure" ciphersuites including the 256 bit
4981
ciphers, sorted by security margin.
4984
"EXPORT" means all ciphersuites are enabled, including the
4985
low-security 40 bit ciphers.
4988
"NONE" means nothing is enabled. This disables even protocols and
4989
compression methods.
4993
"!" or "-" appended with an algorithm will remove this algorithm.
4996
"+" appended with an algorithm will add this algorithm.
4999
"<code class="literal">COMPAT</code>" will enable compatibility features for a server.
5002
"<code class="literal">DISABLE_SAFE_RENEGOTIATION</code>" will disable safe renegotiation
5003
completely. Do not use unless you know what you are doing.
5004
Testing purposes only.
5007
"<code class="literal">UNSAFE_RENEGOTIATION</code>" will allow handshakes and rehandshakes
5008
without the safe renegotiation extension. Note that for clients
5009
this mode is insecure (you may be under attack), and for servers it
5010
will allow insecure clients to connect (which could be fooled by an
5011
attacker). Do not use unless you know what you are doing and want
5012
maximum compatibility.
5015
"<code class="literal">PARTIAL_RENEGOTIATION</code>" will allow initial handshakes to proceed,
5016
but not rehandshakes. This leaves the client vulnerable to attack,
5017
and servers will be compatible with non-upgraded clients for
5018
initial handshakes. This is currently the default for clients and
5019
servers, for compatibility reasons.
5022
"<code class="literal">SAFE_RENEGOTIATION</code>" will enforce safe renegotiation. Clients and
5023
servers will refuse to talk to an insecure peer. Currently this
5024
causes operability problems, but is required for full protection.
5027
"<code class="literal">SSL3_RECORD_VERSION</code>" will use SSL3.0 record version in client
5031
"<code class="literal">VERIFY_ALLOW_SIGN_RSA_MD5</code>" will allow RSA-MD5 signatures in
5035
"<code class="literal">VERIFY_ALLOW_X509_V1_CA_CRT</code>" will allow V1 CAs in chains.
5039
To avoid collisions in order to specify a compression algorithm in
5040
this string you have to prefix it with "COMP-", protocol versions
5041
with "VERS-", signature algorithms with "SIGN-" and certificate
5042
types with "CTYPE-". Other algorithms don't need a prefix.
5046
"NORMAL:!AES-128-CBC" means normal ciphers except for AES-128.
5049
"EXPORT:!VERS-TLS1.0:+COMP-DEFLATE" means that export ciphers are
5050
enabled, TLS 1.0 is disabled, and libz compression enabled.
5053
"NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL", "NORMAL",
5054
"<code class="literal">COMPAT</code>".
3373
5056
<div class="variablelist"><table border="0">
3374
5057
<col align="left" valign="top">
3377
5060
<td><p><span class="term"><em class="parameter"><code>priority_cache</code></em> :</span></p></td>
5061
<td>is a <span class="type">gnutls_prioritity_t</span> structure.
3382
5065
<td><p><span class="term"><em class="parameter"><code>priorities</code></em> :</span></p></td>
5066
<td>is a string describing priorities
3387
5070
<td><p><span class="term"><em class="parameter"><code>err_pos</code></em> :</span></p></td>
5071
<td>In case of an error this will have the position in the string the error occured
3392
5075
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
5076
<td> On syntax error <a class="link" href="gnutls-gnutls.html#GNUTLS-E-INVALID-REQUEST:CAPS" title="GNUTLS_E_INVALID_REQUEST"><code class="literal">GNUTLS_E_INVALID_REQUEST</code></a> is returned,
5077
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
3417
5102
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_priority_set (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
3418
5103
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-priority-t" title="gnutls_priority_t"><span class="type">gnutls_priority_t</span></a> priority</code></em>);</pre>
5105
Sets the priorities to use on the ciphers, key exchange methods,
5106
macs and compression methods.
3421
5108
<div class="variablelist"><table border="0">
3422
5109
<col align="left" valign="top">
3425
5112
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
5113
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3430
5117
<td><p><span class="term"><em class="parameter"><code>priority</code></em> :</span></p></td>
5118
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-priority-t" title="gnutls_priority_t"><span class="type">gnutls_priority_t</span></a> structure.
3435
5122
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
5123
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
3446
5133
<em class="parameter"><code>const <span class="type">char</span> *priorities</code></em>,
3447
5134
<em class="parameter"><code>const <span class="type">char</span> **err_pos</code></em>);</pre>
5136
Sets the priorities to use on the ciphers, key exchange methods,
5137
macs and compression methods. This function avoids keeping a
5138
priority cache and is used to directly set string priorities to a
5139
TLS session. For documentation check the <a class="link" href="gnutls-gnutls.html#gnutls-priority-init" title="gnutls_priority_init ()"><code class="function">gnutls_priority_init()</code></a>.
3450
5141
<div class="variablelist"><table border="0">
3451
5142
<col align="left" valign="top">
3454
5145
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
5146
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3459
5150
<td><p><span class="term"><em class="parameter"><code>priorities</code></em> :</span></p></td>
5151
<td>is a string describing priorities
3464
5155
<td><p><span class="term"><em class="parameter"><code>err_pos</code></em> :</span></p></td>
5156
<td>In case of an error this will have the position in the string the error occured
3469
5160
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
5161
<td> On syntax error <a class="link" href="gnutls-gnutls.html#GNUTLS-E-INVALID-REQUEST:CAPS" title="GNUTLS_E_INVALID_REQUEST"><code class="literal">GNUTLS_E_INVALID_REQUEST</code></a> is returned,
5162
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
3478
5170
<a name="gnutls-set-default-priority"></a><h3>gnutls_set_default_priority ()</h3>
3479
5171
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_set_default_priority (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
5173
Sets some default priority on the ciphers, key exchange methods,
5174
macs and compression methods.
5177
This is the same as calling:
5180
gnutls_priority_set_direct (session, "NORMAL", NULL);
5183
This function is kept around for backwards compatibility, but
5184
because of its wide use it is still fully supported. If you wish
5185
to allow users to provide a string that specify which ciphers to
5186
use (which is recommended), you should use
5187
<a class="link" href="gnutls-gnutls.html#gnutls-priority-set-direct" title="gnutls_priority_set_direct ()"><code class="function">gnutls_priority_set_direct()</code></a> or <a class="link" href="gnutls-gnutls.html#gnutls-priority-set" title="gnutls_priority_set ()"><code class="function">gnutls_priority_set()</code></a> instead.
3482
5189
<div class="variablelist"><table border="0">
3483
5190
<col align="left" valign="top">
3486
5193
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
5194
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3491
5198
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
5199
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
3500
5207
<a name="gnutls-set-default-export-priority"></a><h3>gnutls_set_default_export_priority ()</h3>
3501
5208
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_set_default_export_priority (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
5210
Sets some default priority on the ciphers, key exchange methods, macs
5211
and compression methods. This function also includes weak algorithms.
5214
This is the same as calling:
5217
gnutls_priority_set_direct (session, "EXPORT", NULL);
5220
This function is kept around for backwards compatibility, but
5221
because of its wide use it is still fully supported. If you wish
5222
to allow users to provide a string that specify which ciphers to
5223
use (which is recommended), you should use
5224
<a class="link" href="gnutls-gnutls.html#gnutls-priority-set-direct" title="gnutls_priority_set_direct ()"><code class="function">gnutls_priority_set_direct()</code></a> or <a class="link" href="gnutls-gnutls.html#gnutls-priority-set" title="gnutls_priority_set ()"><code class="function">gnutls_priority_set()</code></a> instead.
3504
5226
<div class="variablelist"><table border="0">
3505
5227
<col align="left" valign="top">
3508
5230
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
5231
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3513
5235
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
5236
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
3524
5246
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-cipher-algorithm-t" title="enum gnutls_cipher_algorithm_t"><span class="type">gnutls_cipher_algorithm_t</span></a> cipher_algorithm</code></em>,
3525
5247
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-mac-algorithm-t" title="enum gnutls_mac_algorithm_t"><span class="type">gnutls_mac_algorithm_t</span></a> mac_algorithm</code></em>);</pre>
5249
Note that the full cipher suite name must be prepended by TLS or
5250
SSL depending of the protocol in use.
3528
5252
<div class="variablelist"><table border="0">
3529
5253
<col align="left" valign="top">
3532
5256
<td><p><span class="term"><em class="parameter"><code>kx_algorithm</code></em> :</span></p></td>
5257
<td>is a Key exchange algorithm
3537
5261
<td><p><span class="term"><em class="parameter"><code>cipher_algorithm</code></em> :</span></p></td>
5262
<td>is a cipher algorithm
3542
5266
<td><p><span class="term"><em class="parameter"><code>mac_algorithm</code></em> :</span></p></td>
5267
<td>is a MAC algorithm
3547
5271
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
5272
<td> a string that contains the name of a TLS cipher suite,
5273
specified by the given algorithms, or <code class="literal">NULL</code>.
3602
5330
<em class="parameter"><code>const <span class="type">void</span> *session_data</code></em>,
3603
5331
<em class="parameter"><code><span class="type">size_t</span> session_data_size</code></em>);</pre>
5333
Sets all session parameters, in order to resume a previously
5334
established session. The session data given must be the one
5335
returned by <a class="link" href="gnutls-gnutls.html#gnutls-session-get-data" title="gnutls_session_get_data ()"><code class="function">gnutls_session_get_data()</code></a>. This function should be
5336
called before <a class="link" href="gnutls-gnutls.html#gnutls-handshake" title="gnutls_handshake ()"><code class="function">gnutls_handshake()</code></a>.
5339
Keep in mind that session resuming is advisory. The server may
5340
choose not to resume the session, thus a full handshake will be
3606
5343
<div class="variablelist"><table border="0">
3607
5344
<col align="left" valign="top">
3610
5347
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
5348
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3615
5352
<td><p><span class="term"><em class="parameter"><code>session_data</code></em> :</span></p></td>
5353
<td>is a pointer to space to hold the session.
3620
5357
<td><p><span class="term"><em class="parameter"><code>session_data_size</code></em> :</span></p></td>
5358
<td>is the session's size
3625
5362
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
5363
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, otherwise
5364
an error code is returned.
3636
5374
<em class="parameter"><code><span class="type">void</span> *session_data</code></em>,
3637
5375
<em class="parameter"><code><span class="type">size_t</span> *session_data_size</code></em>);</pre>
5377
Returns all session parameters, in order to support resuming. The
5378
client should call this, and keep the returned session, if he
5379
wants to resume that current version later by calling
5380
<a class="link" href="gnutls-gnutls.html#gnutls-session-set-data" title="gnutls_session_set_data ()"><code class="function">gnutls_session_set_data()</code></a> This function must be called after a
5381
successful handshake.
5384
Resuming sessions is really useful and speedups connections after
3640
5387
<div class="variablelist"><table border="0">
3641
5388
<col align="left" valign="top">
3644
5391
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
5392
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3649
5396
<td><p><span class="term"><em class="parameter"><code>session_data</code></em> :</span></p></td>
5397
<td>is a pointer to space to hold the session.
3654
5401
<td><p><span class="term"><em class="parameter"><code>session_data_size</code></em> :</span></p></td>
5402
<td>is the session_data's size, or it will be set by the function.
3659
5406
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
5407
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, otherwise
5408
an error code is returned.
3669
5417
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_session_get_data2 (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
3670
5418
<em class="parameter"><code><span class="type">gnutls_datum_t</span> *data</code></em>);</pre>
5420
Returns all session parameters, in order to support resuming. The
5421
client should call this, and keep the returned session, if he wants
5422
to resume that current version later by calling
5423
<a class="link" href="gnutls-gnutls.html#gnutls-session-set-data" title="gnutls_session_set_data ()"><code class="function">gnutls_session_set_data()</code></a>. This function must be called after a
5424
successful handshake. The returned datum must be freed with
5425
<a class="link" href="gnutls-gnutls.html#gnutls-free" title="gnutls_free"><code class="function">gnutls_free()</code></a>.
5428
Resuming sessions is really useful and speedups connections after
3673
5431
<div class="variablelist"><table border="0">
3674
5432
<col align="left" valign="top">
3677
5435
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
5436
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3682
5440
<td><p><span class="term"><em class="parameter"><code>data</code></em> :</span></p></td>
5441
<td>is a pointer to a datum that will hold the session.
3687
5445
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
5446
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, otherwise
5447
an error code is returned.
3706
5465
<em class="parameter"><code><span class="type">void</span> *session_id</code></em>,
3707
5466
<em class="parameter"><code><span class="type">size_t</span> *session_id_size</code></em>);</pre>
5468
Returns the current session id. This can be used if you want to
5469
check if the next session you tried to resume was actually
5470
resumed. This is because resumed sessions have the same sessionID
5471
with the original session.
5474
Session id is some data set by the server, that identify the
5475
current session. In TLS 1.0 and SSL 3.0 session id is always less
3710
5478
<div class="variablelist"><table border="0">
3711
5479
<col align="left" valign="top">
3714
5482
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
5483
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3719
5487
<td><p><span class="term"><em class="parameter"><code>session_id</code></em> :</span></p></td>
5488
<td>is a pointer to space to hold the session id.
3724
5492
<td><p><span class="term"><em class="parameter"><code>session_id_size</code></em> :</span></p></td>
5493
<td>is the session id's size, or it will be set by the function.
3729
5497
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
5498
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, otherwise
5499
an error code is returned.
3798
5581
<a name="gnutls-session-get-master-secret"></a><h3>gnutls_session_get_master_secret ()</h3>
3799
5582
<pre class="programlisting">const <span class="returnvalue">void</span> * gnutls_session_get_master_secret (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
5584
Return a pointer to the 48-byte master secret in the session. The
5585
pointer must not be modified or deallocated.
5588
If a master secret value has not yet been established, the output
5589
will be garbage; in particular, a <code class="literal">NULL</code> return value should not be
5593
Consider using <a class="link" href="gnutls-gnutls.html#gnutls-prf" title="gnutls_prf ()"><code class="function">gnutls_prf()</code></a> rather than extracting the master
5594
secret and use it to derive further data.
3802
5596
<div class="variablelist"><table border="0">
3803
5597
<col align="left" valign="top">
3806
5600
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
5601
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
3811
5605
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
5606
<td> pointer to master secret data.
4045
5852
<pre class="programlisting"><span class="returnvalue">void</span> gnutls_db_set_retrieve_function (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
4046
5853
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-db-retr-func" title="gnutls_db_retr_func ()"><span class="type">gnutls_db_retr_func</span></a> retr_func</code></em>);</pre>
5855
Sets the function that will be used to retrieve data from the
5856
resumed sessions database. This function must return a
5857
gnutls_datum_t containing the data on success, or a gnutls_datum_t
5858
containing null and 0 on failure.
5861
The datum's data must be allocated using the function
5862
<a class="link" href="gnutls-gnutls.html#gnutls-malloc" title="gnutls_malloc"><code class="function">gnutls_malloc()</code></a>.
5865
The first argument to <em class="parameter"><code>retr_func</code></em> will be null unless
5866
<a class="link" href="gnutls-gnutls.html#gnutls-db-set-ptr" title="gnutls_db_set_ptr ()"><code class="function">gnutls_db_set_ptr()</code></a> has been called.
4049
5868
<div class="variablelist"><table border="0">
4050
5869
<col align="left" valign="top">
4053
5872
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
5873
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
4058
5877
<td><p><span class="term"><em class="parameter"><code>retr_func</code></em> :</span></p></td>
5878
<td>is the function.
4211
6050
(<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
4212
6051
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-handshake-post-client-hello-func" title="gnutls_handshake_post_client_hello_func ()"><span class="type">gnutls_handshake_post_client_hello_func</span></a> func</code></em>);</pre>
6053
This function will set a callback to be called after the client
6054
hello has been received (callback valid in server side only). This
6055
allows the server to adjust settings based on received extensions.
6058
Those settings could be ciphersuites, requesting certificate, or
6059
anything else except for version negotiation (this is done before
6060
the hello message is parsed).
6063
This callback must return 0 on success or a gnutls error code to
6064
terminate the handshake.
6067
Warning: You should not use this function to terminate the
6068
handshake based on client input unless you know what you are
6069
doing. Before the handshake is finished there is no way to know if
6070
there is a man-in-the-middle attack being performed.
4215
6072
<div class="variablelist"><table border="0">
4216
6073
<col align="left" valign="top">
4219
6076
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
6077
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
4224
6081
<td><p><span class="term"><em class="parameter"><code>func</code></em> :</span></p></td>
6082
<td>is the function to be called
4235
6092
(<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
4236
6093
<em class="parameter"><code><span class="type">size_t</span> max</code></em>);</pre>
6095
This function will set the maximum size of all handshake messages.
6096
Handshakes over this size are rejected with
6097
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-HANDSHAKE-TOO-LARGE:CAPS" title="GNUTLS_E_HANDSHAKE_TOO_LARGE"><code class="literal">GNUTLS_E_HANDSHAKE_TOO_LARGE</code></a> error code. The default value is
6098
48kb which is typically large enough. Set this to 0 if you do not
6099
want to set an upper limit.
6102
The reason for restricting the handshake message sizes are to
6103
limit Denial of Service attacks.
4239
6105
<div class="variablelist"><table border="0">
4240
6106
<col align="left" valign="top">
4243
6109
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
6110
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
4248
6114
<td><p><span class="term"><em class="parameter"><code>max</code></em> :</span></p></td>
6115
<td>is the maximum number.
4257
6123
<a name="gnutls-check-version"></a><h3>gnutls_check_version ()</h3>
4258
6124
<pre class="programlisting">const <span class="returnvalue">char</span> * gnutls_check_version (<em class="parameter"><code>const <span class="type">char</span> *req_version</code></em>);</pre>
6126
Check GnuTLS Library version.
6129
See <a class="link" href="gnutls-gnutls.html#GNUTLS-VERSION:CAPS" title="GNUTLS_VERSION"><code class="literal">GNUTLS_VERSION</code></a> for a suitable <em class="parameter"><code>req_version</code></em> string.
4261
6131
<div class="variablelist"><table border="0">
4262
6132
<col align="left" valign="top">
4265
6135
<td><p><span class="term"><em class="parameter"><code>req_version</code></em> :</span></p></td>
6136
<td>version string to compare with, or <code class="literal">NULL</code>.
4270
6140
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
6141
<td> Check that the version of the library is at
6142
minimum the one given as a string in <em class="parameter"><code>req_version</code></em> and return the
6143
actual version string of the library; return <code class="literal">NULL</code> if the
6144
condition is not met. If <code class="literal">NULL</code> is passed to this function no
6145
check is done and only the version string is returned.
4296
6171
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-credentials-type-t" title="enum gnutls_credentials_type_t"><span class="type">gnutls_credentials_type_t</span></a> type</code></em>,
4297
6172
<em class="parameter"><code><span class="type">void</span> *cred</code></em>);</pre>
6174
Sets the needed credentials for the specified type. Eg username,
6175
password - or public and private keys etc. The <em class="parameter"><code>cred</code></em> parameter is
6176
a structure that depends on the specified type and on the current
6177
session (client or server).
6180
In order to minimize memory usage, and share credentials between
6181
several threads gnutls keeps a pointer to cred, and not the whole
6182
cred structure. Thus you will have to keep the structure allocated
6183
until you call <a class="link" href="gnutls-gnutls.html#gnutls-deinit" title="gnutls_deinit ()"><code class="function">gnutls_deinit()</code></a>.
6186
For <a class="link" href="gnutls-gnutls.html#GNUTLS-CRD-ANON:CAPS"><code class="literal">GNUTLS_CRD_ANON</code></a>, <em class="parameter"><code>cred</code></em> should be
6187
<span class="type">gnutls_anon_client_credentials_t</span> in case of a client. In case of
6188
a server it should be <span class="type">gnutls_anon_server_credentials_t</span>.
6191
For <a class="link" href="gnutls-gnutls.html#GNUTLS-CRD-SRP:CAPS"><code class="literal">GNUTLS_CRD_SRP</code></a>, <em class="parameter"><code>cred</code></em> should be <span class="type">gnutls_srp_client_credentials_t</span>
6192
in case of a client, and <span class="type">gnutls_srp_server_credentials_t</span>, in case
6196
For <a class="link" href="gnutls-gnutls.html#GNUTLS-CRD-CERTIFICATE:CAPS"><code class="literal">GNUTLS_CRD_CERTIFICATE</code></a>, <em class="parameter"><code>cred</code></em> should be
6197
<span class="type">gnutls_certificate_credentials_t</span>.
4300
6199
<div class="variablelist"><table border="0">
4301
6200
<col align="left" valign="top">
4304
6203
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
6204
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
4309
6208
<td><p><span class="term"><em class="parameter"><code>type</code></em> :</span></p></td>
6209
<td>is the type of the credentials
4314
6213
<td><p><span class="term"><em class="parameter"><code>cred</code></em> :</span></p></td>
6214
<td>is a pointer to a structure.
4319
6218
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
6219
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (zero) is returned,
6220
otherwise an error code is returned.
4565
6504
<pre class="programlisting"><span class="returnvalue">void</span> gnutls_certificate_set_dh_params (<em class="parameter"><code><span class="type">gnutls_certificate_credentials_t</span> res</code></em>,
4566
6505
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-dh-params-t" title="gnutls_dh_params_t"><span class="type">gnutls_dh_params_t</span></a> dh_params</code></em>);</pre>
6507
This function will set the Diffie-Hellman parameters for a
6508
certificate server to use. These parameters will be used in
6509
Ephemeral Diffie-Hellman cipher suites. Note that only a pointer
6510
to the parameters are stored in the certificate handle, so if you
6511
deallocate the parameters before the certificate is deallocated,
6512
you must change the parameters stored in the certificate first.
4569
6514
<div class="variablelist"><table border="0">
4570
6515
<col align="left" valign="top">
4573
6518
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
6519
<td>is a gnutls_certificate_credentials_t structure
4578
6523
<td><p><span class="term"><em class="parameter"><code>dh_params</code></em> :</span></p></td>
6524
<td>is a structure that holds Diffie-Hellman parameters.
4637
6588
<em class="parameter"><code>unsigned <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> max_bits</code></em>,
4638
6589
<em class="parameter"><code>unsigned <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> max_depth</code></em>);</pre>
6591
This function will set some upper limits for the default
6592
verification function, <a class="link" href="gnutls-gnutls.html#gnutls-certificate-verify-peers2" title="gnutls_certificate_verify_peers2 ()"><code class="function">gnutls_certificate_verify_peers2()</code></a>, to avoid
6593
denial of service attacks. You can set them to zero to disable
4641
6596
<div class="variablelist"><table border="0">
4642
6597
<col align="left" valign="top">
4645
6600
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
6601
<td>is a gnutls_certificate_credentials structure
4650
6605
<td><p><span class="term"><em class="parameter"><code>max_bits</code></em> :</span></p></td>
6606
<td>is the number of bits of an acceptable certificate (default 8200)
4655
6610
<td><p><span class="term"><em class="parameter"><code>max_depth</code></em> :</span></p></td>
6611
<td>is maximum depth of the verification of a certificate chain (default 5)
4667
6622
<em class="parameter"><code>const <span class="type">char</span> *cafile</code></em>,
4668
6623
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-x509-crt-fmt-t" title="enum gnutls_x509_crt_fmt_t"><span class="type">gnutls_x509_crt_fmt_t</span></a> type</code></em>);</pre>
6625
This function adds the trusted CAs in order to verify client or
6626
server certificates. In case of a client this is not required to
6627
be called if the certificates are not verified using
6628
<a class="link" href="gnutls-gnutls.html#gnutls-certificate-verify-peers2" title="gnutls_certificate_verify_peers2 ()"><code class="function">gnutls_certificate_verify_peers2()</code></a>. This function may be called
6632
In case of a server the names of the CAs set here will be sent to
6633
the client if a certificate request is sent. This can be disabled
6634
using <a class="link" href="gnutls-gnutls.html#gnutls-certificate-send-x509-rdn-sequence" title="gnutls_certificate_send_x509_rdn_sequence ()"><code class="function">gnutls_certificate_send_x509_rdn_sequence()</code></a>.
4671
6636
<div class="variablelist"><table border="0">
4672
6637
<col align="left" valign="top">
4675
6640
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
6641
<td>is a <span class="type">gnutls_certificate_credentials_t</span> structure.
4680
6645
<td><p><span class="term"><em class="parameter"><code>cafile</code></em> :</span></p></td>
6646
<td>is a file containing the list of trusted CAs (DER or PEM list)
4685
6650
<td><p><span class="term"><em class="parameter"><code>type</code></em> :</span></p></td>
4690
6655
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
6656
<td> number of certificates processed, or a negative value on
4702
6668
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *ca</code></em>,
4703
6669
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-x509-crt-fmt-t" title="enum gnutls_x509_crt_fmt_t"><span class="type">gnutls_x509_crt_fmt_t</span></a> type</code></em>);</pre>
6671
This function adds the trusted CAs in order to verify client or
6672
server certificates. In case of a client this is not required to be
6673
called if the certificates are not verified using
6674
<a class="link" href="gnutls-gnutls.html#gnutls-certificate-verify-peers2" title="gnutls_certificate_verify_peers2 ()"><code class="function">gnutls_certificate_verify_peers2()</code></a>. This function may be called
6678
In case of a server the CAs set here will be sent to the client if
6679
a certificate request is sent. This can be disabled using
6680
<a class="link" href="gnutls-gnutls.html#gnutls-certificate-send-x509-rdn-sequence" title="gnutls_certificate_send_x509_rdn_sequence ()"><code class="function">gnutls_certificate_send_x509_rdn_sequence()</code></a>.
4706
6682
<div class="variablelist"><table border="0">
4707
6683
<col align="left" valign="top">
4710
6686
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
6687
<td>is a <span class="type">gnutls_certificate_credentials_t</span> structure.
4715
6691
<td><p><span class="term"><em class="parameter"><code>ca</code></em> :</span></p></td>
6692
<td>is a list of trusted CAs or a DER certificate
4720
6696
<td><p><span class="term"><em class="parameter"><code>type</code></em> :</span></p></td>
4725
6701
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
6702
<td> the number of certificates processed or a negative value
4737
6714
<em class="parameter"><code>const <span class="type">char</span> *crlfile</code></em>,
4738
6715
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-x509-crt-fmt-t" title="enum gnutls_x509_crt_fmt_t"><span class="type">gnutls_x509_crt_fmt_t</span></a> type</code></em>);</pre>
6717
This function adds the trusted CRLs in order to verify client or server
6718
certificates. In case of a client this is not required
6719
to be called if the certificates are not verified using
6720
<a class="link" href="gnutls-gnutls.html#gnutls-certificate-verify-peers2" title="gnutls_certificate_verify_peers2 ()"><code class="function">gnutls_certificate_verify_peers2()</code></a>.
6721
This function may be called multiple times.
4741
6723
<div class="variablelist"><table border="0">
4742
6724
<col align="left" valign="top">
4745
6727
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
6728
<td>is a <span class="type">gnutls_certificate_credentials_t</span> structure.
4750
6732
<td><p><span class="term"><em class="parameter"><code>crlfile</code></em> :</span></p></td>
6733
<td>is a file containing the list of verified CRLs (DER or PEM list)
4755
6737
<td><p><span class="term"><em class="parameter"><code>type</code></em> :</span></p></td>
4760
6742
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
6743
<td> number of CRLs processed or a negative value on error.
4771
6753
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *CRL</code></em>,
4772
6754
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-x509-crt-fmt-t" title="enum gnutls_x509_crt_fmt_t"><span class="type">gnutls_x509_crt_fmt_t</span></a> type</code></em>);</pre>
6756
This function adds the trusted CRLs in order to verify client or
6757
server certificates. In case of a client this is not required to
6758
be called if the certificates are not verified using
6759
<a class="link" href="gnutls-gnutls.html#gnutls-certificate-verify-peers2" title="gnutls_certificate_verify_peers2 ()"><code class="function">gnutls_certificate_verify_peers2()</code></a>. This function may be called
4775
6762
<div class="variablelist"><table border="0">
4776
6763
<col align="left" valign="top">
4779
6766
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
6767
<td>is a <span class="type">gnutls_certificate_credentials_t</span> structure.
4784
6771
<td><p><span class="term"><em class="parameter"><code>CRL</code></em> :</span></p></td>
6772
<td>is a list of trusted CRLs. They should have been verified before.
4789
6776
<td><p><span class="term"><em class="parameter"><code>type</code></em> :</span></p></td>
4794
6781
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
6782
<td> number of CRLs processed, or a negative value on error.
4807
6794
<em class="parameter"><code>const <span class="type">char</span> *keyfile</code></em>,
4808
6795
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-x509-crt-fmt-t" title="enum gnutls_x509_crt_fmt_t"><span class="type">gnutls_x509_crt_fmt_t</span></a> type</code></em>);</pre>
6797
This function sets a certificate/private key pair in the
6798
gnutls_certificate_credentials_t structure. This function may be
6799
called more than once (in case multiple keys/certificates exist for
6800
the server). For clients that wants to send more than its own end
6801
entity certificate (e.g., also an intermediate CA cert) then put
6802
the certificate chain in <em class="parameter"><code>certfile</code></em>.
6805
Currently only PKCS-1 encoded RSA and DSA private keys are accepted by
4811
6808
<div class="variablelist"><table border="0">
4812
6809
<col align="left" valign="top">
4815
6812
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
6813
<td>is a <span class="type">gnutls_certificate_credentials_t</span> structure.
4820
6817
<td><p><span class="term"><em class="parameter"><code>certfile</code></em> :</span></p></td>
6818
<td>is a file that containing the certificate list (path) for
6819
the specified private key, in PKCS7 format, or a list of certificates
4825
6823
<td><p><span class="term"><em class="parameter"><code>keyfile</code></em> :</span></p></td>
6824
<td>is a file that contains the private key
4830
6828
<td><p><span class="term"><em class="parameter"><code>type</code></em> :</span></p></td>
4835
6833
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
6834
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
4847
6845
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *key</code></em>,
4848
6846
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-x509-crt-fmt-t" title="enum gnutls_x509_crt_fmt_t"><span class="type">gnutls_x509_crt_fmt_t</span></a> type</code></em>);</pre>
6848
This function sets a certificate/private key pair in the
6849
gnutls_certificate_credentials_t structure. This function may be called
6850
more than once (in case multiple keys/certificates exist for the
6854
Currently are supported: RSA PKCS-1 encoded private keys,
6858
DSA private keys are encoded the OpenSSL way, which is an ASN.1
6859
DER sequence of 6 INTEGERs - version, p, q, g, pub, priv.
6862
Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates
6863
is supported. This means that certificates intended for signing cannot
6864
be used for ciphersuites that require encryption.
6867
If the certificate and the private key are given in PEM encoding
6868
then the strings that hold their values must be null terminated.
6871
The <em class="parameter"><code>key</code></em> may be <code class="literal">NULL</code> if you are using a sign callback, see
6872
<a class="link" href="gnutls-gnutls.html#gnutls-sign-callback-set" title="gnutls_sign_callback_set ()"><code class="function">gnutls_sign_callback_set()</code></a>.
4851
6874
<div class="variablelist"><table border="0">
4852
6875
<col align="left" valign="top">
4855
6878
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
6879
<td>is a <span class="type">gnutls_certificate_credentials_t</span> structure.
4860
6883
<td><p><span class="term"><em class="parameter"><code>cert</code></em> :</span></p></td>
6884
<td>contains a certificate list (path) for the specified private key
4865
6888
<td><p><span class="term"><em class="parameter"><code>key</code></em> :</span></p></td>
6889
<td>is the private key, or <code class="literal">NULL</code>
4870
6893
<td><p><span class="term"><em class="parameter"><code>type</code></em> :</span></p></td>
4875
6898
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
6899
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
4886
6909
(<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
4887
6910
<em class="parameter"><code><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> status</code></em>);</pre>
6912
If status is non zero, this function will order gnutls not to send
6913
the rdnSequence in the certificate request message. That is the
6914
server will not advertize it's trusted CAs to the peer. If status
6915
is zero then the default behaviour will take effect, which is to
6916
advertize the server's trusted CAs.
6919
This function has no effect in clients, and in authentication
6920
methods other than certificate with X.509 certificates.
4890
6922
<div class="variablelist"><table border="0">
4891
6923
<col align="left" valign="top">
4894
6926
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
6927
<td>is a pointer to a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
4899
6931
<td><p><span class="term"><em class="parameter"><code>status</code></em> :</span></p></td>
5098
7132
<em class="parameter"><code><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> cert_list_size</code></em>,
5099
7133
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-x509-privkey-t" title="gnutls_x509_privkey_t"><span class="type">gnutls_x509_privkey_t</span></a> key</code></em>);</pre>
7135
This function sets a certificate/private key pair in the
7136
gnutls_certificate_credentials_t structure. This function may be
7137
called more than once (in case multiple keys/certificates exist for
7138
the server). For clients that wants to send more than its own end
7139
entity certificate (e.g., also an intermediate CA cert) then put
7140
the certificate chain in <em class="parameter"><code>cert_list</code></em>.
5102
7142
<div class="variablelist"><table border="0">
5103
7143
<col align="left" valign="top">
5106
7146
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
7147
<td>is a <span class="type">gnutls_certificate_credentials_t</span> structure.
5111
7151
<td><p><span class="term"><em class="parameter"><code>cert_list</code></em> :</span></p></td>
7152
<td>contains a certificate list (path) for the specified private key
5116
7156
<td><p><span class="term"><em class="parameter"><code>cert_list_size</code></em> :</span></p></td>
7157
<td>holds the size of the certificate list
5121
7161
<td><p><span class="term"><em class="parameter"><code>key</code></em> :</span></p></td>
7162
<td>is a gnutls_x509_privkey_t key
5126
7166
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
7167
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
7173
<p class="since">Since 2.4.0</p>
5134
7176
<div class="refsect2" title="gnutls_certificate_set_x509_trust ()">
5137
7179
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-x509-crt-t" title="gnutls_x509_crt_t"><span class="type">gnutls_x509_crt_t</span></a> *ca_list</code></em>,
5138
7180
<em class="parameter"><code><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> ca_list_size</code></em>);</pre>
7182
This function adds the trusted CAs in order to verify client
7183
or server certificates. In case of a client this is not required
7184
to be called if the certificates are not verified using
7185
<a class="link" href="gnutls-gnutls.html#gnutls-certificate-verify-peers2" title="gnutls_certificate_verify_peers2 ()"><code class="function">gnutls_certificate_verify_peers2()</code></a>.
7186
This function may be called multiple times.
7189
In case of a server the CAs set here will be sent to the client if
7190
a certificate request is sent. This can be disabled using
7191
<a class="link" href="gnutls-gnutls.html#gnutls-certificate-send-x509-rdn-sequence" title="gnutls_certificate_send_x509_rdn_sequence ()"><code class="function">gnutls_certificate_send_x509_rdn_sequence()</code></a>.
5141
7193
<div class="variablelist"><table border="0">
5142
7194
<col align="left" valign="top">
5145
7197
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
7198
<td>is a <span class="type">gnutls_certificate_credentials_t</span> structure.
5150
7202
<td><p><span class="term"><em class="parameter"><code>ca_list</code></em> :</span></p></td>
7203
<td>is a list of trusted CAs
5155
7207
<td><p><span class="term"><em class="parameter"><code>ca_list_size</code></em> :</span></p></td>
7208
<td>holds the size of the CA list
5160
7212
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
7213
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
7219
<p class="since">Since 2.4.0</p>
5168
7222
<div class="refsect2" title="gnutls_certificate_set_x509_crl ()">
5171
7225
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-x509-crl-t" title="gnutls_x509_crl_t"><span class="type">gnutls_x509_crl_t</span></a> *crl_list</code></em>,
5172
7226
<em class="parameter"><code><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> crl_list_size</code></em>);</pre>
7228
This function adds the trusted CRLs in order to verify client or
7229
server certificates. In case of a client this is not required to
7230
be called if the certificates are not verified using
7231
<a class="link" href="gnutls-gnutls.html#gnutls-certificate-verify-peers2" title="gnutls_certificate_verify_peers2 ()"><code class="function">gnutls_certificate_verify_peers2()</code></a>. This function may be called
5175
7234
<div class="variablelist"><table border="0">
5176
7235
<col align="left" valign="top">
5179
7238
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
7239
<td>is a <span class="type">gnutls_certificate_credentials_t</span> structure.
5184
7243
<td><p><span class="term"><em class="parameter"><code>crl_list</code></em> :</span></p></td>
7244
<td>is a list of trusted CRLs. They should have been verified before.
5189
7248
<td><p><span class="term"><em class="parameter"><code>crl_list_size</code></em> :</span></p></td>
7249
<td>holds the size of the crl_list
5194
7253
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
7254
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
7260
<p class="since">Since 2.4.0</p>
5202
7263
<div class="refsect2" title="gnutls_certificate_get_x509_cas ()">
5263
7330
(<em class="parameter"><code><span class="type">gnutls_certificate_credentials_t</span> sc</code></em>,
5264
7331
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-openpgp-keyring-t" title="gnutls_openpgp_keyring_t"><span class="type">gnutls_openpgp_keyring_t</span></a> *keyring</code></em>);</pre>
7333
This function will export the OpenPGP keyring associated with the
5267
7336
<div class="variablelist"><table border="0">
5268
7337
<col align="left" valign="top">
5271
7340
<td><p><span class="term"><em class="parameter"><code>sc</code></em> :</span></p></td>
7341
<td>is a <span class="type">gnutls_certificate_credentials_t</span> structure.
5276
7345
<td><p><span class="term"><em class="parameter"><code>keyring</code></em> :</span></p></td>
7346
<td>the exported keyring. Should be treated as constant
7351
<p class="since">Since 2.4.0</p>
5284
7354
<div class="refsect2" title="gnutls_global_init ()">
5285
7355
<a name="gnutls-global-init"></a><h3>gnutls_global_init ()</h3>
5286
7356
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_global_init (<em class="parameter"><code><span class="type">void</span></code></em>);</pre>
7358
This function initializes the global data to defaults. Every
7359
gnutls application has a global data which holds common parameters
7360
shared by gnutls session structures. You should call
7361
<a class="link" href="gnutls-gnutls.html#gnutls-global-deinit" title="gnutls_global_deinit ()"><code class="function">gnutls_global_deinit()</code></a> when gnutls usage is no longer needed
7364
Note that this function will also initialize libgcrypt, if it has
7365
not been initialized before. Thus if you want to manually
7366
initialize libgcrypt you must do it before calling this function.
7367
This is useful in cases you want to disable libgcrypt's internal
7371
This function increment a global counter, so that
7372
<a class="link" href="gnutls-gnutls.html#gnutls-global-deinit" title="gnutls_global_deinit ()"><code class="function">gnutls_global_deinit()</code></a> only releases resources when it has been
7373
called as many times as <a class="link" href="gnutls-gnutls.html#gnutls-global-init" title="gnutls_global_init ()"><code class="function">gnutls_global_init()</code></a>. This is useful when
7374
GnuTLS is used by more than one library in an application. This
7375
function can be called many times, but will only do something the
7379
Note! This function is not thread safe. If two threads call this
7380
function simultaneously, they can cause a race between checking
7381
the global counter and incrementing it, causing both threads to
7382
execute the library initialization code. That would lead to a
7383
memory leak. To handle this, your application could invoke this
7384
function after aquiring a thread mutex. To ignore the potential
7385
memory leak is also an option.
5289
7387
<div class="variablelist"><table border="0">
5290
7388
<col align="left" valign="top">
5292
7390
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
7391
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (zero) is returned,
7392
otherwise an error code is returned.
5426
7531
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-realloc-function" title="gnutls_realloc_function ()"><span class="type">gnutls_realloc_function</span></a> realloc_func</code></em>,
5427
7532
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-free-function" title="gnutls_free_function ()"><span class="type">gnutls_free_function</span></a> free_func</code></em>);</pre>
7534
This is the function were you set the memory allocation functions
7535
gnutls is going to use. By default the libc's allocation functions
7536
(<code class="function">malloc()</code>, <code class="function">free()</code>), are used by gnutls, to allocate both sensitive
7537
and not sensitive data. This function is provided to set the
7538
memory allocation functions to something other than the defaults
7539
(ie the gcrypt allocation functions).
7542
This function must be called before <a class="link" href="gnutls-gnutls.html#gnutls-global-init" title="gnutls_global_init ()"><code class="function">gnutls_global_init()</code></a> is called.
7543
This function is not thread safe.
5430
7545
<div class="variablelist"><table border="0">
5431
7546
<col align="left" valign="top">
5434
7549
<td><p><span class="term"><em class="parameter"><code>alloc_func</code></em> :</span></p></td>
7550
<td>it's the default memory allocation function. Like <code class="function">malloc()</code>.
5439
7554
<td><p><span class="term"><em class="parameter"><code>secure_alloc_func</code></em> :</span></p></td>
7555
<td>This is the memory allocation function that will be used for sensitive data.
5444
7559
<td><p><span class="term"><em class="parameter"><code>is_secure_func</code></em> :</span></p></td>
7560
<td>a function that returns 0 if the memory given is not secure. May be NULL.
5449
7564
<td><p><span class="term"><em class="parameter"><code>realloc_func</code></em> :</span></p></td>
7565
<td>A realloc function
5454
7569
<td><p><span class="term"><em class="parameter"><code>free_func</code></em> :</span></p></td>
7570
<td>The function that frees allocated data. Must accept a NULL pointer.
5617
7762
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *prime</code></em>,
5618
7763
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *generator</code></em>);</pre>
7765
This function will replace the pair of prime and generator for use
7766
in the Diffie-Hellman key exchange. The new parameters should be
7767
stored in the appropriate gnutls_datum.
5621
7769
<div class="variablelist"><table border="0">
5622
7770
<col align="left" valign="top">
5625
7773
<td><p><span class="term"><em class="parameter"><code>dh_params</code></em> :</span></p></td>
7774
<td>Is a structure that will hold the prime numbers
5630
7778
<td><p><span class="term"><em class="parameter"><code>prime</code></em> :</span></p></td>
7779
<td>holds the new prime
5635
7783
<td><p><span class="term"><em class="parameter"><code>generator</code></em> :</span></p></td>
7784
<td>holds the new generator
5640
7788
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
7789
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (zero) is returned,
7790
otherwise an error code is returned.
5651
7800
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *pkcs3_params</code></em>,
5652
7801
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-x509-crt-fmt-t" title="enum gnutls_x509_crt_fmt_t"><span class="type">gnutls_x509_crt_fmt_t</span></a> format</code></em>);</pre>
7803
This function will extract the DHParams found in a PKCS3 formatted
7804
structure. This is the format generated by "openssl dhparam" tool.
7807
If the structure is PEM encoded, it should have a header
7808
of "BEGIN DH PARAMETERS".
5655
7810
<div class="variablelist"><table border="0">
5656
7811
<col align="left" valign="top">
5659
7814
<td><p><span class="term"><em class="parameter"><code>params</code></em> :</span></p></td>
7815
<td>A structure where the parameters will be copied to
5664
7819
<td><p><span class="term"><em class="parameter"><code>pkcs3_params</code></em> :</span></p></td>
7820
<td>should contain a PKCS3 DHParams structure PEM or DER encoded
5669
7824
<td><p><span class="term"><em class="parameter"><code>format</code></em> :</span></p></td>
7825
<td>the format of params. PEM or DER.
5674
7829
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
7830
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (zero) is returned,
7831
otherwise an error code is returned.
5684
7840
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_dh_params_generate2 (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-dh-params-t" title="gnutls_dh_params_t"><span class="type">gnutls_dh_params_t</span></a> params</code></em>,
5685
7841
<em class="parameter"><code>unsigned <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> bits</code></em>);</pre>
7843
This function will generate a new pair of prime and generator for use in
7844
the Diffie-Hellman key exchange. The new parameters will be allocated using
7845
<a class="link" href="gnutls-gnutls.html#gnutls-malloc" title="gnutls_malloc"><code class="function">gnutls_malloc()</code></a> and will be stored in the appropriate datum.
7846
This function is normally slow.
7849
Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096.
7850
Also note that the DH parameters are only useful to servers.
7851
Since clients use the parameters sent by the server, it's of
7852
no use to call this in client side.
5688
7854
<div class="variablelist"><table border="0">
5689
7855
<col align="left" valign="top">
5692
7858
<td><p><span class="term"><em class="parameter"><code>params</code></em> :</span></p></td>
7859
<td>Is the structure that the DH parameters will be stored
5697
7863
<td><p><span class="term"><em class="parameter"><code>bits</code></em> :</span></p></td>
7864
<td>is the prime's number of bits
5702
7868
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
7869
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (zero) is returned,
7870
otherwise an error code is returned.
5714
7881
<em class="parameter"><code>unsigned <span class="type">char</span> *params_data</code></em>,
5715
7882
<em class="parameter"><code><span class="type">size_t</span> *params_data_size</code></em>);</pre>
7884
This function will export the given dh parameters to a PKCS3
7885
DHParams structure. This is the format generated by "openssl dhparam" tool.
7886
If the buffer provided is not long enough to hold the output, then
7887
GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
7890
If the structure is PEM encoded, it will have a header
7891
of "BEGIN DH PARAMETERS".
5718
7893
<div class="variablelist"><table border="0">
5719
7894
<col align="left" valign="top">
5722
7897
<td><p><span class="term"><em class="parameter"><code>params</code></em> :</span></p></td>
7898
<td>Holds the DH parameters
5727
7902
<td><p><span class="term"><em class="parameter"><code>format</code></em> :</span></p></td>
7903
<td>the format of output params. One of PEM or DER.
5732
7907
<td><p><span class="term"><em class="parameter"><code>params_data</code></em> :</span></p></td>
7908
<td>will contain a PKCS3 DHParams structure PEM or DER encoded
5737
7912
<td><p><span class="term"><em class="parameter"><code>params_data_size</code></em> :</span></p></td>
7913
<td>holds the size of params_data (and will be replaced by the actual size of parameters)
5742
7917
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
7918
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (zero) is returned,
7919
otherwise an error code is returned.
5754
7930
<em class="parameter"><code><span class="type">gnutls_datum_t</span> *generator</code></em>,
5755
7931
<em class="parameter"><code>unsigned <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> *bits</code></em>);</pre>
7933
This function will export the pair of prime and generator for use
7934
in the Diffie-Hellman key exchange. The new parameters will be
7935
allocated using <a class="link" href="gnutls-gnutls.html#gnutls-malloc" title="gnutls_malloc"><code class="function">gnutls_malloc()</code></a> and will be stored in the
5758
7938
<div class="variablelist"><table border="0">
5759
7939
<col align="left" valign="top">
5762
7942
<td><p><span class="term"><em class="parameter"><code>params</code></em> :</span></p></td>
7943
<td>Holds the DH parameters
5767
7947
<td><p><span class="term"><em class="parameter"><code>prime</code></em> :</span></p></td>
7948
<td>will hold the new prime
5772
7952
<td><p><span class="term"><em class="parameter"><code>generator</code></em> :</span></p></td>
7953
<td>will hold the new generator
5777
7957
<td><p><span class="term"><em class="parameter"><code>bits</code></em> :</span></p></td>
7958
<td>if non null will hold is the prime's number of bits
5782
7962
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
7963
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (zero) is returned,
7964
otherwise an error code is returned.
5792
7973
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_dh_params_cpy (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-dh-params-t" title="gnutls_dh_params_t"><span class="type">gnutls_dh_params_t</span></a> dst</code></em>,
5793
7974
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-dh-params-t" title="gnutls_dh_params_t"><span class="type">gnutls_dh_params_t</span></a> src</code></em>);</pre>
7976
This function will copy the DH parameters structure from source
5796
7979
<div class="variablelist"><table border="0">
5797
7980
<col align="left" valign="top">
5800
7983
<td><p><span class="term"><em class="parameter"><code>dst</code></em> :</span></p></td>
7984
<td>Is the destination structure, which should be initialized.
5805
7988
<td><p><span class="term"><em class="parameter"><code>src</code></em> :</span></p></td>
7989
<td>Is the source structure
5810
7993
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
7994
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (zero) is returned,
7995
otherwise an error code is returned.
5890
8078
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *q</code></em>,
5891
8079
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *u</code></em>);</pre>
8081
This function will replace the parameters in the given structure.
8082
The new parameters should be stored in the appropriate
5894
8085
<div class="variablelist"><table border="0">
5895
8086
<col align="left" valign="top">
5898
8089
<td><p><span class="term"><em class="parameter"><code>rsa_params</code></em> :</span></p></td>
8090
<td>Is a structure will hold the parameters
5903
8094
<td><p><span class="term"><em class="parameter"><code>m</code></em> :</span></p></td>
8095
<td>holds the modulus
5908
8099
<td><p><span class="term"><em class="parameter"><code>e</code></em> :</span></p></td>
8100
<td>holds the public exponent
5913
8104
<td><p><span class="term"><em class="parameter"><code>d</code></em> :</span></p></td>
8105
<td>holds the private exponent
5918
8109
<td><p><span class="term"><em class="parameter"><code>p</code></em> :</span></p></td>
8110
<td>holds the first prime (p)
5923
8114
<td><p><span class="term"><em class="parameter"><code>q</code></em> :</span></p></td>
8115
<td>holds the second prime (q)
5928
8119
<td><p><span class="term"><em class="parameter"><code>u</code></em> :</span></p></td>
8120
<td>holds the coefficient
5933
8124
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
8125
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an negative error code.
5943
8134
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_rsa_params_generate2 (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-rsa-params-t" title="gnutls_rsa_params_t"><span class="type">gnutls_rsa_params_t</span></a> params</code></em>,
5944
8135
<em class="parameter"><code>unsigned <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> bits</code></em>);</pre>
8137
This function will generate new temporary RSA parameters for use in
8138
RSA-EXPORT ciphersuites. This function is normally slow.
8141
Note that if the parameters are to be used in export cipher suites the
8142
bits value should be 512 or less.
8143
Also note that the generation of new RSA parameters is only useful
8144
to servers. Clients use the parameters sent by the server, thus it's
8145
no use calling this in client side.
5947
8147
<div class="variablelist"><table border="0">
5948
8148
<col align="left" valign="top">
5951
8151
<td><p><span class="term"><em class="parameter"><code>params</code></em> :</span></p></td>
8152
<td>The structure where the parameters will be stored
5956
8156
<td><p><span class="term"><em class="parameter"><code>bits</code></em> :</span></p></td>
8157
<td>is the prime's number of bits
5961
8161
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
8162
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an negative error code.
5977
8177
<em class="parameter"><code><span class="type">gnutls_datum_t</span> *u</code></em>,
5978
8178
<em class="parameter"><code>unsigned <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> *bits</code></em>);</pre>
8180
This function will export the RSA parameters found in the given
8181
structure. The new parameters will be allocated using
8182
<a class="link" href="gnutls-gnutls.html#gnutls-malloc" title="gnutls_malloc"><code class="function">gnutls_malloc()</code></a> and will be stored in the appropriate datum.
5981
8184
<div class="variablelist"><table border="0">
5982
8185
<col align="left" valign="top">
5985
8188
<td><p><span class="term"><em class="parameter"><code>params</code></em> :</span></p></td>
8189
<td>a structure that holds the rsa parameters
5990
8193
<td><p><span class="term"><em class="parameter"><code>m</code></em> :</span></p></td>
8194
<td>will hold the modulus
5995
8198
<td><p><span class="term"><em class="parameter"><code>e</code></em> :</span></p></td>
8199
<td>will hold the public exponent
6000
8203
<td><p><span class="term"><em class="parameter"><code>d</code></em> :</span></p></td>
8204
<td>will hold the private exponent
6005
8208
<td><p><span class="term"><em class="parameter"><code>p</code></em> :</span></p></td>
8209
<td>will hold the first prime (p)
6010
8213
<td><p><span class="term"><em class="parameter"><code>q</code></em> :</span></p></td>
8214
<td>will hold the second prime (q)
6015
8218
<td><p><span class="term"><em class="parameter"><code>u</code></em> :</span></p></td>
8219
<td>will hold the coefficient
6020
8223
<td><p><span class="term"><em class="parameter"><code>bits</code></em> :</span></p></td>
8224
<td>if non null will hold the prime's number of bits
6025
8228
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
8229
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an negative error code.
6037
8240
<em class="parameter"><code>unsigned <span class="type">char</span> *params_data</code></em>,
6038
8241
<em class="parameter"><code><span class="type">size_t</span> *params_data_size</code></em>);</pre>
8243
This function will export the given RSA parameters to a PKCS1
8244
RSAPublicKey structure. If the buffer provided is not long enough to
8245
hold the output, then GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
8248
If the structure is PEM encoded, it will have a header
8249
of "BEGIN RSA PRIVATE KEY".
6041
8251
<div class="variablelist"><table border="0">
6042
8252
<col align="left" valign="top">
6045
8255
<td><p><span class="term"><em class="parameter"><code>params</code></em> :</span></p></td>
8256
<td>Holds the RSA parameters
6050
8260
<td><p><span class="term"><em class="parameter"><code>format</code></em> :</span></p></td>
8261
<td>the format of output params. One of PEM or DER.
6055
8265
<td><p><span class="term"><em class="parameter"><code>params_data</code></em> :</span></p></td>
8266
<td>will contain a PKCS1 RSAPublicKey structure PEM or DER encoded
6060
8270
<td><p><span class="term"><em class="parameter"><code>params_data_size</code></em> :</span></p></td>
8271
<td>holds the size of params_data (and will be replaced by the actual size of parameters)
6065
8275
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
8276
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an negative error code.
6076
8286
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *pkcs1_params</code></em>,
6077
8287
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-x509-crt-fmt-t" title="enum gnutls_x509_crt_fmt_t"><span class="type">gnutls_x509_crt_fmt_t</span></a> format</code></em>);</pre>
8289
This function will extract the RSAPublicKey found in a PKCS1 formatted
8293
If the structure is PEM encoded, it should have a header
8294
of "BEGIN RSA PRIVATE KEY".
6080
8296
<div class="variablelist"><table border="0">
6081
8297
<col align="left" valign="top">
6084
8300
<td><p><span class="term"><em class="parameter"><code>params</code></em> :</span></p></td>
8301
<td>A structure where the parameters will be copied to
6089
8305
<td><p><span class="term"><em class="parameter"><code>pkcs1_params</code></em> :</span></p></td>
8306
<td>should contain a PKCS1 RSAPublicKey structure PEM or DER encoded
6094
8310
<td><p><span class="term"><em class="parameter"><code>format</code></em> :</span></p></td>
8311
<td>the format of params. PEM or DER.
6099
8315
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
8316
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an negative error code.
6201
8420
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-transport-ptr-t" title="gnutls_transport_ptr_t"><span class="type">gnutls_transport_ptr_t</span></a> recv_ptr</code></em>,
6202
8421
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-transport-ptr-t" title="gnutls_transport_ptr_t"><span class="type">gnutls_transport_ptr_t</span></a> send_ptr</code></em>);</pre>
8423
Used to set the first argument of the transport function (like PUSH
8424
and PULL). In berkeley style sockets this function will set the
8425
connection handle. With this function you can use two different
8426
pointers for receiving and sending.
6205
8428
<div class="variablelist"><table border="0">
6206
8429
<col align="left" valign="top">
6209
8432
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
8433
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
6214
8437
<td><p><span class="term"><em class="parameter"><code>recv_ptr</code></em> :</span></p></td>
8438
<td>is the value for the pull function
6219
8442
<td><p><span class="term"><em class="parameter"><code>send_ptr</code></em> :</span></p></td>
8443
<td>is the value for the push function
6252
8478
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-transport-ptr-t" title="gnutls_transport_ptr_t"><span class="type">gnutls_transport_ptr_t</span></a> *recv_ptr</code></em>,
6253
8479
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-transport-ptr-t" title="gnutls_transport_ptr_t"><span class="type">gnutls_transport_ptr_t</span></a> *send_ptr</code></em>);</pre>
8481
Used to get the arguments of the transport functions (like PUSH
8482
and PULL). These should have been set using
8483
<a class="link" href="gnutls-gnutls.html#gnutls-transport-set-ptr2" title="gnutls_transport_set_ptr2 ()"><code class="function">gnutls_transport_set_ptr2()</code></a>.
6256
8485
<div class="variablelist"><table border="0">
6257
8486
<col align="left" valign="top">
6260
8489
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
8490
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
6265
8494
<td><p><span class="term"><em class="parameter"><code>recv_ptr</code></em> :</span></p></td>
8495
<td>will hold the value for the pull function
6270
8499
<td><p><span class="term"><em class="parameter"><code>send_ptr</code></em> :</span></p></td>
8500
<td>will hold the value for the push function
6280
8509
<pre class="programlisting"><span class="returnvalue">void</span> gnutls_transport_set_lowat (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
6281
8510
<em class="parameter"><code><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> num</code></em>);</pre>
8512
Used to set the lowat value in order for select to check if there
8513
are pending data to socket buffer. Used only if you have changed
8514
the default low water value (default is 1). Normally you will not
8515
need that function. This function is only useful if using
8516
berkeley style sockets. Otherwise it must be called and set lowat
6284
8519
<div class="variablelist"><table border="0">
6285
8520
<col align="left" valign="top">
6288
8523
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
8524
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
6293
8528
<td><p><span class="term"><em class="parameter"><code>num</code></em> :</span></p></td>
8529
<td>is the low water value.
6303
8538
<pre class="programlisting"><span class="returnvalue">void</span> gnutls_transport_set_push_function (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
6304
8539
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-push-func" title="gnutls_push_func ()"><span class="type">gnutls_push_func</span></a> push_func</code></em>);</pre>
8541
This is the function where you set a push function for gnutls to
8542
use in order to send data. If you are going to use berkeley style
8543
sockets, you do not need to use this function since the default
8544
(send(2)) will probably be ok. Otherwise you should specify this
8545
function for gnutls to be able to send data.
8548
PUSH_FUNC is of the form,
8549
ssize_t (*gnutls_push_func)(gnutls_transport_ptr_t, const void*, size_t);
6307
8551
<div class="variablelist"><table border="0">
6308
8552
<col align="left" valign="top">
6311
8555
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
6316
8560
<td><p><span class="term"><em class="parameter"><code>push_func</code></em> :</span></p></td>
8561
<td>a callback function similar to <code class="function">write()</code>
6326
8570
<pre class="programlisting"><span class="returnvalue">void</span> gnutls_transport_set_pull_function (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
6327
8571
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-pull-func" title="gnutls_pull_func ()"><span class="type">gnutls_pull_func</span></a> pull_func</code></em>);</pre>
8573
This is the function where you set a function for gnutls to receive
8574
data. Normally, if you use berkeley style sockets, do not need to
8575
use this function since the default (recv(2)) will probably be ok.
8578
PULL_FUNC is of the form,
8579
ssize_t (*gnutls_pull_func)(gnutls_transport_ptr_t, void*, size_t);
6330
8581
<div class="variablelist"><table border="0">
6331
8582
<col align="left" valign="top">
6334
8585
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
6339
8590
<td><p><span class="term"><em class="parameter"><code>pull_func</code></em> :</span></p></td>
8591
<td>a callback function similar to <code class="function">read()</code>
6488
8751
<em class="parameter"><code><span class="type">void</span> *result</code></em>,
6489
8752
<em class="parameter"><code><span class="type">size_t</span> *result_size</code></em>);</pre>
8754
This function will calculate a fingerprint (actually a hash), of
8755
the given data. The result is not printable data. You should
8756
convert it to hex, or to something else printable.
8759
This is the usual way to calculate a fingerprint of an X.509 DER
8760
encoded certificate. Note however that the fingerprint of an
8761
OpenPGP is not just a hash and cannot be calculated with this
6492
8764
<div class="variablelist"><table border="0">
6493
8765
<col align="left" valign="top">
6496
8768
<td><p><span class="term"><em class="parameter"><code>algo</code></em> :</span></p></td>
8769
<td>is a digest algorithm
6501
8773
<td><p><span class="term"><em class="parameter"><code>data</code></em> :</span></p></td>
6506
8778
<td><p><span class="term"><em class="parameter"><code>result</code></em> :</span></p></td>
8779
<td>is the place where the result will be copied (may be null).
6511
8783
<td><p><span class="term"><em class="parameter"><code>result_size</code></em> :</span></p></td>
8784
<td>should hold the size of the result. The actual size
8785
of the returned result will also be copied there.
6516
8789
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
8790
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, otherwise
8791
an error code is returned.
6565
8844
<em class="parameter"><code>const <span class="type">char</span> *username</code></em>,
6566
8845
<em class="parameter"><code>const <span class="type">char</span> *password</code></em>);</pre>
8847
This function sets the username and password, in a
8848
<span class="type">gnutls_srp_client_credentials_t</span> structure. Those will be used in
8849
SRP authentication. <em class="parameter"><code>username</code></em> and <em class="parameter"><code>password</code></em> should be ASCII
8850
strings or UTF-8 strings prepared using the "SASLprep" profile of
6569
8853
<div class="variablelist"><table border="0">
6570
8854
<col align="left" valign="top">
6573
8857
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
8858
<td>is a <span class="type">gnutls_srp_client_credentials_t</span> structure.
6578
8862
<td><p><span class="term"><em class="parameter"><code>username</code></em> :</span></p></td>
8863
<td>is the user's userid
6583
8867
<td><p><span class="term"><em class="parameter"><code>password</code></em> :</span></p></td>
8868
<td>is the user's password
6588
8872
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
8873
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, or an
6638
8928
<em class="parameter"><code>const <span class="type">char</span> *password_file</code></em>,
6639
8929
<em class="parameter"><code>const <span class="type">char</span> *password_conf_file</code></em>);</pre>
8931
This function sets the password files, in a
8932
<span class="type">gnutls_srp_server_credentials_t</span> structure. Those password files
8933
hold usernames and verifiers and will be used for SRP
6642
8936
<div class="variablelist"><table border="0">
6643
8937
<col align="left" valign="top">
6646
8940
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
8941
<td>is a <span class="type">gnutls_srp_server_credentials_t</span> structure.
6651
8945
<td><p><span class="term"><em class="parameter"><code>password_file</code></em> :</span></p></td>
8946
<td>is the SRP password file (tpasswd)
6656
8950
<td><p><span class="term"><em class="parameter"><code>password_conf_file</code></em> :</span></p></td>
8951
<td>is the SRP password conf file (tpasswd.conf)
6661
8955
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
8956
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, or an
6693
8991
<pre class="programlisting"><span class="returnvalue">void</span> gnutls_srp_set_prime_bits (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
6694
8992
<em class="parameter"><code>unsigned <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> bits</code></em>);</pre>
8994
This function sets the minimum accepted number of bits, for use in
8995
an SRP key exchange. If zero, the default 2048 bits will be used.
8998
In the client side it sets the minimum accepted number of bits. If
8999
a server sends a prime with less bits than that
9000
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-RECEIVED-ILLEGAL-PARAMETER:CAPS" title="GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER"><code class="literal">GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER</code></a> will be returned by the
9004
This function has no effect in server side.
6697
9006
<div class="variablelist"><table border="0">
6698
9007
<col align="left" valign="top">
6701
9010
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
9011
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
6706
9015
<td><p><span class="term"><em class="parameter"><code>bits</code></em> :</span></p></td>
9016
<td>is the number of bits
9021
<p class="since">Since 2.6.0</p>
6714
9024
<div class="refsect2" title="gnutls_srp_verifier ()">
6720
9030
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *prime</code></em>,
6721
9031
<em class="parameter"><code><span class="type">gnutls_datum_t</span> *res</code></em>);</pre>
9033
This function will create an SRP verifier, as specified in
9034
RFC2945. The <em class="parameter"><code>prime</code></em> and <em class="parameter"><code>generator</code></em> should be one of the static
9035
parameters defined in gnutls/extra.h or may be generated using the
9036
libgcrypt functions <code class="function">gcry_prime_generate()</code> and
9037
<code class="function">gcry_prime_group_generator()</code>.
9040
The verifier will be allocated with <em class="parameter"><code>malloc</code></em> and will be stored in
9041
<em class="parameter"><code>res</code></em> using binary format.
6724
9043
<div class="variablelist"><table border="0">
6725
9044
<col align="left" valign="top">
6728
9047
<td><p><span class="term"><em class="parameter"><code>username</code></em> :</span></p></td>
9048
<td>is the user's name
6733
9052
<td><p><span class="term"><em class="parameter"><code>password</code></em> :</span></p></td>
9053
<td>is the user's password
6738
9057
<td><p><span class="term"><em class="parameter"><code>salt</code></em> :</span></p></td>
9058
<td>should be some randomly generated bytes
6743
9062
<td><p><span class="term"><em class="parameter"><code>generator</code></em> :</span></p></td>
9063
<td>is the generator of the group
6748
9067
<td><p><span class="term"><em class="parameter"><code>prime</code></em> :</span></p></td>
9068
<td>is the group's prime
6753
9072
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
9073
<td>where the verifier will be stored.
6758
9077
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
9078
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, or an
6817
9137
(<em class="parameter"><code><span class="type">gnutls_srp_server_credentials_t</span> cred</code></em>,
6818
9138
<em class="parameter"><code><span class="type">gnutls_srp_server_credentials_function</span> *func</code></em>);</pre>
9140
This function can be used to set a callback to retrieve the user's
9141
SRP credentials. The callback's function form is:
9144
int (*callback)(gnutls_session_t, const char* username,
9145
gnutls_datum_t* salt, gnutls_datum_t *verifier, gnutls_datum_t* g,
9149
<em class="parameter"><code>username</code></em> contains the actual username.
9150
The <em class="parameter"><code>salt</code></em>, <em class="parameter"><code>verifier</code></em>, <em class="parameter"><code>generator</code></em> and <em class="parameter"><code>prime</code></em> must be filled
9151
in using the <a class="link" href="gnutls-gnutls.html#gnutls-malloc" title="gnutls_malloc"><code class="function">gnutls_malloc()</code></a>. For convenience <em class="parameter"><code>prime</code></em> and <em class="parameter"><code>generator</code></em>
9152
may also be one of the static parameters defined in extra.h.
9155
In case the callback returned a negative number then gnutls will
9156
assume that the username does not exist.
9159
In order to prevent attackers from guessing valid usernames,
9160
if a user does not exist, g and n values should be filled in
9161
using a random user's parameters. In that case the callback must
9162
return the special value (1).
9165
The callback function will only be called once per handshake.
9166
The callback function should return 0 on success, while
9167
-1 indicates an error.
6821
9169
<div class="variablelist"><table border="0">
6822
9170
<col align="left" valign="top">
6825
9173
<td><p><span class="term"><em class="parameter"><code>cred</code></em> :</span></p></td>
9174
<td>is a <span class="type">gnutls_srp_server_credentials_t</span> structure.
6830
9178
<td><p><span class="term"><em class="parameter"><code>func</code></em> :</span></p></td>
9179
<td>is the callback function
6841
9189
(<em class="parameter"><code><span class="type">gnutls_srp_client_credentials_t</span> cred</code></em>,
6842
9190
<em class="parameter"><code><span class="type">gnutls_srp_client_credentials_function</span> *func</code></em>);</pre>
9192
This function can be used to set a callback to retrieve the
9193
username and password for client SRP authentication. The
9194
callback's function form is:
9197
int (*callback)(gnutls_session_t, char** username, char**password);
9200
The <em class="parameter"><code>username</code></em> and <em class="parameter"><code>password</code></em> must be allocated using
9201
<a class="link" href="gnutls-gnutls.html#gnutls-malloc" title="gnutls_malloc"><code class="function">gnutls_malloc()</code></a>. <em class="parameter"><code>username</code></em> and <em class="parameter"><code>password</code></em> should be ASCII strings
9202
or UTF-8 strings prepared using the "SASLprep" profile of
9206
The callback function will be called once per handshake before the
9207
initial hello message is sent.
9210
The callback should not return a negative error code the second
9211
time called, since the handshake procedure will be aborted.
9214
The callback function should return 0 on success.
9215
-1 indicates an error.
6845
9217
<div class="variablelist"><table border="0">
6846
9218
<col align="left" valign="top">
6849
9221
<td><p><span class="term"><em class="parameter"><code>cred</code></em> :</span></p></td>
9222
<td>is a <span class="type">gnutls_srp_server_credentials_t</span> structure.
6854
9226
<td><p><span class="term"><em class="parameter"><code>func</code></em> :</span></p></td>
9227
<td>is the callback function
6865
9237
<em class="parameter"><code><span class="type">char</span> *result</code></em>,
6866
9238
<em class="parameter"><code><span class="type">size_t</span> *result_size</code></em>);</pre>
9240
This function will convert the given data to printable data, using
9241
the base64 encoding, as used in the libsrp. This is the encoding
9242
used in SRP password files. If the provided buffer is not long
9243
enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
9246
Warning! This base64 encoding is not the "standard" encoding, so
9247
do not use it for non-SRP purposes.
6869
9249
<div class="variablelist"><table border="0">
6870
9250
<col align="left" valign="top">
6873
9253
<td><p><span class="term"><em class="parameter"><code>data</code></em> :</span></p></td>
9254
<td>contain the raw data
6878
9258
<td><p><span class="term"><em class="parameter"><code>result</code></em> :</span></p></td>
9259
<td>the place where base64 data will be copied
6883
9263
<td><p><span class="term"><em class="parameter"><code>result_size</code></em> :</span></p></td>
9264
<td>holds the size of the result
6888
9268
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
9269
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SHORT-MEMORY-BUFFER:CAPS" title="GNUTLS_E_SHORT_MEMORY_BUFFER"><code class="literal">GNUTLS_E_SHORT_MEMORY_BUFFER</code></a> if the buffer given is not
9270
long enough, or 0 on success.
6898
9279
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_srp_base64_encode_alloc (<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *data</code></em>,
6899
9280
<em class="parameter"><code><span class="type">gnutls_datum_t</span> *result</code></em>);</pre>
9282
This function will convert the given data to printable data, using
9283
the base64 encoding. This is the encoding used in SRP password
9284
files. This function will allocate the required memory to hold
9288
You should use <a class="link" href="gnutls-gnutls.html#gnutls-free" title="gnutls_free"><code class="function">gnutls_free()</code></a> to free the returned data.
9291
Warning! This base64 encoding is not the "standard" encoding, so
9292
do not use it for non-SRP purposes.
6902
9294
<div class="variablelist"><table border="0">
6903
9295
<col align="left" valign="top">
6906
9298
<td><p><span class="term"><em class="parameter"><code>data</code></em> :</span></p></td>
9299
<td>contains the raw data
6911
9303
<td><p><span class="term"><em class="parameter"><code>result</code></em> :</span></p></td>
9304
<td>will hold the newly allocated encoded data
6916
9308
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
9309
<td> 0 on success, or an error code.
6927
9319
<em class="parameter"><code><span class="type">char</span> *result</code></em>,
6928
9320
<em class="parameter"><code><span class="type">size_t</span> *result_size</code></em>);</pre>
9322
This function will decode the given encoded data, using the base64
9323
encoding found in libsrp.
9326
Note that <em class="parameter"><code>b64_data</code></em> should be null terminated.
9329
Warning! This base64 encoding is not the "standard" encoding, so
9330
do not use it for non-SRP purposes.
6931
9332
<div class="variablelist"><table border="0">
6932
9333
<col align="left" valign="top">
6935
9336
<td><p><span class="term"><em class="parameter"><code>b64_data</code></em> :</span></p></td>
9337
<td>contain the encoded data
6940
9341
<td><p><span class="term"><em class="parameter"><code>result</code></em> :</span></p></td>
9342
<td>the place where decoded data will be copied
6945
9346
<td><p><span class="term"><em class="parameter"><code>result_size</code></em> :</span></p></td>
9347
<td>holds the size of the result
6950
9351
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
9352
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SHORT-MEMORY-BUFFER:CAPS" title="GNUTLS_E_SHORT_MEMORY_BUFFER"><code class="literal">GNUTLS_E_SHORT_MEMORY_BUFFER</code></a> if the buffer given is not
9353
long enough, or 0 on success.
6960
9362
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_srp_base64_decode_alloc (<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *b64_data</code></em>,
6961
9363
<em class="parameter"><code><span class="type">gnutls_datum_t</span> *result</code></em>);</pre>
9365
This function will decode the given encoded data. The decoded data
9366
will be allocated, and stored into result. It will decode using
9367
the base64 algorithm as used in libsrp.
9370
You should use <a class="link" href="gnutls-gnutls.html#gnutls-free" title="gnutls_free"><code class="function">gnutls_free()</code></a> to free the returned data.
9373
Warning! This base64 encoding is not the "standard" encoding, so
9374
do not use it for non-SRP purposes.
6964
9376
<div class="variablelist"><table border="0">
6965
9377
<col align="left" valign="top">
6968
9380
<td><p><span class="term"><em class="parameter"><code>b64_data</code></em> :</span></p></td>
9381
<td>contains the encoded data
6973
9385
<td><p><span class="term"><em class="parameter"><code>result</code></em> :</span></p></td>
9386
<td>the place where decoded data lie
6978
9390
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
9391
<td> 0 on success, or an error code.
6986
9398
<div class="refsect2" title="enum gnutls_psk_key_flags">
6987
9399
<a name="gnutls-psk-key-flags"></a><h3>enum gnutls_psk_key_flags</h3>
6988
9400
<pre class="programlisting"> typedef enum gnutls_psk_key_flags
6990
GNUTLS_PSK_KEY_RAW = 0,
6992
} gnutls_psk_key_flags;
9402
GNUTLS_PSK_KEY_RAW = 0,
9404
} gnutls_psk_key_flags;
9407
Enumeration of different PSK key flags.
9409
<div class="variablelist"><table border="0">
9410
<col align="left" valign="top">
9413
<td><p><a name="GNUTLS-PSK-KEY-RAW:CAPS"></a><span class="term"><code class="literal">GNUTLS_PSK_KEY_RAW</code></span></p></td>
9414
<td>PSK-key in raw format.
9418
<td><p><a name="GNUTLS-PSK-KEY-HEX:CAPS"></a><span class="term"><code class="literal">GNUTLS_PSK_KEY_HEX</code></span></p></td>
9419
<td>PSK-key in hex format.
6998
9426
<div class="refsect2" title="gnutls_psk_free_client_credentials ()">
6999
9427
<a name="gnutls-psk-free-client-credentials"></a><h3>gnutls_psk_free_client_credentials ()</h3>
7000
9428
<pre class="programlisting"><span class="returnvalue">void</span> gnutls_psk_free_client_credentials (<em class="parameter"><code><span class="type">gnutls_psk_client_credentials_t</span> sc</code></em>);</pre>
9430
This structure is complex enough to manipulate directly thus this
9431
helper function is provided in order to free (deallocate) it.
7003
9433
<div class="variablelist"><table border="0">
7004
9434
<col align="left" valign="top">
7006
9436
<td><p><span class="term"><em class="parameter"><code>sc</code></em> :</span></p></td>
9437
<td>is a <span class="type">gnutls_psk_client_credentials_t</span> structure.
7040
9472
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *key</code></em>,
7041
9473
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-psk-key-flags" title="enum gnutls_psk_key_flags"><span class="type">gnutls_psk_key_flags</span></a> format</code></em>);</pre>
9475
This function sets the username and password, in a
9476
gnutls_psk_client_credentials_t structure. Those will be used in
9477
PSK authentication. <em class="parameter"><code>username</code></em> should be an ASCII string or UTF-8
9478
strings prepared using the "SASLprep" profile of "stringprep". The
9479
key can be either in raw byte format or in Hex format (without the
7044
9482
<div class="variablelist"><table border="0">
7045
9483
<col align="left" valign="top">
7048
9486
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
9487
<td>is a <span class="type">gnutls_psk_client_credentials_t</span> structure.
7053
9491
<td><p><span class="term"><em class="parameter"><code>username</code></em> :</span></p></td>
9492
<td>is the user's zero-terminated userid
7058
9496
<td><p><span class="term"><em class="parameter"><code>key</code></em> :</span></p></td>
9497
<td>is the user's key
7063
9501
<td><p><span class="term"><em class="parameter"><code>format</code></em> :</span></p></td>
9502
<td>indicate the format of the key, either
9503
<a class="link" href="gnutls-gnutls.html#GNUTLS-PSK-KEY-RAW:CAPS"><code class="literal">GNUTLS_PSK_KEY_RAW</code></a> or <a class="link" href="gnutls-gnutls.html#GNUTLS-PSK-KEY-HEX:CAPS"><code class="literal">GNUTLS_PSK_KEY_HEX</code></a>.
7068
9507
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
9508
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
7117
9560
(<em class="parameter"><code><span class="type">gnutls_psk_server_credentials_t</span> res</code></em>,
7118
9561
<em class="parameter"><code>const <span class="type">char</span> *password_file</code></em>);</pre>
9563
This function sets the password file, in a
9564
<code class="literal">gnutls_psk_server_credentials_t</code> structure. This password file
9565
holds usernames and keys and will be used for PSK authentication.
7121
9567
<div class="variablelist"><table border="0">
7122
9568
<col align="left" valign="top">
7125
9571
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
9572
<td>is a <span class="type">gnutls_psk_server_credentials_t</span> structure.
7130
9576
<td><p><span class="term"><em class="parameter"><code>password_file</code></em> :</span></p></td>
9577
<td>is the PSK password file (passwd.psk)
7135
9581
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
9582
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
7146
9592
(<em class="parameter"><code><span class="type">gnutls_psk_server_credentials_t</span> res</code></em>,
7147
9593
<em class="parameter"><code>const <span class="type">char</span> *hint</code></em>);</pre>
9595
This function sets the identity hint, in a
9596
<code class="literal">gnutls_psk_server_credentials_t</code> structure. This hint is sent to
9597
the client to help it chose a good PSK credential (i.e., username
7150
9600
<div class="variablelist"><table border="0">
7151
9601
<col align="left" valign="top">
7154
9604
<td><p><span class="term"><em class="parameter"><code>res</code></em> :</span></p></td>
9605
<td>is a <span class="type">gnutls_psk_server_credentials_t</span> structure.
7159
9609
<td><p><span class="term"><em class="parameter"><code>hint</code></em> :</span></p></td>
9610
<td>is the PSK identity hint string
7164
9614
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
9615
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
9621
<p class="since">Since 2.4.0</p>
7172
9624
<div class="refsect2" title="gnutls_psk_server_get_username ()">
7173
9625
<a name="gnutls-psk-server-get-username"></a><h3>gnutls_psk_server_get_username ()</h3>
7174
9626
<pre class="programlisting">const <span class="returnvalue">char</span> * gnutls_psk_server_get_username (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
9628
This should only be called in case of PSK authentication and in
7177
9631
<div class="variablelist"><table border="0">
7178
9632
<col align="left" valign="top">
7181
9635
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
9636
<td>is a gnutls session
7186
9640
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
9641
<td> the username of the peer, or <code class="literal">NULL</code> in case of an error.
7219
9678
(<em class="parameter"><code><span class="type">gnutls_psk_server_credentials_t</span> cred</code></em>,
7220
9679
<em class="parameter"><code><span class="type">gnutls_psk_server_credentials_function</span> *func</code></em>);</pre>
9681
This function can be used to set a callback to retrieve the user's PSK credentials.
9682
The callback's function form is:
9683
int (*callback)(gnutls_session_t, const char* username,
9684
gnutls_datum_t* key);
9687
<em class="parameter"><code>username</code></em> contains the actual username.
9688
The <em class="parameter"><code>key</code></em> must be filled in using the <a class="link" href="gnutls-gnutls.html#gnutls-malloc" title="gnutls_malloc"><code class="function">gnutls_malloc()</code></a>.
9691
In case the callback returned a negative number then gnutls will
9692
assume that the username does not exist.
9695
The callback function will only be called once per handshake. The
9696
callback function should return 0 on success, while -1 indicates
7223
9699
<div class="variablelist"><table border="0">
7224
9700
<col align="left" valign="top">
7227
9703
<td><p><span class="term"><em class="parameter"><code>cred</code></em> :</span></p></td>
9704
<td>is a <span class="type">gnutls_psk_server_credentials_t</span> structure.
7232
9708
<td><p><span class="term"><em class="parameter"><code>func</code></em> :</span></p></td>
9709
<td>is the callback function
7243
9719
(<em class="parameter"><code><span class="type">gnutls_psk_client_credentials_t</span> cred</code></em>,
7244
9720
<em class="parameter"><code><span class="type">gnutls_psk_client_credentials_function</span> *func</code></em>);</pre>
9722
This function can be used to set a callback to retrieve the username and
9723
password for client PSK authentication.
9724
The callback's function form is:
9725
int (*callback)(gnutls_session_t, char** username,
9726
gnutls_datum_t* key);
9729
The <em class="parameter"><code>username</code></em> and <em class="parameter"><code>key->data</code></em> must be allocated using <a class="link" href="gnutls-gnutls.html#gnutls-malloc" title="gnutls_malloc"><code class="function">gnutls_malloc()</code></a>.
9730
<em class="parameter"><code>username</code></em> should be ASCII strings or UTF-8 strings prepared using
9731
the "SASLprep" profile of "stringprep".
9734
The callback function will be called once per handshake.
9737
The callback function should return 0 on success.
9738
-1 indicates an error.
7247
9740
<div class="variablelist"><table border="0">
7248
9741
<col align="left" valign="top">
7251
9744
<td><p><span class="term"><em class="parameter"><code>cred</code></em> :</span></p></td>
9745
<td>is a <span class="type">gnutls_psk_server_credentials_t</span> structure.
7256
9749
<td><p><span class="term"><em class="parameter"><code>func</code></em> :</span></p></td>
9750
<td>is the callback function
7267
9760
<em class="parameter"><code><span class="type">char</span> *result</code></em>,
7268
9761
<em class="parameter"><code><span class="type">size_t</span> *result_size</code></em>);</pre>
9763
This function will convert the given data to printable data, using
9764
the hex encoding, as used in the PSK password files.
7271
9766
<div class="variablelist"><table border="0">
7272
9767
<col align="left" valign="top">
7275
9770
<td><p><span class="term"><em class="parameter"><code>data</code></em> :</span></p></td>
9771
<td>contain the raw data
7280
9775
<td><p><span class="term"><em class="parameter"><code>result</code></em> :</span></p></td>
9776
<td>the place where hex data will be copied
7285
9780
<td><p><span class="term"><em class="parameter"><code>result_size</code></em> :</span></p></td>
9781
<td>holds the size of the result
7290
9785
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
9786
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SHORT-MEMORY-BUFFER:CAPS" title="GNUTLS_E_SHORT_MEMORY_BUFFER"><code class="literal">GNUTLS_E_SHORT_MEMORY_BUFFER</code></a> if the buffer given is not
9787
long enough, or 0 on success.
7301
9797
<em class="parameter"><code><span class="type">char</span> *result</code></em>,
7302
9798
<em class="parameter"><code><span class="type">size_t</span> *result_size</code></em>);</pre>
9800
This function will decode the given encoded data, using the hex
9801
encoding used by PSK password files.
9804
Note that hex_data should be null terminated.
7305
9806
<div class="variablelist"><table border="0">
7306
9807
<col align="left" valign="top">
7309
9810
<td><p><span class="term"><em class="parameter"><code>hex_data</code></em> :</span></p></td>
9811
<td>contain the encoded data
7314
9815
<td><p><span class="term"><em class="parameter"><code>result</code></em> :</span></p></td>
9816
<td>the place where decoded data will be copied
7319
9820
<td><p><span class="term"><em class="parameter"><code>result_size</code></em> :</span></p></td>
9821
<td>holds the size of the result
7324
9825
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
9826
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SHORT-MEMORY-BUFFER:CAPS" title="GNUTLS_E_SHORT_MEMORY_BUFFER"><code class="literal">GNUTLS_E_SHORT_MEMORY_BUFFER</code></a> if the buffer given is not
9827
long enough, or 0 on success.
7383
9891
<em class="parameter"><code>const <span class="type">char</span> *psk_identity_hint</code></em>,
7384
9892
<em class="parameter"><code><span class="type">gnutls_datum_t</span> *output_key</code></em>);</pre>
9894
This function will derive a PSK key from a password, for use with
9895
the Netconf protocol.
7387
9897
<div class="variablelist"><table border="0">
7388
9898
<col align="left" valign="top">
7391
9901
<td><p><span class="term"><em class="parameter"><code>password</code></em> :</span></p></td>
9902
<td>zero terminated string containing password.
7396
9906
<td><p><span class="term"><em class="parameter"><code>psk_identity</code></em> :</span></p></td>
9907
<td>zero terminated string with PSK identity.
7401
9911
<td><p><span class="term"><em class="parameter"><code>psk_identity_hint</code></em> :</span></p></td>
9912
<td>zero terminated string with PSK identity hint.
7406
9916
<td><p><span class="term"><em class="parameter"><code>output_key</code></em> :</span></p></td>
9917
<td>output variable, contains newly allocated *data pointer.
7411
9921
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
9922
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, or an error code.
9928
<p class="since">Since 2.4.0</p>
7419
9931
<div class="refsect2" title="enum gnutls_x509_subject_alt_name_t">
7433
9945
} gnutls_x509_subject_alt_name_t;
9948
Enumeration of different subject alternative names types.
9950
<div class="variablelist"><table border="0">
9951
<col align="left" valign="top">
9954
<td><p><a name="GNUTLS-SAN-DNSNAME:CAPS"></a><span class="term"><code class="literal">GNUTLS_SAN_DNSNAME</code></span></p></td>
9959
<td><p><a name="GNUTLS-SAN-RFC822NAME:CAPS"></a><span class="term"><code class="literal">GNUTLS_SAN_RFC822NAME</code></span></p></td>
9960
<td>E-mail address SAN.
9964
<td><p><a name="GNUTLS-SAN-URI:CAPS"></a><span class="term"><code class="literal">GNUTLS_SAN_URI</code></span></p></td>
9969
<td><p><a name="GNUTLS-SAN-IPADDRESS:CAPS"></a><span class="term"><code class="literal">GNUTLS_SAN_IPADDRESS</code></span></p></td>
9974
<td><p><a name="GNUTLS-SAN-OTHERNAME:CAPS"></a><span class="term"><code class="literal">GNUTLS_SAN_OTHERNAME</code></span></p></td>
9979
<td><p><a name="GNUTLS-SAN-DN:CAPS"></a><span class="term"><code class="literal">GNUTLS_SAN_DN</code></span></p></td>
9984
<td><p><a name="GNUTLS-SAN-OTHERNAME-XMPP:CAPS"></a><span class="term"><code class="literal">GNUTLS_SAN_OTHERNAME_XMPP</code></span></p></td>
9985
<td>Virtual SAN, used by
9986
<a class="link" href="gnutls-x509.html#gnutls-x509-crt-get-subject-alt-othername-oid" title="gnutls_x509_crt_get_subject_alt_othername_oid ()"><code class="function">gnutls_x509_crt_get_subject_alt_othername_oid()</code></a>.
7439
9993
<div class="refsect2" title="struct gnutls_openpgp_crt_int">
7470
10024
<a name="gnutls-auth-get-type"></a><h3>gnutls_auth_get_type ()</h3>
7471
10025
<pre class="programlisting"><a class="link" href="gnutls-gnutls.html#gnutls-credentials-type-t" title="enum gnutls_credentials_type_t"><span class="returnvalue">gnutls_credentials_type_t</span></a> gnutls_auth_get_type (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
10027
Returns type of credentials for the current authentication schema.
10028
The returned information is to be used to distinguish the function used
10029
to access authentication data.
10032
Eg. for CERTIFICATE ciphersuites (key exchange algorithms:
10033
<a class="link" href="gnutls-gnutls.html#GNUTLS-KX-RSA:CAPS"><code class="literal">GNUTLS_KX_RSA</code></a>, <a class="link" href="gnutls-gnutls.html#GNUTLS-KX-DHE-RSA:CAPS"><code class="literal">GNUTLS_KX_DHE_RSA</code></a>), the same function are to be
10034
used to access the authentication data.
7474
10036
<div class="variablelist"><table border="0">
7475
10037
<col align="left" valign="top">
7478
10040
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
10041
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
7483
10045
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
10046
<td> The type of credentials for the current authentication
10047
schema, a <a class="link" href="gnutls-gnutls.html#gnutls-credentials-type-t" title="enum gnutls_credentials_type_t"><span class="type">gnutls_credentials_type_t</span></a> type.
7537
10108
<pre class="programlisting"><span class="returnvalue">void</span> gnutls_dh_set_prime_bits (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
7538
10109
<em class="parameter"><code>unsigned <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> bits</code></em>);</pre>
10111
This function sets the number of bits, for use in an Diffie-Hellman
10112
key exchange. This is used both in DH ephemeral and DH anonymous
10113
cipher suites. This will set the minimum size of the prime that
10114
will be used for the handshake.
10117
In the client side it sets the minimum accepted number of bits. If
10118
a server sends a prime with less bits than that
10119
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-DH-PRIME-UNACCEPTABLE:CAPS" title="GNUTLS_E_DH_PRIME_UNACCEPTABLE"><code class="literal">GNUTLS_E_DH_PRIME_UNACCEPTABLE</code></a> will be returned by the handshake.
10122
This function has no effect in server side.
7541
10124
<div class="variablelist"><table border="0">
7542
10125
<col align="left" valign="top">
7545
10128
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
10129
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
7550
10133
<td><p><span class="term"><em class="parameter"><code>bits</code></em> :</span></p></td>
10134
<td>is the number of bits
7603
10193
<a name="gnutls-dh-get-prime-bits"></a><h3>gnutls_dh_get_prime_bits ()</h3>
7604
10194
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_dh_get_prime_bits (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
10196
This function will return the bits of the prime used in the last
10197
Diffie-Hellman key exchange with the peer. Should be used for both
10198
anonymous and ephemeral Diffie-Hellman. Note that some ciphers,
10199
like RSA and DSA without DHE, does not use a Diffie-Hellman key
10200
exchange, and then this function will return 0.
7607
10202
<div class="variablelist"><table border="0">
7608
10203
<col align="left" valign="top">
7611
10206
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
10207
<td>is a gnutls session
7616
10211
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
10212
<td> The Diffie-Hellman bit strength is returned, or 0 if no
10213
Diffie-Hellman key exchange was done, or a negative error code on
7627
10224
<em class="parameter"><code><span class="type">gnutls_datum_t</span> *raw_gen</code></em>,
7628
10225
<em class="parameter"><code><span class="type">gnutls_datum_t</span> *raw_prime</code></em>);</pre>
10227
This function will return the group parameters used in the last
10228
Diffie-Hellman key exchange with the peer. These are the prime and
10229
the generator used. This function should be used for both
10230
anonymous and ephemeral Diffie-Hellman. The output parameters must
10231
be freed with <a class="link" href="gnutls-gnutls.html#gnutls-free" title="gnutls_free"><code class="function">gnutls_free()</code></a>.
7631
10233
<div class="variablelist"><table border="0">
7632
10234
<col align="left" valign="top">
7635
10237
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
10238
<td>is a gnutls session
7640
10242
<td><p><span class="term"><em class="parameter"><code>raw_gen</code></em> :</span></p></td>
10243
<td>will hold the generator.
7645
10247
<td><p><span class="term"><em class="parameter"><code>raw_prime</code></em> :</span></p></td>
10248
<td>will hold the prime.
7650
10252
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
10253
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, otherwise
10254
an error code is returned.
7660
10263
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_dh_get_pubkey (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
7661
10264
<em class="parameter"><code><span class="type">gnutls_datum_t</span> *raw_key</code></em>);</pre>
10266
This function will return the peer's public key used in the last
10267
Diffie-Hellman key exchange. This function should be used for both
10268
anonymous and ephemeral Diffie-Hellman. The output parameters must
10269
be freed with <a class="link" href="gnutls-gnutls.html#gnutls-free" title="gnutls_free"><code class="function">gnutls_free()</code></a>.
7664
10271
<div class="variablelist"><table border="0">
7665
10272
<col align="left" valign="top">
7668
10275
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
10276
<td>is a gnutls session
7673
10280
<td><p><span class="term"><em class="parameter"><code>raw_key</code></em> :</span></p></td>
10281
<td>will hold the public key.
7678
10285
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
10286
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, otherwise
10287
an error code is returned.
7689
10297
<em class="parameter"><code><span class="type">gnutls_datum_t</span> *exponent</code></em>,
7690
10298
<em class="parameter"><code><span class="type">gnutls_datum_t</span> *modulus</code></em>);</pre>
10300
This function will return the peer's public key exponent and
10301
modulus used in the last RSA-EXPORT authentication. The output
10302
parameters must be freed with <a class="link" href="gnutls-gnutls.html#gnutls-free" title="gnutls_free"><code class="function">gnutls_free()</code></a>.
7693
10304
<div class="variablelist"><table border="0">
7694
10305
<col align="left" valign="top">
7697
10308
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
10309
<td>is a gnutls session
7702
10313
<td><p><span class="term"><em class="parameter"><code>exponent</code></em> :</span></p></td>
10314
<td>will hold the exponent.
7707
10318
<td><p><span class="term"><em class="parameter"><code>modulus</code></em> :</span></p></td>
10319
<td>will hold the modulus.
7712
10323
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
10324
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, otherwise
10325
an error code is returned.
7868
10484
(<em class="parameter"><code><span class="type">gnutls_certificate_credentials_t</span> cred</code></em>,
7869
10485
<em class="parameter"><code><span class="type">gnutls_certificate_client_retrieve_function</span> *func</code></em>);</pre>
10487
This function sets a callback to be called in order to retrieve the
10488
certificate to be used in the handshake.
10491
The callback's function prototype is:
10492
int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs,
10493
const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st);
10496
<em class="parameter"><code>req_ca_cert</code></em> is only used in X.509 certificates.
10497
Contains a list with the CA names that the server considers trusted.
10498
Normally we should send a certificate that is signed
10499
by one of these CAs. These names are DER encoded. To get a more
10500
meaningful value use the function <a class="link" href="gnutls-x509.html#gnutls-x509-rdn-get" title="gnutls_x509_rdn_get ()"><code class="function">gnutls_x509_rdn_get()</code></a>.
10503
<em class="parameter"><code>pk_algos</code></em> contains a list with server's acceptable signature algorithms.
10504
The certificate returned should support the server's given algorithms.
10507
<em class="parameter"><code>st</code></em> should contain the certificates and private keys.
10510
If the callback function is provided then gnutls will call it, in the
10511
handshake, after the certificate request message has been received.
10514
The callback function should set the certificate list to be sent,
10515
and return 0 on success. If no certificate was selected then the
10516
number of certificates should be set to zero. The value (-1)
10517
indicates error and the handshake will be terminated.
7872
10519
<div class="variablelist"><table border="0">
7873
10520
<col align="left" valign="top">
7876
10523
<td><p><span class="term"><em class="parameter"><code>cred</code></em> :</span></p></td>
10524
<td>is a <span class="type">gnutls_certificate_credentials_t</span> structure.
7881
10528
<td><p><span class="term"><em class="parameter"><code>func</code></em> :</span></p></td>
10529
<td>is the callback function
7892
10539
(<em class="parameter"><code><span class="type">gnutls_certificate_credentials_t</span> cred</code></em>,
7893
10540
<em class="parameter"><code><span class="type">gnutls_certificate_server_retrieve_function</span> *func</code></em>);</pre>
7896
<div class="variablelist"><table border="0">
7897
<col align="left" valign="top">
7900
<td><p><span class="term"><em class="parameter"><code>cred</code></em> :</span></p></td>
7905
<td><p><span class="term"><em class="parameter"><code>func</code></em> :</span></p></td>
10542
This function sets a callback to be called in order to retrieve the
10543
certificate to be used in the handshake.
10546
The callback's function prototype is:
10547
int (*callback)(gnutls_session_t, gnutls_retr_st* st);
10550
<em class="parameter"><code>st</code></em> should contain the certificates and private keys.
10553
If the callback function is provided then gnutls will call it, in the
10554
handshake, after the certificate request message has been received.
10557
The callback function should set the certificate list to be sent, and
10558
return 0 on success. The value (-1) indicates error and the handshake
10559
will be terminated.
10561
<div class="variablelist"><table border="0">
10562
<col align="left" valign="top">
10565
<td><p><span class="term"><em class="parameter"><code>cred</code></em> :</span></p></td>
10566
<td>is a <span class="type">gnutls_certificate_credentials_t</span> structure.
10570
<td><p><span class="term"><em class="parameter"><code>func</code></em> :</span></p></td>
10571
<td>is the callback function
10578
<div class="refsect2" title="gnutls_certificate_set_verify_function ()">
10579
<a name="gnutls-certificate-set-verify-function"></a><h3>gnutls_certificate_set_verify_function ()</h3>
10580
<pre class="programlisting"><span class="returnvalue">void</span> gnutls_certificate_set_verify_function
10581
(<em class="parameter"><code><span class="type">gnutls_certificate_credentials_t</span> cred</code></em>,
10582
<em class="parameter"><code><span class="type">gnutls_certificate_verify_function</span> *func</code></em>);</pre>
10584
This function sets a callback to be called when peer's certificate
10585
has been received in order to verify it on receipt rather than
10586
doing after the handshake is completed.
10589
The callback's function prototype is:
10590
int (*callback)(gnutls_session_t);
10593
If the callback function is provided then gnutls will call it, in the
10594
handshake, just after the certificate message has been received.
10595
To verify or obtain the certificate the <a class="link" href="gnutls-gnutls.html#gnutls-certificate-verify-peers2" title="gnutls_certificate_verify_peers2 ()"><code class="function">gnutls_certificate_verify_peers2()</code></a>,
10596
<a class="link" href="gnutls-gnutls.html#gnutls-certificate-type-get" title="gnutls_certificate_type_get ()"><code class="function">gnutls_certificate_type_get()</code></a>, <a class="link" href="gnutls-gnutls.html#gnutls-certificate-get-peers" title="gnutls_certificate_get_peers ()"><code class="function">gnutls_certificate_get_peers()</code></a> functions
10600
The callback function should return 0 for the handshake to continue
10601
or non-zero to terminate.
10603
<div class="variablelist"><table border="0">
10604
<col align="left" valign="top">
10607
<td><p><span class="term"><em class="parameter"><code>cred</code></em> :</span></p></td>
10608
<td>is a <span class="type">gnutls_certificate_credentials_t</span> structure.
10612
<td><p><span class="term"><em class="parameter"><code>func</code></em> :</span></p></td>
10613
<td>is the callback function
10618
<p class="since">Since 2.10.0</p>
7913
10621
<div class="refsect2" title="gnutls_certificate_server_set_request ()">
7916
10624
(<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
7917
10625
<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-certificate-request-t" title="enum gnutls_certificate_request_t"><span class="type">gnutls_certificate_request_t</span></a> req</code></em>);</pre>
10627
This function specifies if we (in case of a server) are going to
10628
send a certificate request message to the client. If <em class="parameter"><code>req</code></em> is
10629
GNUTLS_CERT_REQUIRE then the server will return an error if the
10630
peer does not provide a certificate. If you do not call this
10631
function then the client will not be asked to send a certificate.
7920
10633
<div class="variablelist"><table border="0">
7921
10634
<col align="left" valign="top">
7924
10637
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
10638
<td>is a <a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> structure.
7929
10642
<td><p><span class="term"><em class="parameter"><code>req</code></em> :</span></p></td>
10643
<td>is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE
7939
10652
<pre class="programlisting">const <span class="returnvalue">gnutls_datum_t</span> * gnutls_certificate_get_peers (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
7940
10653
<em class="parameter"><code>unsigned <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> *list_size</code></em>);</pre>
10655
Get the peer's raw certificate (chain) as sent by the peer. These
10656
certificates are in raw format (DER encoded for X.509). In case of
10657
a X.509 then a certificate list may be present. The first
10658
certificate in the list is the peer's certificate, following the
10659
issuer's certificate, then the issuer's issuer etc.
10662
In case of OpenPGP keys a single key will be returned in raw
7943
10665
<div class="variablelist"><table border="0">
7944
10666
<col align="left" valign="top">
7947
10669
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
10670
<td>is a gnutls session
7952
10674
<td><p><span class="term"><em class="parameter"><code>list_size</code></em> :</span></p></td>
10675
<td>is the length of the certificate list
7957
10679
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
10680
<td> return a pointer to a <span class="type">gnutls_datum_t</span> containing our
10681
certificates, or <code class="literal">NULL</code> in case of an error or if no certificate
8058
10803
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_certificate_verify_peers2 (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>,
8059
10804
<em class="parameter"><code>unsigned <a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="type">int</span></a> *status</code></em>);</pre>
10806
This function will try to verify the peer's certificate and return
10807
its status (trusted, invalid etc.). The value of <em class="parameter"><code>status</code></em> should
10808
be one or more of the gnutls_certificate_status_t enumerated
10809
elements bitwise or'd. To avoid denial of service attacks some
10810
default upper limits regarding the certificate key size and chain
10811
size are set. To override them use
10812
<a class="link" href="gnutls-gnutls.html#gnutls-certificate-set-verify-limits" title="gnutls_certificate_set_verify_limits ()"><code class="function">gnutls_certificate_set_verify_limits()</code></a>.
10815
Note that you must also check the peer's name in order to check if
10816
the verified certificate belongs to the actual peer.
10819
This function uses <a class="link" href="gnutls-x509.html#gnutls-x509-crt-list-verify" title="gnutls_x509_crt_list_verify ()"><code class="function">gnutls_x509_crt_list_verify()</code></a> with the CAs in
10820
the credentials as trusted CAs.
8062
10822
<div class="variablelist"><table border="0">
8063
10823
<col align="left" valign="top">
8066
10826
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
10827
<td>is a gnutls session
8071
10831
<td><p><span class="term"><em class="parameter"><code>status</code></em> :</span></p></td>
10832
<td>is the output of the verification
8076
10836
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
10837
<td> a negative error code on error and zero on success.
8084
10844
<div class="refsect2" title="gnutls_certificate_verify_peers ()">
8085
10845
<a name="gnutls-certificate-verify-peers"></a><h3>gnutls_certificate_verify_peers ()</h3>
8086
10846
<pre class="programlisting"><a class="link" href="gnutls-crypto.html#int" title="int ()"><span class="returnvalue">int</span></a> gnutls_certificate_verify_peers (<em class="parameter"><code><a class="link" href="gnutls-gnutls.html#gnutls-session-t" title="gnutls_session_t"><span class="type">gnutls_session_t</span></a> session</code></em>);</pre>
10847
<div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;">
10848
<h3 class="title">Warning</h3>
10849
<p><code class="literal">gnutls_certificate_verify_peers</code> is deprecated and should not be used in newly-written code. Use <a class="link" href="gnutls-gnutls.html#gnutls-certificate-verify-peers2" title="gnutls_certificate_verify_peers2 ()"><code class="function">gnutls_certificate_verify_peers2()</code></a> instead.</p>
10852
This function will try to verify the peer's certificate and return
10853
its status (trusted, invalid etc.). However you must also check
10854
the peer's name in order to check if the verified certificate
10855
belongs to the actual peer.
10858
This function uses <a class="link" href="gnutls-x509.html#gnutls-x509-crt-list-verify" title="gnutls_x509_crt_list_verify ()"><code class="function">gnutls_x509_crt_list_verify()</code></a>.
8089
10860
<div class="variablelist"><table border="0">
8090
10861
<col align="left" valign="top">
8093
10864
<td><p><span class="term"><em class="parameter"><code>session</code></em> :</span></p></td>
10865
<td>is a gnutls session
8098
10869
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
10870
<td> one or more of the <a class="link" href="gnutls-gnutls.html#gnutls-certificate-status-t" title="enum gnutls_certificate_status_t"><span class="type">gnutls_certificate_status_t</span></a>
10871
enumerated elements bitwise or'd, or a negative value on error.
8110
10883
<em class="parameter"><code><span class="type">char</span> *result</code></em>,
8111
10884
<em class="parameter"><code><span class="type">size_t</span> *result_size</code></em>);</pre>
10886
This function will convert the given data to printable data, using
10887
the base64 encoding. This is the encoding used in PEM messages.
10890
The output string will be null terminated, although the size will
10891
not include the terminating null.
8114
10893
<div class="variablelist"><table border="0">
8115
10894
<col align="left" valign="top">
8118
10897
<td><p><span class="term"><em class="parameter"><code>msg</code></em> :</span></p></td>
10898
<td>is a message to be put in the header
8123
10902
<td><p><span class="term"><em class="parameter"><code>data</code></em> :</span></p></td>
10903
<td>contain the raw data
8128
10907
<td><p><span class="term"><em class="parameter"><code>result</code></em> :</span></p></td>
10908
<td>the place where base64 data will be copied
8133
10912
<td><p><span class="term"><em class="parameter"><code>result_size</code></em> :</span></p></td>
10913
<td>holds the size of the result
8138
10917
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
10918
<td> On success <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned,
10919
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-SHORT-MEMORY-BUFFER:CAPS" title="GNUTLS_E_SHORT_MEMORY_BUFFER"><code class="literal">GNUTLS_E_SHORT_MEMORY_BUFFER</code></a> is returned if the buffer given is
10920
not long enough, or 0 on success.
8150
10931
<em class="parameter"><code>unsigned <span class="type">char</span> *result</code></em>,
8151
10932
<em class="parameter"><code><span class="type">size_t</span> *result_size</code></em>);</pre>
10934
This function will decode the given encoded data. If the header
10935
given is non null this function will search for "-----BEGIN header"
10936
and decode only this part. Otherwise it will decode the first PEM
8154
10939
<div class="variablelist"><table border="0">
8155
10940
<col align="left" valign="top">
8158
10943
<td><p><span class="term"><em class="parameter"><code>header</code></em> :</span></p></td>
10944
<td>A null terminated string with the PEM header (eg. CERTIFICATE)
8163
10948
<td><p><span class="term"><em class="parameter"><code>b64_data</code></em> :</span></p></td>
10949
<td>contain the encoded data
8168
10953
<td><p><span class="term"><em class="parameter"><code>result</code></em> :</span></p></td>
10954
<td>the place where decoded data will be copied
8173
10958
<td><p><span class="term"><em class="parameter"><code>result_size</code></em> :</span></p></td>
10959
<td>holds the size of the result
8178
10963
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
10964
<td> On success <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned,
10965
<a class="link" href="gnutls-gnutls.html#GNUTLS-E-SHORT-MEMORY-BUFFER:CAPS" title="GNUTLS_E_SHORT_MEMORY_BUFFER"><code class="literal">GNUTLS_E_SHORT_MEMORY_BUFFER</code></a> is returned if the buffer given is
10966
not long enough, or 0 on success.
8189
10976
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *data</code></em>,
8190
10977
<em class="parameter"><code><span class="type">gnutls_datum_t</span> *result</code></em>);</pre>
10979
This function will convert the given data to printable data, using
10980
the base64 encoding. This is the encoding used in PEM messages.
10981
This function will allocate the required memory to hold the encoded
10985
You should use <a class="link" href="gnutls-gnutls.html#gnutls-free" title="gnutls_free"><code class="function">gnutls_free()</code></a> to free the returned data.
8193
10987
<div class="variablelist"><table border="0">
8194
10988
<col align="left" valign="top">
8197
10991
<td><p><span class="term"><em class="parameter"><code>msg</code></em> :</span></p></td>
10992
<td>is a message to be put in the encoded header
8202
10996
<td><p><span class="term"><em class="parameter"><code>data</code></em> :</span></p></td>
10997
<td>contains the raw data
8207
11001
<td><p><span class="term"><em class="parameter"><code>result</code></em> :</span></p></td>
11002
<td>will hold the newly allocated encoded data
8212
11006
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
11007
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, otherwise
11008
an error code is returned.
8223
11018
<em class="parameter"><code>const <span class="type">gnutls_datum_t</span> *b64_data</code></em>,
8224
11019
<em class="parameter"><code><span class="type">gnutls_datum_t</span> *result</code></em>);</pre>
11021
This function will decode the given encoded data. The decoded data
11022
will be allocated, and stored into result. If the header given is
11023
non null this function will search for "-----BEGIN header" and
11024
decode only this part. Otherwise it will decode the first PEM
11028
You should use <a class="link" href="gnutls-gnutls.html#gnutls-free" title="gnutls_free"><code class="function">gnutls_free()</code></a> to free the returned data.
8227
11030
<div class="variablelist"><table border="0">
8228
11031
<col align="left" valign="top">
8231
11034
<td><p><span class="term"><em class="parameter"><code>header</code></em> :</span></p></td>
11035
<td>The PEM header (eg. CERTIFICATE)
8236
11039
<td><p><span class="term"><em class="parameter"><code>b64_data</code></em> :</span></p></td>
11040
<td>contains the encoded data
8241
11044
<td><p><span class="term"><em class="parameter"><code>result</code></em> :</span></p></td>
11045
<td>the place where decoded data lie
8246
11049
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
11050
<td> On success, <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> (0) is returned, otherwise
11051
an error code is returned.
8400
11213
<em class="parameter"><code><span class="type">char</span> *bin_data</code></em>,
8401
11214
<em class="parameter"><code><span class="type">size_t</span> *bin_size</code></em>);</pre>
11216
Convert a buffer with hex data to binary data.
8404
11218
<div class="variablelist"><table border="0">
8405
11219
<col align="left" valign="top">
8408
11222
<td><p><span class="term"><em class="parameter"><code>hex_data</code></em> :</span></p></td>
11223
<td>string with data in hex format
8413
11227
<td><p><span class="term"><em class="parameter"><code>hex_size</code></em> :</span></p></td>
11228
<td>size of hex data
8418
11232
<td><p><span class="term"><em class="parameter"><code>bin_data</code></em> :</span></p></td>
11233
<td>output array with binary data
8423
11237
<td><p><span class="term"><em class="parameter"><code>bin_size</code></em> :</span></p></td>
11238
<td>when calling *<em class="parameter"><code>bin_size</code></em> should hold size of <em class="parameter"><code>bin_data</code></em>,
11239
on return will hold actual size of <em class="parameter"><code>bin_data</code></em>.
8428
11243
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
11244
<td> <a class="link" href="gnutls-gnutls.html#GNUTLS-E-SUCCESS:CAPS" title="GNUTLS_E_SUCCESS"><code class="literal">GNUTLS_E_SUCCESS</code></a> on success, otherwise an error.
8433
11249
</table></div>
11250
<p class="since">Since 2.4.0</p>
8436
11253
<div class="refsect2" title="GNUTLS_E_SUCCESS">
12005
<div class="refsect2" title="GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM">
12006
<a name="GNUTLS-E-UNSUPPORTED-SIGNATURE-ALGORITHM:CAPS"></a><h3>GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM</h3>
12007
<pre class="programlisting">#define GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM -106
12013
<div class="refsect2" title="GNUTLS_E_SAFE_RENEGOTIATION_FAILED">
12014
<a name="GNUTLS-E-SAFE-RENEGOTIATION-FAILED:CAPS"></a><h3>GNUTLS_E_SAFE_RENEGOTIATION_FAILED</h3>
12015
<pre class="programlisting">#define GNUTLS_E_SAFE_RENEGOTIATION_FAILED -107
12021
<div class="refsect2" title="GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED">
12022
<a name="GNUTLS-E-UNSAFE-RENEGOTIATION-DENIED:CAPS"></a><h3>GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED</h3>
12023
<pre class="programlisting">#define GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED -108
12029
<div class="refsect2" title="GNUTLS_E_UNKNOWN_SRP_USERNAME">
12030
<a name="GNUTLS-E-UNKNOWN-SRP-USERNAME:CAPS"></a><h3>GNUTLS_E_UNKNOWN_SRP_USERNAME</h3>
12031
<pre class="programlisting">#define GNUTLS_E_UNKNOWN_SRP_USERNAME -109
9188
12037
<div class="refsect2" title="GNUTLS_E_BASE64_ENCODING_ERROR">
9189
12038
<a name="GNUTLS-E-BASE64-ENCODING-ERROR:CAPS"></a><h3>GNUTLS_E_BASE64_ENCODING_ERROR</h3>
9190
12039
<pre class="programlisting">#define GNUTLS_E_BASE64_ENCODING_ERROR -201