~ubuntu-branches/ubuntu/trusty/gnutls26/trusty

Committer: Package Import Robot
Author(s): Andreas Metzler
Date: 2011-10-01 15:28:13 UTC
mfrom: (12.1.20 sid)
Revision ID: package-import@ubuntu.com-20111001152813-yygm1c4cxonfxhzy

http://bugs.debian.org/640639

* New upstream version.
+ Allow CA importing of 0 certificates to succeed. Closes: #640639
* Add libp11-kit-dev to libgnutls-dev dependencies. (see #643811)
* [20_guiledocstring.diff] guile: Fix docstring extraction with CPP 4.5+.

files added:
.pc/17_ignoretestsuitteerrors.diff

.pc/17_ignoretestsuitteerrors.diff/tests

.pc/17_ignoretestsuitteerrors.diff/tests/dsa

.pc/17_ignoretestsuitteerrors.diff/tests/dsa/testdsa

.pc/18_gpgerrorinpkgconfig.diff

.pc/18_gpgerrorinpkgconfig.diff/lib

.pc/18_gpgerrorinpkgconfig.diff/lib/gnutls.pc.in

.pc/20_guiledocstring.diff

.pc/20_guiledocstring.diff/guile

.pc/20_guiledocstring.diff/guile/modules

.pc/20_guiledocstring.diff/guile/modules/system

.pc/20_guiledocstring.diff/guile/modules/system/documentation

.pc/20_guiledocstring.diff/guile/modules/system/documentation/c-snarf.scm

ABOUT-NLS

debian/libgnutls-openssl27.install

debian/libgnutlsxx27.install

debian/patches/17_ignoretestsuitteerrors.diff

debian/patches/18_gpgerrorinpkgconfig.diff

debian/patches/20_guiledocstring.diff

doc/cha-auth.texi

doc/cha-bib.texi

doc/cha-cert-auth.texi

doc/cha-ciphersuites.texi

doc/cha-copying.texi

doc/cha-functions.texi

doc/cha-gtls-app.texi

doc/cha-internals.texi

doc/cha-intro-tls.texi

doc/cha-library.texi

doc/cha-preface.texi

doc/cha-programs.texi

doc/cha-tls-app.texi

doc/examples/ex-cert-select-pkcs11.c

doc/gnutls-crypto-layers.dia

doc/gnutls-crypto-layers.eps

doc/gnutls-crypto-layers.pdf

doc/gnutls-crypto-layers.png

doc/manpages/gnutls_certificate_get_issuer.3

doc/manpages/gnutls_certificate_set_retrieve_function.3

doc/manpages/gnutls_cipher_decrypt2.3

doc/manpages/gnutls_cipher_encrypt2.3

doc/manpages/gnutls_global_set_mutex.3

doc/manpages/gnutls_global_set_time_function.3

doc/manpages/gnutls_openpgp_privkey_sec_param.3

doc/manpages/gnutls_pk_bits_to_sec_param.3

doc/manpages/gnutls_pkcs11_add_provider.3

doc/manpages/gnutls_pkcs11_copy_secret_key.3

doc/manpages/gnutls_pkcs11_copy_x509_crt.3

doc/manpages/gnutls_pkcs11_copy_x509_privkey.3

doc/manpages/gnutls_pkcs11_deinit.3

doc/manpages/gnutls_pkcs11_delete_url.3

doc/manpages/gnutls_pkcs11_init.3

doc/manpages/gnutls_pkcs11_obj_deinit.3

doc/manpages/gnutls_pkcs11_obj_export.3

doc/manpages/gnutls_pkcs11_obj_export_url.3

doc/manpages/gnutls_pkcs11_obj_get_info.3

doc/manpages/gnutls_pkcs11_obj_get_type.3

doc/manpages/gnutls_pkcs11_obj_import_url.3

doc/manpages/gnutls_pkcs11_obj_init.3

doc/manpages/gnutls_pkcs11_obj_list_import_url.3

doc/manpages/gnutls_pkcs11_privkey_deinit.3

doc/manpages/gnutls_pkcs11_privkey_export_url.3

doc/manpages/gnutls_pkcs11_privkey_get_info.3

doc/manpages/gnutls_pkcs11_privkey_get_pk_algorithm.3

doc/manpages/gnutls_pkcs11_privkey_import_url.3

doc/manpages/gnutls_pkcs11_privkey_init.3

doc/manpages/gnutls_pkcs11_set_pin_function.3

doc/manpages/gnutls_pkcs11_set_token_function.3

doc/manpages/gnutls_pkcs11_token_get_flags.3

doc/manpages/gnutls_pkcs11_token_get_info.3

doc/manpages/gnutls_pkcs11_token_get_mechanism.3

doc/manpages/gnutls_pkcs11_token_get_url.3

doc/manpages/gnutls_pkcs11_token_init.3

doc/manpages/gnutls_pkcs11_token_set_pin.3

doc/manpages/gnutls_privkey_decrypt_data.3

doc/manpages/gnutls_privkey_deinit.3

doc/manpages/gnutls_privkey_get_pk_algorithm.3

doc/manpages/gnutls_privkey_get_type.3

doc/manpages/gnutls_privkey_import_openpgp.3

doc/manpages/gnutls_privkey_import_pkcs11.3

doc/manpages/gnutls_privkey_import_x509.3

doc/manpages/gnutls_privkey_init.3

doc/manpages/gnutls_privkey_sign_data.3

doc/manpages/gnutls_privkey_sign_hash.3

doc/manpages/gnutls_pubkey_deinit.3

doc/manpages/gnutls_pubkey_export.3

doc/manpages/gnutls_pubkey_get_key_id.3

doc/manpages/gnutls_pubkey_get_key_usage.3

doc/manpages/gnutls_pubkey_get_pk_algorithm.3

doc/manpages/gnutls_pubkey_get_pk_dsa_raw.3

doc/manpages/gnutls_pubkey_get_pk_rsa_raw.3

doc/manpages/gnutls_pubkey_get_preferred_hash_algorithm.3

doc/manpages/gnutls_pubkey_get_verify_algorithm.3

doc/manpages/gnutls_pubkey_import.3

doc/manpages/gnutls_pubkey_import_dsa_raw.3

doc/manpages/gnutls_pubkey_import_openpgp.3

doc/manpages/gnutls_pubkey_import_pkcs11.3

doc/manpages/gnutls_pubkey_import_pkcs11_url.3

doc/manpages/gnutls_pubkey_import_privkey.3

doc/manpages/gnutls_pubkey_import_rsa_raw.3

doc/manpages/gnutls_pubkey_import_x509.3

doc/manpages/gnutls_pubkey_init.3

doc/manpages/gnutls_pubkey_set_key_usage.3

doc/manpages/gnutls_pubkey_verify_data.3

doc/manpages/gnutls_pubkey_verify_hash.3

doc/manpages/gnutls_rnd.3

doc/manpages/gnutls_sec_param_get_name.3

doc/manpages/gnutls_sec_param_to_pk_bits.3

doc/manpages/gnutls_session_channel_binding.3

doc/manpages/gnutls_transport_set_errno_function.3

doc/manpages/gnutls_transport_set_vec_push_function.3

doc/manpages/gnutls_x509_crl_get_raw_issuer_dn.3

doc/manpages/gnutls_x509_crl_privkey_sign.3

doc/manpages/gnutls_x509_crq_privkey_sign.3

doc/manpages/gnutls_x509_crq_set_pubkey.3

doc/manpages/gnutls_x509_crq_verify.3

doc/manpages/gnutls_x509_crt_get_issuer_unique_id.3

doc/manpages/gnutls_x509_crt_get_preferred_hash_algorithm.3

doc/manpages/gnutls_x509_crt_get_subject_unique_id.3

doc/manpages/gnutls_x509_crt_import_pkcs11.3

doc/manpages/gnutls_x509_crt_import_pkcs11_url.3

doc/manpages/gnutls_x509_crt_list_import_pkcs11.3

doc/manpages/gnutls_x509_crt_privkey_sign.3

doc/manpages/gnutls_x509_crt_set_pubkey.3

doc/manpages/gnutls_x509_privkey_export_rsa_raw2.3

doc/manpages/gnutls_x509_privkey_import_rsa_raw2.3

doc/manpages/gnutls_x509_privkey_sec_param.3

doc/manpages/p11tool.1

doc/pkcs11-vision.dia

doc/pkcs11-vision.eps

doc/pkcs11-vision.pdf

doc/pkcs11-vision.png

doc/reference/html/api-index-2-12-0.html

doc/reference/html/gnutls-pkcs11.html

doc/reference/tmpl/abstract.sgml

doc/reference/tmpl/binary-io.sgml

doc/reference/tmpl/dlopen.sgml

doc/reference/tmpl/fcntl.in.sgml

doc/reference/tmpl/fcntl.sgml

doc/reference/tmpl/locks.sgml

doc/reference/tmpl/pakchois.sgml

doc/reference/tmpl/pakchois11.sgml

doc/reference/tmpl/pkcs11.sgml

doc/reference/tmpl/pkcs11_int.sgml

doc/reference/tmpl/system.sgml

gl/ftello.c

gl/m4/fcntl-o.m4

gl/m4/fcntl_h.m4

gl/m4/ftello.m4

gl/m4/getpagesize.m4

gl/m4/pipe.m4

gl/m4/socketlib.m4

gl/malloc.c

gl/tests/binary-io.h

gl/tests/fcntl.in.h

gl/tests/getpagesize.c

gl/tests/pipe.c

gl/tests/test-binary-io.c

gl/tests/test-binary-io.sh

gl/tests/test-fcntl-h.c

gl/tests/test-ftello.c

gl/tests/test-ftello.sh

gl/tests/test-ftello2.sh

gl/tests/test-ftello3.c

gl/tests/test-pipe.c

gl/tests/test-sys_wait.h

gl/verify.h

guile/modules/gnutls/build/tests.scm

guile/tests/dh-parameters.pem

guile/tests/openpgp-elg-pub.asc

guile/tests/openpgp-elg-sec.asc

lib/abstract_int.h

lib/build-aux/snippet

lib/build-aux/snippet/_Noreturn.h

lib/build-aux/snippet/arg-nonnull.h

lib/build-aux/snippet/c++defs.h

lib/build-aux/snippet/warn-on-use.h

lib/gcrypt

lib/gcrypt/Makefile.am

lib/gcrypt/Makefile.in

lib/gcrypt/cipher.c

lib/gcrypt/init.c

lib/gcrypt/mac.c

lib/gcrypt/mpi.c

lib/gcrypt/pk.c

lib/gcrypt/rnd.c

lib/gl/fd-hook.c

lib/gl/fd-hook.h

lib/gl/float.c

lib/gl/fseek.c

lib/gl/ftell.c

lib/gl/ftello.c

lib/gl/m4/fcntl-o.m4

lib/gl/m4/fcntl_h.m4

lib/gl/m4/fpieee.m4

lib/gl/m4/fseek.m4

lib/gl/m4/ftell.m4

lib/gl/m4/ftello.m4

lib/gl/m4/getpagesize.m4

lib/gl/m4/inttypes.m4

lib/gl/m4/largefile.m4

lib/gl/m4/socketlib.m4

lib/gl/m4/sys_uio_h.m4

lib/gl/malloc.c

lib/gl/sys_uio.in.h

lib/gl/tests/binary-io.h

lib/gl/tests/fcntl.in.h

lib/gl/tests/fpucw.h

lib/gl/tests/getpagesize.c

lib/gl/tests/inttypes.in.h

lib/gl/tests/test-binary-io.c

lib/gl/tests/test-binary-io.sh

lib/gl/tests/test-fcntl-h.c

lib/gl/tests/test-float.c

lib/gl/tests/test-fseek.c

lib/gl/tests/test-fseek.sh

lib/gl/tests/test-fseek2.sh

lib/gl/tests/test-fseeko3.c

lib/gl/tests/test-fseeko3.sh

lib/gl/tests/test-ftell.c

lib/gl/tests/test-ftell.sh

lib/gl/tests/test-ftell2.sh

lib/gl/tests/test-ftell3.c

lib/gl/tests/test-ftello.c

lib/gl/tests/test-ftello.sh

lib/gl/tests/test-ftello2.sh

lib/gl/tests/test-ftello3.c

lib/gl/tests/test-intprops.c

lib/gl/tests/test-inttypes.c

lib/gl/tests/test-sys_uio.c

lib/gl/tests/test-sys_wait.h

lib/gl/verify.h

lib/gnutls_mbuffers.c

lib/gnutls_mbuffers.h

lib/gnutls_privkey.c

lib/gnutls_pubkey.c

lib/includes/gnutls/abstract.h

lib/includes/gnutls/pkcs11.h

lib/locks.c

lib/locks.h

lib/m4/inttypes-pri.m4

lib/nettle

lib/nettle/Makefile.am

lib/nettle/Makefile.in

lib/nettle/cipher.c

lib/nettle/egd.c

lib/nettle/egd.h

lib/nettle/init.c

lib/nettle/mac.c

lib/nettle/mpi.c

lib/nettle/pk.c

lib/nettle/rnd.c

lib/pkcs11.c

lib/pkcs11_int.h

lib/pkcs11_privkey.c

lib/pkcs11_secret.c

lib/pkcs11_write.c

lib/system.c

lib/system.h

m4/inttypes_h.m4

m4/lib-ld.m4

m4/lib-link.m4

m4/lib-prefix.m4

m4/longlong.m4

m4/po.m4

m4/size_max.m4

m4/stdint_h.m4

m4/ulonglong.m4

m4/wchar_t.m4

m4/wint_t.m4

m4/xsize.m4

src/certtool-common.c

src/p11common.c

src/p11common.h

src/p11tool-gaa.c

src/p11tool-gaa.h

src/p11tool.c

src/p11tool.gaa

src/p11tool.h

src/pkcs11.c

tests/certuniqueid.c

tests/dsa

tests/dsa/Makefile.am

tests/dsa/Makefile.in

tests/dsa/cert.dsa.1024.pem

tests/dsa/cert.dsa.2048.pem

tests/dsa/cert.dsa.3072.pem

tests/dsa/dsa.1024.pem

tests/dsa/dsa.2048.pem

tests/dsa/dsa.3072.pem

tests/dsa/testdsa

tests/eagain-common.h

tests/openpgp-auth.c

tests/rng-fork.c

tests/sha2/key-ca-dsa.pem

tests/sha2/key-dsa.pem

tests/sha2/key-subca-dsa.pem

tests/sha2/sha2-dsa

tests/suite

tests/suite/Makefile.am

tests/suite/Makefile.in

tests/suite/README

tests/x509cert.c

files removed:
.pc/20_gcrypt15compat.diff

.pc/20_gcrypt15compat.diff/lib

.pc/20_gcrypt15compat.diff/lib/pk-libgcrypt.c

.pc/debian-changes-2.8.6-1ubuntu1

.pc/debian-changes-2.8.6-1ubuntu1/doc

.pc/debian-changes-2.8.6-1ubuntu1/doc/examples

.pc/debian-changes-2.8.6-1ubuntu1/doc/examples/Makefile.am

.pc/debian-changes-2.8.6-1ubuntu1/doc/examples/Makefile.in

debian/libgnutlsxx26.install

debian/patches/20_gcrypt15compat.diff

debian/patches/debian-changes-2.8.6-1ubuntu1

doc/README.gaa

doc/examples/ex-client-tlsia.c

doc/examples/ex-serv-export.c

doc/manpages/gnutls_oprfi_enable_client.3

doc/manpages/gnutls_oprfi_enable_server.3

doc/manpages/gnutls_session_get_client_random.3

doc/manpages/gnutls_session_get_master_secret.3

doc/manpages/gnutls_session_get_server_random.3

doc/manpages/gnutls_session_set_finished_function.3

doc/reference/gnutls.pdf

gl/m4/inttypes_h.m4

gl/m4/lib-ld.m4

gl/m4/lib-link.m4

gl/m4/lib-prefix.m4

gl/m4/longlong.m4

gl/m4/size_max.m4

gl/m4/stdint_h.m4

gl/m4/wchar_h.m4

gl/m4/wchar_t.m4

gl/m4/wint_t.m4

gl/m4/xsize.m4

gl/tests/test-wchar.c

gl/tests/verify.h

gl/wchar.in.h

lib/build-aux/arg-nonnull.h

lib/build-aux/c++defs.h

lib/build-aux/warn-on-use.h

lib/cipher-libgcrypt.c

lib/ext_oprfi.c

lib/ext_oprfi.h

lib/gl/close-hook.c

lib/gl/close-hook.h

lib/gl/m4/asm-underscore.m4

lib/gl/m4/po.m4

lib/gl/stdio-write.c

lib/gl/tests/verify.h

lib/mac-libgcrypt.c

lib/mpi-libgcrypt.c

lib/opencdk/verify.c

lib/pk-libgcrypt.c

lib/rnd-libgcrypt.c

tests/finished.c

tests/netconf-psk.c

tests/oprfi.c

tests/safe-renegotiation/params.dh

tests/safe-renegotiation/srn6.c

tests/safe-renegotiation/srn7.c

tests/safe-renegotiation/testsrn

tests/tlsia.c

tests/x509signself.c

files modified:
.pc/16_unnecessarydep.diff/configure

.pc/16_unnecessarydep.diff/lib/configure

.pc/16_unnecessarydep.diff/libextra/configure

.pc/applied-patches

AUTHORS

ChangeLog

GNUmakefile

Makefile.in

NEWS

README

THANKS

aclocal.m4

build-aux/arg-nonnull.h

build-aux/c++defs.h

build-aux/config.guess

build-aux/config.rpath

build-aux/config.sub

build-aux/gendocs.sh

build-aux/ltmain.sh

build-aux/pmccabe.css

build-aux/pmccabe2html

build-aux/update-copyright

build-aux/useless-if-before-free

build-aux/vc-list-files

build-aux/warn-on-use.h

cfg.mk

config.h.in

configure

configure.ac

debian/changelog

debian/control

debian/copyright

debian/gnutls-bin.install

debian/libgnutls-dev.install

debian/libgnutls26.install

debian/patches/series

debian/rules

doc/Makefile.am

doc/Makefile.in

doc/TODO

doc/algorithms.texi

doc/credentials/Makefile.in

doc/credentials/gnutls-http-serv

doc/credentials/openpgp/Makefile.in

doc/credentials/srp/Makefile.in

doc/credentials/x509-server-dsa.pem

doc/credentials/x509-server-key-dsa.pem

doc/credentials/x509/Makefile.in

doc/credentials/x509/key.pem

doc/cyclo/Makefile.in

doc/cyclo/cyclo-gnutls.html

doc/errcodes.c

doc/error_codes.texi

doc/examples/Makefile.am

doc/examples/Makefile.in

doc/examples/ex-alert.c

doc/examples/ex-cert-select.c

doc/examples/ex-client-psk.c

doc/examples/ex-client-resume.c

doc/examples/ex-client-srp.c

doc/examples/ex-client1.c

doc/examples/ex-client2.c

doc/examples/ex-crq.c

doc/examples/ex-cxx.cpp

doc/examples/ex-pkcs12.c

doc/examples/ex-rfc2818.c

doc/examples/ex-serv-anon.c

doc/examples/ex-serv-pgp.c

doc/examples/ex-serv-psk.c

doc/examples/ex-serv-srp.c

doc/examples/ex-serv1.c

doc/examples/ex-session-info.c

doc/examples/ex-verify.c

doc/examples/ex-x509-info.c

doc/examples/examples.h

doc/examples/tcp.c

doc/fdl-1.3.texi

doc/gnutls-api.texi

doc/gnutls.html

doc/gnutls.info

doc/gnutls.info-1

doc/gnutls.info-2

doc/gnutls.info-3

doc/gnutls.pdf

doc/gnutls.ps

doc/gnutls.texi

doc/ia-api.texi

doc/manpages/Makefile.am

doc/manpages/Makefile.in

doc/manpages/certtool.1

doc/manpages/gnutls-cli.1

doc/manpages/gnutls-serv.1

doc/manpages/gnutls_alert_get.3

doc/manpages/gnutls_alert_get_name.3

doc/manpages/gnutls_alert_send.3

doc/manpages/gnutls_alert_send_appropriate.3

doc/manpages/gnutls_anon_allocate_client_credentials.3

doc/manpages/gnutls_anon_allocate_server_credentials.3

doc/manpages/gnutls_anon_free_client_credentials.3

doc/manpages/gnutls_anon_free_server_credentials.3

doc/manpages/gnutls_anon_set_params_function.3

doc/manpages/gnutls_anon_set_server_dh_params.3

doc/manpages/gnutls_anon_set_server_params_function.3

doc/manpages/gnutls_auth_client_get_type.3

doc/manpages/gnutls_auth_get_type.3

doc/manpages/gnutls_auth_server_get_type.3

doc/manpages/gnutls_bye.3

doc/manpages/gnutls_certificate_activation_time_peers.3

doc/manpages/gnutls_certificate_allocate_credentials.3

doc/manpages/gnutls_certificate_client_get_request_status.3

doc/manpages/gnutls_certificate_client_set_retrieve_function.3

doc/manpages/gnutls_certificate_expiration_time_peers.3

doc/manpages/gnutls_certificate_free_ca_names.3

doc/manpages/gnutls_certificate_free_cas.3

doc/manpages/gnutls_certificate_free_credentials.3

doc/manpages/gnutls_certificate_free_crls.3

doc/manpages/gnutls_certificate_free_keys.3

doc/manpages/gnutls_certificate_get_openpgp_keyring.3

doc/manpages/gnutls_certificate_get_ours.3

doc/manpages/gnutls_certificate_get_peers.3

doc/manpages/gnutls_certificate_get_x509_cas.3

doc/manpages/gnutls_certificate_get_x509_crls.3

doc/manpages/gnutls_certificate_send_x509_rdn_sequence.3

doc/manpages/gnutls_certificate_server_set_request.3

doc/manpages/gnutls_certificate_server_set_retrieve_function.3

doc/manpages/gnutls_certificate_set_dh_params.3

doc/manpages/gnutls_certificate_set_openpgp_key.3

doc/manpages/gnutls_certificate_set_openpgp_key_file.3

doc/manpages/gnutls_certificate_set_openpgp_key_file2.3

doc/manpages/gnutls_certificate_set_openpgp_key_mem.3

doc/manpages/gnutls_certificate_set_openpgp_key_mem2.3

doc/manpages/gnutls_certificate_set_openpgp_keyring_file.3

doc/manpages/gnutls_certificate_set_openpgp_keyring_mem.3

doc/manpages/gnutls_certificate_set_params_function.3

doc/manpages/gnutls_certificate_set_rsa_export_params.3

doc/manpages/gnutls_certificate_set_verify_flags.3

doc/manpages/gnutls_certificate_set_verify_function.3

doc/manpages/gnutls_certificate_set_verify_limits.3

doc/manpages/gnutls_certificate_set_x509_crl.3

doc/manpages/gnutls_certificate_set_x509_crl_file.3

doc/manpages/gnutls_certificate_set_x509_crl_mem.3

doc/manpages/gnutls_certificate_set_x509_key.3

doc/manpages/gnutls_certificate_set_x509_key_file.3

doc/manpages/gnutls_certificate_set_x509_key_mem.3

doc/manpages/gnutls_certificate_set_x509_simple_pkcs12_file.3

doc/manpages/gnutls_certificate_set_x509_simple_pkcs12_mem.3

doc/manpages/gnutls_certificate_set_x509_trust.3

doc/manpages/gnutls_certificate_set_x509_trust_file.3

doc/manpages/gnutls_certificate_set_x509_trust_mem.3

doc/manpages/gnutls_certificate_type_get.3

doc/manpages/gnutls_certificate_type_get_id.3

doc/manpages/gnutls_certificate_type_get_name.3

doc/manpages/gnutls_certificate_type_list.3

doc/manpages/gnutls_certificate_type_set_priority.3

doc/manpages/gnutls_certificate_verify_peers.3

doc/manpages/gnutls_certificate_verify_peers2.3

doc/manpages/gnutls_check_version.3

doc/manpages/gnutls_cipher_decrypt.3

doc/manpages/gnutls_cipher_deinit.3

doc/manpages/gnutls_cipher_encrypt.3

doc/manpages/gnutls_cipher_get.3

doc/manpages/gnutls_cipher_get_block_size.3

doc/manpages/gnutls_cipher_get_id.3

doc/manpages/gnutls_cipher_get_key_size.3

doc/manpages/gnutls_cipher_get_name.3

doc/manpages/gnutls_cipher_init.3

doc/manpages/gnutls_cipher_list.3

doc/manpages/gnutls_cipher_set_priority.3

doc/manpages/gnutls_cipher_suite_get_name.3

doc/manpages/gnutls_cipher_suite_info.3

doc/manpages/gnutls_compression_get.3

doc/manpages/gnutls_compression_get_id.3

doc/manpages/gnutls_compression_get_name.3

doc/manpages/gnutls_compression_list.3

doc/manpages/gnutls_compression_set_priority.3

doc/manpages/gnutls_credentials_clear.3

doc/manpages/gnutls_credentials_set.3

doc/manpages/gnutls_crypto_bigint_register2.3

doc/manpages/gnutls_crypto_cipher_register2.3

doc/manpages/gnutls_crypto_digest_register2.3

doc/manpages/gnutls_crypto_mac_register2.3

doc/manpages/gnutls_crypto_pk_register2.3

doc/manpages/gnutls_crypto_rnd_register2.3

doc/manpages/gnutls_crypto_single_cipher_register2.3

doc/manpages/gnutls_crypto_single_digest_register2.3

doc/manpages/gnutls_crypto_single_mac_register2.3

doc/manpages/gnutls_db_check_entry.3

doc/manpages/gnutls_db_get_ptr.3

doc/manpages/gnutls_db_remove_session.3

doc/manpages/gnutls_db_set_cache_expiration.3

doc/manpages/gnutls_db_set_ptr.3

doc/manpages/gnutls_db_set_remove_function.3

doc/manpages/gnutls_db_set_retrieve_function.3

doc/manpages/gnutls_db_set_store_function.3

doc/manpages/gnutls_deinit.3

doc/manpages/gnutls_dh_get_group.3

doc/manpages/gnutls_dh_get_peers_public_bits.3

doc/manpages/gnutls_dh_get_prime_bits.3

doc/manpages/gnutls_dh_get_pubkey.3

doc/manpages/gnutls_dh_get_secret_bits.3

doc/manpages/gnutls_dh_params_cpy.3

doc/manpages/gnutls_dh_params_deinit.3

doc/manpages/gnutls_dh_params_export_pkcs3.3

doc/manpages/gnutls_dh_params_export_raw.3

doc/manpages/gnutls_dh_params_generate2.3

doc/manpages/gnutls_dh_params_import_pkcs3.3

doc/manpages/gnutls_dh_params_import_raw.3

doc/manpages/gnutls_dh_params_init.3

doc/manpages/gnutls_dh_set_prime_bits.3

doc/manpages/gnutls_error_is_fatal.3

doc/manpages/gnutls_error_to_alert.3

doc/manpages/gnutls_ext_register.3

doc/manpages/gnutls_extra_check_version.3

doc/manpages/gnutls_fingerprint.3

doc/manpages/gnutls_free.3

doc/manpages/gnutls_global_deinit.3

doc/manpages/gnutls_global_init.3

doc/manpages/gnutls_global_init_extra.3

doc/manpages/gnutls_global_set_log_function.3

doc/manpages/gnutls_global_set_log_level.3

doc/manpages/gnutls_global_set_mem_functions.3

doc/manpages/gnutls_handshake.3

doc/manpages/gnutls_handshake_get_last_in.3

doc/manpages/gnutls_handshake_get_last_out.3

doc/manpages/gnutls_handshake_set_max_packet_length.3

doc/manpages/gnutls_handshake_set_post_client_hello_function.3

doc/manpages/gnutls_handshake_set_private_extensions.3

doc/manpages/gnutls_hash.3

doc/manpages/gnutls_hash_deinit.3

doc/manpages/gnutls_hash_fast.3

doc/manpages/gnutls_hash_get_len.3

doc/manpages/gnutls_hash_init.3

doc/manpages/gnutls_hash_output.3

doc/manpages/gnutls_hex2bin.3

doc/manpages/gnutls_hex_decode.3

doc/manpages/gnutls_hex_encode.3

doc/manpages/gnutls_hmac.3

doc/manpages/gnutls_hmac_deinit.3

doc/manpages/gnutls_hmac_fast.3

doc/manpages/gnutls_hmac_get_len.3

doc/manpages/gnutls_hmac_init.3

doc/manpages/gnutls_hmac_output.3

doc/manpages/gnutls_ia_allocate_client_credentials.3

doc/manpages/gnutls_ia_allocate_server_credentials.3

doc/manpages/gnutls_ia_enable.3

doc/manpages/gnutls_ia_endphase_send.3

doc/manpages/gnutls_ia_extract_inner_secret.3

doc/manpages/gnutls_ia_free_client_credentials.3

doc/manpages/gnutls_ia_free_server_credentials.3

doc/manpages/gnutls_ia_generate_challenge.3

doc/manpages/gnutls_ia_get_client_avp_ptr.3

doc/manpages/gnutls_ia_get_server_avp_ptr.3

doc/manpages/gnutls_ia_handshake.3

doc/manpages/gnutls_ia_handshake_p.3

doc/manpages/gnutls_ia_permute_inner_secret.3

doc/manpages/gnutls_ia_recv.3

doc/manpages/gnutls_ia_send.3

doc/manpages/gnutls_ia_set_client_avp_function.3

doc/manpages/gnutls_ia_set_client_avp_ptr.3

doc/manpages/gnutls_ia_set_server_avp_function.3

doc/manpages/gnutls_ia_set_server_avp_ptr.3

doc/manpages/gnutls_ia_verify_endphase.3

doc/manpages/gnutls_init.3

doc/manpages/gnutls_kx_get.3

doc/manpages/gnutls_kx_get_id.3

doc/manpages/gnutls_kx_get_name.3

doc/manpages/gnutls_kx_list.3

doc/manpages/gnutls_kx_set_priority.3

doc/manpages/gnutls_mac_get.3

doc/manpages/gnutls_mac_get_id.3

doc/manpages/gnutls_mac_get_key_size.3

doc/manpages/gnutls_mac_get_name.3

doc/manpages/gnutls_mac_list.3

doc/manpages/gnutls_mac_set_priority.3

doc/manpages/gnutls_malloc.3

doc/manpages/gnutls_openpgp_crt_check_hostname.3

doc/manpages/gnutls_openpgp_crt_deinit.3

doc/manpages/gnutls_openpgp_crt_export.3

doc/manpages/gnutls_openpgp_crt_get_auth_subkey.3

doc/manpages/gnutls_openpgp_crt_get_creation_time.3

doc/manpages/gnutls_openpgp_crt_get_expiration_time.3

doc/manpages/gnutls_openpgp_crt_get_fingerprint.3

doc/manpages/gnutls_openpgp_crt_get_key_id.3

doc/manpages/gnutls_openpgp_crt_get_key_usage.3

doc/manpages/gnutls_openpgp_crt_get_name.3

doc/manpages/gnutls_openpgp_crt_get_pk_algorithm.3

doc/manpages/gnutls_openpgp_crt_get_pk_dsa_raw.3

doc/manpages/gnutls_openpgp_crt_get_pk_rsa_raw.3

doc/manpages/gnutls_openpgp_crt_get_preferred_key_id.3

doc/manpages/gnutls_openpgp_crt_get_revoked_status.3

doc/manpages/gnutls_openpgp_crt_get_subkey_count.3

doc/manpages/gnutls_openpgp_crt_get_subkey_creation_time.3

doc/manpages/gnutls_openpgp_crt_get_subkey_expiration_time.3

doc/manpages/gnutls_openpgp_crt_get_subkey_fingerprint.3

doc/manpages/gnutls_openpgp_crt_get_subkey_id.3

doc/manpages/gnutls_openpgp_crt_get_subkey_idx.3

doc/manpages/gnutls_openpgp_crt_get_subkey_pk_algorithm.3

doc/manpages/gnutls_openpgp_crt_get_subkey_pk_dsa_raw.3

doc/manpages/gnutls_openpgp_crt_get_subkey_pk_rsa_raw.3

doc/manpages/gnutls_openpgp_crt_get_subkey_revoked_status.3

doc/manpages/gnutls_openpgp_crt_get_subkey_usage.3

doc/manpages/gnutls_openpgp_crt_get_version.3

doc/manpages/gnutls_openpgp_crt_import.3

doc/manpages/gnutls_openpgp_crt_init.3

doc/manpages/gnutls_openpgp_crt_print.3

doc/manpages/gnutls_openpgp_crt_set_preferred_key_id.3

doc/manpages/gnutls_openpgp_crt_verify_ring.3

doc/manpages/gnutls_openpgp_crt_verify_self.3

doc/manpages/gnutls_openpgp_keyring_check_id.3

doc/manpages/gnutls_openpgp_keyring_deinit.3

doc/manpages/gnutls_openpgp_keyring_get_crt.3

doc/manpages/gnutls_openpgp_keyring_get_crt_count.3

doc/manpages/gnutls_openpgp_keyring_import.3

doc/manpages/gnutls_openpgp_keyring_init.3

doc/manpages/gnutls_openpgp_privkey_deinit.3

doc/manpages/gnutls_openpgp_privkey_export.3

doc/manpages/gnutls_openpgp_privkey_export_dsa_raw.3

doc/manpages/gnutls_openpgp_privkey_export_rsa_raw.3

doc/manpages/gnutls_openpgp_privkey_export_subkey_dsa_raw.3

doc/manpages/gnutls_openpgp_privkey_export_subkey_rsa_raw.3

doc/manpages/gnutls_openpgp_privkey_get_fingerprint.3

doc/manpages/gnutls_openpgp_privkey_get_key_id.3

doc/manpages/gnutls_openpgp_privkey_get_pk_algorithm.3

doc/manpages/gnutls_openpgp_privkey_get_preferred_key_id.3

doc/manpages/gnutls_openpgp_privkey_get_revoked_status.3

doc/manpages/gnutls_openpgp_privkey_get_subkey_count.3

doc/manpages/gnutls_openpgp_privkey_get_subkey_creation_time.3

doc/manpages/gnutls_openpgp_privkey_get_subkey_expiration_time.3

doc/manpages/gnutls_openpgp_privkey_get_subkey_fingerprint.3

doc/manpages/gnutls_openpgp_privkey_get_subkey_id.3

doc/manpages/gnutls_openpgp_privkey_get_subkey_idx.3

doc/manpages/gnutls_openpgp_privkey_get_subkey_pk_algorithm.3

doc/manpages/gnutls_openpgp_privkey_get_subkey_revoked_status.3

doc/manpages/gnutls_openpgp_privkey_import.3

doc/manpages/gnutls_openpgp_privkey_init.3

doc/manpages/gnutls_openpgp_privkey_set_preferred_key_id.3

doc/manpages/gnutls_openpgp_privkey_sign_hash.3

doc/manpages/gnutls_openpgp_send_cert.3

doc/manpages/gnutls_openpgp_set_recv_key_function.3

doc/manpages/gnutls_pem_base64_decode.3

doc/manpages/gnutls_pem_base64_decode_alloc.3

doc/manpages/gnutls_pem_base64_encode.3

doc/manpages/gnutls_pem_base64_encode_alloc.3

doc/manpages/gnutls_perror.3

doc/manpages/gnutls_pk_algorithm_get_name.3

doc/manpages/gnutls_pk_get_id.3

doc/manpages/gnutls_pk_get_name.3

doc/manpages/gnutls_pk_list.3

doc/manpages/gnutls_pkcs12_bag_decrypt.3

doc/manpages/gnutls_pkcs12_bag_deinit.3

doc/manpages/gnutls_pkcs12_bag_encrypt.3

doc/manpages/gnutls_pkcs12_bag_get_count.3

doc/manpages/gnutls_pkcs12_bag_get_data.3

doc/manpages/gnutls_pkcs12_bag_get_friendly_name.3

doc/manpages/gnutls_pkcs12_bag_get_key_id.3

doc/manpages/gnutls_pkcs12_bag_get_type.3

doc/manpages/gnutls_pkcs12_bag_init.3

doc/manpages/gnutls_pkcs12_bag_set_crl.3

doc/manpages/gnutls_pkcs12_bag_set_crt.3

doc/manpages/gnutls_pkcs12_bag_set_data.3

doc/manpages/gnutls_pkcs12_bag_set_friendly_name.3

doc/manpages/gnutls_pkcs12_bag_set_key_id.3

doc/manpages/gnutls_pkcs12_deinit.3

doc/manpages/gnutls_pkcs12_export.3

doc/manpages/gnutls_pkcs12_generate_mac.3

doc/manpages/gnutls_pkcs12_get_bag.3

doc/manpages/gnutls_pkcs12_import.3

doc/manpages/gnutls_pkcs12_init.3

doc/manpages/gnutls_pkcs12_set_bag.3

doc/manpages/gnutls_pkcs12_verify_mac.3

doc/manpages/gnutls_pkcs7_deinit.3

doc/manpages/gnutls_pkcs7_delete_crl.3

doc/manpages/gnutls_pkcs7_delete_crt.3

doc/manpages/gnutls_pkcs7_export.3

doc/manpages/gnutls_pkcs7_get_crl_count.3

doc/manpages/gnutls_pkcs7_get_crl_raw.3

doc/manpages/gnutls_pkcs7_get_crt_count.3

doc/manpages/gnutls_pkcs7_get_crt_raw.3

doc/manpages/gnutls_pkcs7_import.3

doc/manpages/gnutls_pkcs7_init.3

doc/manpages/gnutls_pkcs7_set_crl.3

doc/manpages/gnutls_pkcs7_set_crl_raw.3

doc/manpages/gnutls_pkcs7_set_crt.3

doc/manpages/gnutls_pkcs7_set_crt_raw.3

doc/manpages/gnutls_prf.3

doc/manpages/gnutls_prf_raw.3

doc/manpages/gnutls_priority_deinit.3

doc/manpages/gnutls_priority_init.3

doc/manpages/gnutls_priority_set.3

doc/manpages/gnutls_priority_set_direct.3

doc/manpages/gnutls_protocol_get_id.3

doc/manpages/gnutls_protocol_get_name.3

doc/manpages/gnutls_protocol_get_version.3

doc/manpages/gnutls_protocol_list.3

doc/manpages/gnutls_protocol_set_priority.3

doc/manpages/gnutls_psk_allocate_client_credentials.3

doc/manpages/gnutls_psk_allocate_server_credentials.3

doc/manpages/gnutls_psk_client_get_hint.3

doc/manpages/gnutls_psk_free_client_credentials.3

doc/manpages/gnutls_psk_free_server_credentials.3

doc/manpages/gnutls_psk_netconf_derive_key.3

doc/manpages/gnutls_psk_server_get_username.3

doc/manpages/gnutls_psk_set_client_credentials.3

doc/manpages/gnutls_psk_set_client_credentials_function.3

doc/manpages/gnutls_psk_set_params_function.3

doc/manpages/gnutls_psk_set_server_credentials_file.3

doc/manpages/gnutls_psk_set_server_credentials_function.3

doc/manpages/gnutls_psk_set_server_credentials_hint.3

doc/manpages/gnutls_psk_set_server_dh_params.3

doc/manpages/gnutls_psk_set_server_params_function.3

doc/manpages/gnutls_record_check_pending.3

doc/manpages/gnutls_record_disable_padding.3

doc/manpages/gnutls_record_get_direction.3

doc/manpages/gnutls_record_get_max_size.3

doc/manpages/gnutls_record_recv.3

doc/manpages/gnutls_record_send.3

doc/manpages/gnutls_record_set_max_size.3

doc/manpages/gnutls_register_md5_handler.3

doc/manpages/gnutls_rehandshake.3

doc/manpages/gnutls_rsa_export_get_modulus_bits.3

doc/manpages/gnutls_rsa_export_get_pubkey.3

doc/manpages/gnutls_rsa_params_cpy.3

doc/manpages/gnutls_rsa_params_deinit.3

doc/manpages/gnutls_rsa_params_export_pkcs1.3

doc/manpages/gnutls_rsa_params_export_raw.3

doc/manpages/gnutls_rsa_params_generate2.3

doc/manpages/gnutls_rsa_params_import_pkcs1.3

doc/manpages/gnutls_rsa_params_import_raw.3

doc/manpages/gnutls_rsa_params_init.3

doc/manpages/gnutls_safe_renegotiation_status.3

doc/manpages/gnutls_server_name_get.3

doc/manpages/gnutls_server_name_set.3

doc/manpages/gnutls_session_enable_compatibility_mode.3

doc/manpages/gnutls_session_get_data.3

doc/manpages/gnutls_session_get_data2.3

doc/manpages/gnutls_session_get_id.3

doc/manpages/gnutls_session_get_ptr.3

doc/manpages/gnutls_session_is_resumed.3

doc/manpages/gnutls_session_set_data.3

doc/manpages/gnutls_session_set_ptr.3

doc/manpages/gnutls_session_ticket_enable_client.3

doc/manpages/gnutls_session_ticket_enable_server.3

doc/manpages/gnutls_session_ticket_key_generate.3

doc/manpages/gnutls_set_default_export_priority.3

doc/manpages/gnutls_set_default_priority.3

doc/manpages/gnutls_sign_algorithm_get_name.3

doc/manpages/gnutls_sign_algorithm_get_requested.3

doc/manpages/gnutls_sign_callback_get.3

doc/manpages/gnutls_sign_callback_set.3

doc/manpages/gnutls_sign_get_id.3

doc/manpages/gnutls_sign_get_name.3

doc/manpages/gnutls_sign_list.3

doc/manpages/gnutls_srp_allocate_client_credentials.3

doc/manpages/gnutls_srp_allocate_server_credentials.3

doc/manpages/gnutls_srp_base64_decode.3

doc/manpages/gnutls_srp_base64_decode_alloc.3

doc/manpages/gnutls_srp_base64_encode.3

doc/manpages/gnutls_srp_base64_encode_alloc.3

doc/manpages/gnutls_srp_free_client_credentials.3

doc/manpages/gnutls_srp_free_server_credentials.3

doc/manpages/gnutls_srp_server_get_username.3

doc/manpages/gnutls_srp_set_client_credentials.3

doc/manpages/gnutls_srp_set_client_credentials_function.3

doc/manpages/gnutls_srp_set_prime_bits.3

doc/manpages/gnutls_srp_set_server_credentials_file.3

doc/manpages/gnutls_srp_set_server_credentials_function.3

doc/manpages/gnutls_srp_verifier.3

doc/manpages/gnutls_strerror.3

doc/manpages/gnutls_strerror_name.3

doc/manpages/gnutls_supplemental_get_name.3

doc/manpages/gnutls_transport_get_ptr.3

doc/manpages/gnutls_transport_get_ptr2.3

doc/manpages/gnutls_transport_set_errno.3

doc/manpages/gnutls_transport_set_global_errno.3

doc/manpages/gnutls_transport_set_lowat.3

doc/manpages/gnutls_transport_set_ptr.3

doc/manpages/gnutls_transport_set_ptr2.3

doc/manpages/gnutls_transport_set_pull_function.3

doc/manpages/gnutls_transport_set_push_function.3

doc/manpages/gnutls_x509_crl_check_issuer.3

doc/manpages/gnutls_x509_crl_deinit.3

doc/manpages/gnutls_x509_crl_export.3

doc/manpages/gnutls_x509_crl_get_authority_key_id.3

doc/manpages/gnutls_x509_crl_get_crt_count.3

doc/manpages/gnutls_x509_crl_get_crt_serial.3

doc/manpages/gnutls_x509_crl_get_dn_oid.3

doc/manpages/gnutls_x509_crl_get_extension_data.3

doc/manpages/gnutls_x509_crl_get_extension_info.3

doc/manpages/gnutls_x509_crl_get_extension_oid.3

doc/manpages/gnutls_x509_crl_get_issuer_dn.3

doc/manpages/gnutls_x509_crl_get_issuer_dn_by_oid.3

doc/manpages/gnutls_x509_crl_get_next_update.3

doc/manpages/gnutls_x509_crl_get_number.3

doc/manpages/gnutls_x509_crl_get_signature.3

doc/manpages/gnutls_x509_crl_get_signature_algorithm.3

doc/manpages/gnutls_x509_crl_get_this_update.3

doc/manpages/gnutls_x509_crl_get_version.3

doc/manpages/gnutls_x509_crl_import.3

doc/manpages/gnutls_x509_crl_init.3

doc/manpages/gnutls_x509_crl_print.3

doc/manpages/gnutls_x509_crl_set_authority_key_id.3

doc/manpages/gnutls_x509_crl_set_crt.3

doc/manpages/gnutls_x509_crl_set_crt_serial.3

doc/manpages/gnutls_x509_crl_set_next_update.3

doc/manpages/gnutls_x509_crl_set_number.3

doc/manpages/gnutls_x509_crl_set_this_update.3

doc/manpages/gnutls_x509_crl_set_version.3

doc/manpages/gnutls_x509_crl_sign.3

doc/manpages/gnutls_x509_crl_sign2.3

doc/manpages/gnutls_x509_crl_verify.3

doc/manpages/gnutls_x509_crq_deinit.3

doc/manpages/gnutls_x509_crq_export.3

doc/manpages/gnutls_x509_crq_get_attribute_by_oid.3

doc/manpages/gnutls_x509_crq_get_attribute_data.3

doc/manpages/gnutls_x509_crq_get_attribute_info.3

doc/manpages/gnutls_x509_crq_get_basic_constraints.3

doc/manpages/gnutls_x509_crq_get_challenge_password.3

doc/manpages/gnutls_x509_crq_get_dn.3

doc/manpages/gnutls_x509_crq_get_dn_by_oid.3

doc/manpages/gnutls_x509_crq_get_dn_oid.3

doc/manpages/gnutls_x509_crq_get_extension_by_oid.3

doc/manpages/gnutls_x509_crq_get_extension_data.3

doc/manpages/gnutls_x509_crq_get_extension_info.3

doc/manpages/gnutls_x509_crq_get_key_id.3

doc/manpages/gnutls_x509_crq_get_key_purpose_oid.3

doc/manpages/gnutls_x509_crq_get_key_rsa_raw.3

doc/manpages/gnutls_x509_crq_get_key_usage.3

doc/manpages/gnutls_x509_crq_get_pk_algorithm.3

doc/manpages/gnutls_x509_crq_get_subject_alt_name.3

doc/manpages/gnutls_x509_crq_get_subject_alt_othername_oid.3

doc/manpages/gnutls_x509_crq_get_version.3

doc/manpages/gnutls_x509_crq_import.3

doc/manpages/gnutls_x509_crq_init.3

doc/manpages/gnutls_x509_crq_print.3

doc/manpages/gnutls_x509_crq_set_attribute_by_oid.3

doc/manpages/gnutls_x509_crq_set_basic_constraints.3

doc/manpages/gnutls_x509_crq_set_challenge_password.3

doc/manpages/gnutls_x509_crq_set_dn_by_oid.3

doc/manpages/gnutls_x509_crq_set_key.3

doc/manpages/gnutls_x509_crq_set_key_purpose_oid.3

doc/manpages/gnutls_x509_crq_set_key_rsa_raw.3

doc/manpages/gnutls_x509_crq_set_key_usage.3

doc/manpages/gnutls_x509_crq_set_subject_alt_name.3

doc/manpages/gnutls_x509_crq_set_version.3

doc/manpages/gnutls_x509_crq_sign.3

doc/manpages/gnutls_x509_crq_sign2.3

doc/manpages/gnutls_x509_crt_check_hostname.3

doc/manpages/gnutls_x509_crt_check_issuer.3

doc/manpages/gnutls_x509_crt_check_revocation.3

doc/manpages/gnutls_x509_crt_cpy_crl_dist_points.3

doc/manpages/gnutls_x509_crt_deinit.3

doc/manpages/gnutls_x509_crt_export.3

doc/manpages/gnutls_x509_crt_get_activation_time.3

doc/manpages/gnutls_x509_crt_get_authority_key_id.3

doc/manpages/gnutls_x509_crt_get_basic_constraints.3

doc/manpages/gnutls_x509_crt_get_ca_status.3

doc/manpages/gnutls_x509_crt_get_crl_dist_points.3

doc/manpages/gnutls_x509_crt_get_dn.3

doc/manpages/gnutls_x509_crt_get_dn_by_oid.3

doc/manpages/gnutls_x509_crt_get_dn_oid.3

doc/manpages/gnutls_x509_crt_get_expiration_time.3

doc/manpages/gnutls_x509_crt_get_extension_by_oid.3

doc/manpages/gnutls_x509_crt_get_extension_data.3

doc/manpages/gnutls_x509_crt_get_extension_info.3

doc/manpages/gnutls_x509_crt_get_extension_oid.3

doc/manpages/gnutls_x509_crt_get_fingerprint.3

doc/manpages/gnutls_x509_crt_get_issuer.3

doc/manpages/gnutls_x509_crt_get_issuer_alt_name.3

doc/manpages/gnutls_x509_crt_get_issuer_alt_name2.3

doc/manpages/gnutls_x509_crt_get_issuer_alt_othername_oid.3

doc/manpages/gnutls_x509_crt_get_issuer_dn.3

doc/manpages/gnutls_x509_crt_get_issuer_dn_by_oid.3

doc/manpages/gnutls_x509_crt_get_issuer_dn_oid.3

doc/manpages/gnutls_x509_crt_get_key_id.3

doc/manpages/gnutls_x509_crt_get_key_purpose_oid.3

doc/manpages/gnutls_x509_crt_get_key_usage.3

doc/manpages/gnutls_x509_crt_get_pk_algorithm.3

doc/manpages/gnutls_x509_crt_get_pk_dsa_raw.3

doc/manpages/gnutls_x509_crt_get_pk_rsa_raw.3

doc/manpages/gnutls_x509_crt_get_proxy.3

doc/manpages/gnutls_x509_crt_get_raw_dn.3

doc/manpages/gnutls_x509_crt_get_raw_issuer_dn.3

doc/manpages/gnutls_x509_crt_get_serial.3

doc/manpages/gnutls_x509_crt_get_signature.3

doc/manpages/gnutls_x509_crt_get_signature_algorithm.3

doc/manpages/gnutls_x509_crt_get_subject.3

doc/manpages/gnutls_x509_crt_get_subject_alt_name.3

doc/manpages/gnutls_x509_crt_get_subject_alt_name2.3

doc/manpages/gnutls_x509_crt_get_subject_alt_othername_oid.3

doc/manpages/gnutls_x509_crt_get_subject_key_id.3

doc/manpages/gnutls_x509_crt_get_verify_algorithm.3

doc/manpages/gnutls_x509_crt_get_version.3

doc/manpages/gnutls_x509_crt_import.3

doc/manpages/gnutls_x509_crt_init.3

doc/manpages/gnutls_x509_crt_list_import.3

doc/manpages/gnutls_x509_crt_list_verify.3

doc/manpages/gnutls_x509_crt_print.3

doc/manpages/gnutls_x509_crt_set_activation_time.3

doc/manpages/gnutls_x509_crt_set_authority_key_id.3

doc/manpages/gnutls_x509_crt_set_basic_constraints.3

doc/manpages/gnutls_x509_crt_set_ca_status.3

doc/manpages/gnutls_x509_crt_set_crl_dist_points.3

doc/manpages/gnutls_x509_crt_set_crl_dist_points2.3

doc/manpages/gnutls_x509_crt_set_crq.3

doc/manpages/gnutls_x509_crt_set_crq_extensions.3

doc/manpages/gnutls_x509_crt_set_dn_by_oid.3

doc/manpages/gnutls_x509_crt_set_expiration_time.3

doc/manpages/gnutls_x509_crt_set_extension_by_oid.3

doc/manpages/gnutls_x509_crt_set_issuer_dn_by_oid.3

doc/manpages/gnutls_x509_crt_set_key.3

doc/manpages/gnutls_x509_crt_set_key_purpose_oid.3

doc/manpages/gnutls_x509_crt_set_key_usage.3

doc/manpages/gnutls_x509_crt_set_proxy.3

doc/manpages/gnutls_x509_crt_set_proxy_dn.3

doc/manpages/gnutls_x509_crt_set_serial.3

doc/manpages/gnutls_x509_crt_set_subject_alt_name.3

doc/manpages/gnutls_x509_crt_set_subject_alternative_name.3

doc/manpages/gnutls_x509_crt_set_subject_key_id.3

doc/manpages/gnutls_x509_crt_set_version.3

doc/manpages/gnutls_x509_crt_sign.3

doc/manpages/gnutls_x509_crt_sign2.3

doc/manpages/gnutls_x509_crt_verify.3

doc/manpages/gnutls_x509_crt_verify_data.3

doc/manpages/gnutls_x509_crt_verify_hash.3

doc/manpages/gnutls_x509_dn_deinit.3

doc/manpages/gnutls_x509_dn_export.3

doc/manpages/gnutls_x509_dn_get_rdn_ava.3

doc/manpages/gnutls_x509_dn_import.3

doc/manpages/gnutls_x509_dn_init.3

doc/manpages/gnutls_x509_dn_oid_known.3

doc/manpages/gnutls_x509_privkey_cpy.3

doc/manpages/gnutls_x509_privkey_deinit.3

doc/manpages/gnutls_x509_privkey_export.3

doc/manpages/gnutls_x509_privkey_export_dsa_raw.3

doc/manpages/gnutls_x509_privkey_export_pkcs8.3

doc/manpages/gnutls_x509_privkey_export_rsa_raw.3

doc/manpages/gnutls_x509_privkey_fix.3

doc/manpages/gnutls_x509_privkey_generate.3

doc/manpages/gnutls_x509_privkey_get_key_id.3

doc/manpages/gnutls_x509_privkey_get_pk_algorithm.3

doc/manpages/gnutls_x509_privkey_import.3

doc/manpages/gnutls_x509_privkey_import_dsa_raw.3

doc/manpages/gnutls_x509_privkey_import_pkcs8.3

doc/manpages/gnutls_x509_privkey_import_rsa_raw.3

doc/manpages/gnutls_x509_privkey_init.3

doc/manpages/gnutls_x509_privkey_sign_data.3

doc/manpages/gnutls_x509_privkey_sign_hash.3

doc/manpages/gnutls_x509_privkey_verify_data.3

doc/manpages/gnutls_x509_rdn_get.3

doc/manpages/gnutls_x509_rdn_get_by_oid.3

doc/manpages/gnutls_x509_rdn_get_oid.3

doc/manpages/srptool.1

doc/pgp-api.texi

doc/printlist.c

doc/reference/Makefile.in

doc/reference/gnutls-docs.sgml

doc/reference/gnutls-sections.txt

doc/reference/html/api-index-2-10-0.html

doc/reference/html/api-index-2-4-0.html

doc/reference/html/api-index-2-6-0.html

doc/reference/html/api-index-2-8-0.html

doc/reference/html/api-index-deprecated.html

doc/reference/html/api-index-full.html

doc/reference/html/gnutls-crypto.html

doc/reference/html/gnutls-extra.html

doc/reference/html/gnutls-gnutls.html

doc/reference/html/gnutls-openpgp.html

doc/reference/html/gnutls-openssl.html

doc/reference/html/gnutls-pkcs12.html

doc/reference/html/gnutls-x509.html

doc/reference/html/gnutls.devhelp

doc/reference/html/gnutls.devhelp2

doc/reference/html/index.html

doc/reference/html/index.sgml

doc/reference/html/intro.html

doc/reference/html/style.css

doc/reference/tmpl/crypto.sgml

doc/reference/tmpl/extra.sgml

doc/reference/tmpl/gnutls-unused.sgml

doc/reference/tmpl/gnutls.sgml

doc/reference/tmpl/netdb.sgml

doc/reference/tmpl/openpgp.sgml

doc/reference/tmpl/openssl.sgml

doc/reference/tmpl/pkcs12.sgml

doc/reference/tmpl/x509.sgml

doc/scripts/Makefile.in

doc/stamp-vti

doc/version.texi

doc/x509-api.texi

gl/Makefile.am

gl/Makefile.in

gl/accept.c

gl/alignof.h

gl/alloca.c

gl/alloca.in.h

gl/arpa_inet.in.h

gl/asnprintf.c

gl/bind.c

gl/c-ctype.c

gl/c-ctype.h

gl/close-hook.c

gl/close-hook.h

gl/close.c

gl/connect.c

gl/errno.in.h

gl/error.c

gl/error.h

gl/fclose.c

gl/float+.h

gl/float.in.h

gl/fseeko.c

gl/gai_strerror.c

gl/getaddrinfo.c

gl/getdelim.c

gl/getline.c

gl/getpass.c

gl/getpass.h

gl/gettext.h

gl/gettime.c

gl/gettimeofday.c

gl/inet_ntop.c

gl/inet_pton.c

gl/intprops.h

gl/listen.c

gl/lseek.c

gl/m4/00gnulib.m4

gl/m4/alloca.m4

gl/m4/arpa_inet_h.m4

gl/m4/asm-underscore.m4

gl/m4/autobuild.m4

gl/m4/clock_time.m4

gl/m4/close.m4

gl/m4/errno_h.m4

gl/m4/error.m4

gl/m4/extensions.m4

gl/m4/fclose.m4

gl/m4/float_h.m4

gl/m4/fseeko.m4

gl/m4/getaddrinfo.m4

gl/m4/getdelim.m4

gl/m4/getline.m4

gl/m4/getpass.m4

gl/m4/gettime.m4

gl/m4/gettimeofday.m4

gl/m4/gnulib-cache.m4

gl/m4/gnulib-common.m4

gl/m4/gnulib-comp.m4

gl/m4/hostent.m4

gl/m4/include_next.m4

gl/m4/inet_ntop.m4

gl/m4/inet_pton.m4

gl/m4/intmax_t.m4

gl/m4/ioctl.m4

gl/m4/lseek.m4

gl/m4/malloc.m4

gl/m4/manywarnings.m4

gl/m4/memchr.m4

gl/m4/minmax.m4

gl/m4/mmap-anon.m4

gl/m4/multiarch.m4

gl/m4/netdb_h.m4

gl/m4/netinet_in_h.m4

gl/m4/perror.m4

gl/m4/printf.m4

gl/m4/read-file.m4

gl/m4/readline.m4

gl/m4/realloc.m4

gl/m4/select.m4

gl/m4/servent.m4

gl/m4/snprintf.m4

gl/m4/sockets.m4

gl/m4/socklen.m4

gl/m4/sockpfaf.m4

gl/m4/stdarg.m4

gl/m4/stdbool.m4

gl/m4/stddef_h.m4

gl/m4/stdint.m4

gl/m4/stdio_h.m4

gl/m4/stdlib_h.m4

gl/m4/strerror.m4

gl/m4/string_h.m4

gl/m4/sys_ioctl_h.m4

gl/m4/sys_select_h.m4

gl/m4/sys_socket_h.m4

gl/m4/sys_stat_h.m4

gl/m4/sys_time_h.m4

gl/m4/time_h.m4

gl/m4/timespec.m4

gl/m4/ungetc.m4

gl/m4/unistd_h.m4

gl/m4/valgrind-tests.m4

gl/m4/vasnprintf.m4

gl/m4/version-etc.m4

gl/m4/warn-on-use.m4

gl/m4/warnings.m4

gl/memchr.c

gl/minmax.h

gl/netdb.in.h

gl/netinet_in.in.h

gl/perror.c

gl/printf-args.c

gl/printf-args.h

gl/printf-parse.c

gl/printf-parse.h

gl/progname.c

gl/progname.h

gl/read-file.c

gl/read-file.h

gl/readline.c

gl/readline.h

gl/realloc.c

gl/recv.c

gl/select.c

gl/send.c

gl/setsockopt.c

gl/shutdown.c

gl/size_max.h

gl/snprintf.c

gl/socket.c

gl/sockets.c

gl/sockets.h

gl/stdarg.in.h

gl/stdbool.in.h

gl/stddef.in.h

gl/stdint.in.h

gl/stdio-impl.h

gl/stdio-write.c

gl/stdio.in.h

gl/stdlib.in.h

gl/strerror.c

gl/string.in.h

gl/sys_select.in.h

gl/sys_socket.in.h

gl/sys_stat.in.h

gl/sys_time.in.h

gl/tests/Makefile.am

gl/tests/Makefile.in

gl/tests/dummy.c

gl/tests/init.sh

gl/tests/ioctl.c

gl/tests/macros.h

gl/tests/signature.h

gl/tests/sys_ioctl.in.h

gl/tests/test-alignof.c

gl/tests/test-alloca-opt.c

gl/tests/test-arpa_inet.c

gl/tests/test-c-ctype.c

gl/tests/test-errno.c

gl/tests/test-fseeko.c

gl/tests/test-getaddrinfo.c

gl/tests/test-getdelim.c

gl/tests/test-getline.c

gl/tests/test-gettimeofday.c

gl/tests/test-inet_ntop.c

gl/tests/test-inet_pton.c

gl/tests/test-lseek.c

gl/tests/test-memchr.c

gl/tests/test-netdb.c

gl/tests/test-netinet_in.c

gl/tests/test-perror.c

gl/tests/test-read-file.c

gl/tests/test-select-fd.c

gl/tests/test-select-stdin.c

gl/tests/test-select.c

gl/tests/test-snprintf.c

gl/tests/test-sockets.c

gl/tests/test-stdbool.c

gl/tests/test-stddef.c

gl/tests/test-stdint.c

gl/tests/test-stdio.c

gl/tests/test-stdlib.c

gl/tests/test-strerror.c

gl/tests/test-string.c

gl/tests/test-sys_ioctl.c

gl/tests/test-sys_select.c

gl/tests/test-sys_socket.c

gl/tests/test-sys_stat.c

gl/tests/test-sys_time.c

gl/tests/test-time.c

gl/tests/test-unistd.c

gl/tests/test-update-copyright.sh

gl/tests/test-vasnprintf.c

gl/tests/test-vc-list-files-cvs.sh

gl/tests/test-vc-list-files-git.sh

gl/tests/test-verify.c

gl/tests/test-version-etc.c

gl/tests/test-version-etc.sh

gl/tests/w32sock.h

gl/tests/zerosize-ptr.h

gl/time.in.h

gl/timespec.h

gl/unistd.in.h

gl/vasnprintf.c

gl/vasnprintf.h

gl/version-etc-fsf.c

gl/version-etc.c

gl/version-etc.h

gl/w32sock.h

gl/xsize.h

gtk-doc.make

guile/Makefile.in

guile/modules/Makefile.am

guile/modules/Makefile.in

guile/modules/system/documentation/c-snarf.scm

guile/src/Makefile.in

guile/src/core.c

guile/src/errors.c

guile/src/extra.c

guile/src/utils.c

guile/src/utils.h

guile/tests/Makefile.am

guile/tests/Makefile.in

guile/tests/anonymous-auth.scm

guile/tests/errors.scm

guile/tests/openpgp-auth.scm

guile/tests/openpgp-keyring.scm

guile/tests/openpgp-keys.scm

guile/tests/openpgp-pub.asc

guile/tests/openpgp-sec.asc

guile/tests/pkcs-import-export.scm

guile/tests/session-record-port.scm

guile/tests/srp-base64.scm

guile/tests/x509-auth.scm

guile/tests/x509-certificates.scm

lib/Makefile.am

lib/Makefile.in

lib/aclocal.m4

lib/auth_anon.c

lib/auth_cert.c

lib/auth_cert.h

lib/auth_dh_common.c

lib/auth_dh_common.h

lib/auth_dhe.c

lib/auth_dhe_psk.c

lib/auth_psk.c

lib/auth_psk.h

lib/auth_psk_passwd.c

lib/auth_psk_passwd.h

lib/auth_rsa.c

lib/auth_rsa_export.c

lib/auth_srp.c

lib/auth_srp.h

lib/auth_srp_passwd.c

lib/auth_srp_passwd.h

lib/auth_srp_rsa.c

lib/auth_srp_sb64.c

lib/build-aux/config.guess

lib/build-aux/config.rpath

lib/build-aux/config.sub

lib/build-aux/ltmain.sh

lib/config.h.in

lib/configure

lib/configure.ac

lib/crypto-api.c

lib/crypto.c

lib/crypto.h

lib/cryptodev.c

lib/debug.c

lib/debug.h

lib/ext_cert_type.c

lib/ext_cert_type.h

lib/ext_max_record.c

lib/ext_max_record.h

lib/ext_safe_renegotiation.c

lib/ext_safe_renegotiation.h

lib/ext_server_name.c

lib/ext_server_name.h

lib/ext_session_ticket.c

lib/ext_session_ticket.h

lib/ext_signature.c

lib/ext_signature.h

lib/ext_srp.c

lib/ext_srp.h

lib/gl/Makefile.am

lib/gl/Makefile.in

lib/gl/alignof.h

lib/gl/alloca.in.h

lib/gl/asnprintf.c

lib/gl/asprintf.c

lib/gl/byteswap.in.h

lib/gl/c-ctype.c

lib/gl/c-ctype.h

lib/gl/errno.in.h

lib/gl/float+.h

lib/gl/float.in.h

lib/gl/fseeko.c

lib/gl/gettext.h

lib/gl/lseek.c

lib/gl/m4/00gnulib.m4

lib/gl/m4/alloca.m4

lib/gl/m4/byteswap.m4

lib/gl/m4/errno_h.m4

lib/gl/m4/extensions.m4

lib/gl/m4/float_h.m4

lib/gl/m4/fseeko.m4

lib/gl/m4/func.m4

lib/gl/m4/gnulib-cache.m4

lib/gl/m4/gnulib-common.m4

lib/gl/m4/gnulib-comp.m4

lib/gl/m4/include_next.m4

lib/gl/m4/intmax_t.m4

lib/gl/m4/ld-output-def.m4

lib/gl/m4/ld-version-script.m4

lib/gl/m4/lseek.m4

lib/gl/m4/malloc.m4

lib/gl/m4/memchr.m4

lib/gl/m4/memmem.m4

lib/gl/m4/minmax.m4

lib/gl/m4/mmap-anon.m4

lib/gl/m4/multiarch.m4

lib/gl/m4/netdb_h.m4

lib/gl/m4/printf.m4

lib/gl/m4/read-file.m4

lib/gl/m4/realloc.m4

lib/gl/m4/snprintf.m4

lib/gl/m4/sockets.m4

lib/gl/m4/socklen.m4

lib/gl/m4/stdbool.m4

lib/gl/m4/stddef_h.m4

lib/gl/m4/stdint.m4

lib/gl/m4/stdio_h.m4

lib/gl/m4/stdlib_h.m4

lib/gl/m4/strcase.m4

lib/gl/m4/string_h.m4

lib/gl/m4/strings_h.m4

lib/gl/m4/strverscmp.m4

lib/gl/m4/sys_socket_h.m4

lib/gl/m4/sys_stat_h.m4

lib/gl/m4/time_h.m4

lib/gl/m4/time_r.m4

lib/gl/m4/ungetc.m4

lib/gl/m4/unistd_h.m4

lib/gl/m4/vasnprintf.m4

lib/gl/m4/vasprintf.m4

lib/gl/m4/vsnprintf.m4

lib/gl/m4/warn-on-use.m4

lib/gl/m4/wchar_h.m4

lib/gl/memchr.c

lib/gl/memmem.c

lib/gl/minmax.h

lib/gl/netdb.in.h

lib/gl/printf-args.c

lib/gl/printf-args.h

lib/gl/printf-parse.c

lib/gl/printf-parse.h

lib/gl/read-file.c

lib/gl/read-file.h

lib/gl/realloc.c

lib/gl/size_max.h

lib/gl/snprintf.c

lib/gl/sockets.c

lib/gl/sockets.h

lib/gl/stdbool.in.h

lib/gl/stddef.in.h

lib/gl/stdint.in.h

lib/gl/stdio-impl.h

lib/gl/stdio.in.h

lib/gl/stdlib.in.h

lib/gl/str-two-way.h

lib/gl/strcasecmp.c

lib/gl/string.in.h

lib/gl/strings.in.h

lib/gl/strncasecmp.c

lib/gl/strverscmp.c

lib/gl/sys_socket.in.h

lib/gl/sys_stat.in.h

lib/gl/tests/Makefile.am

lib/gl/tests/Makefile.in

lib/gl/tests/dummy.c

lib/gl/tests/init.sh

lib/gl/tests/intprops.h

lib/gl/tests/macros.h

lib/gl/tests/signature.h

lib/gl/tests/test-alloca-opt.c

lib/gl/tests/test-byteswap.c

lib/gl/tests/test-c-ctype.c

lib/gl/tests/test-errno.c

lib/gl/tests/test-fseeko.c

lib/gl/tests/test-func.c

lib/gl/tests/test-memchr.c

lib/gl/tests/test-netdb.c

lib/gl/tests/test-read-file.c

lib/gl/tests/test-snprintf.c

lib/gl/tests/test-sockets.c

lib/gl/tests/test-stdbool.c

lib/gl/tests/test-stddef.c

lib/gl/tests/test-stdint.c

lib/gl/tests/test-stdio.c

lib/gl/tests/test-stdlib.c

lib/gl/tests/test-string.c

lib/gl/tests/test-strings.c

lib/gl/tests/test-strverscmp.c

lib/gl/tests/test-sys_socket.c

lib/gl/tests/test-sys_stat.c

lib/gl/tests/test-time.c

lib/gl/tests/test-unistd.c

lib/gl/tests/test-vasnprintf.c

lib/gl/tests/test-vasprintf.c

lib/gl/tests/test-verify.c

lib/gl/tests/test-vsnprintf.c

lib/gl/tests/test-wchar.c

lib/gl/tests/zerosize-ptr.h

lib/gl/time.in.h

lib/gl/time_r.c

lib/gl/unistd.in.h

lib/gl/vasnprintf.c

lib/gl/vasnprintf.h

lib/gl/vasprintf.c

lib/gl/vsnprintf.c

lib/gl/w32sock.h

lib/gl/wchar.in.h

lib/gl/xsize.h

lib/gnutls.pc.in

lib/gnutls_alert.c

lib/gnutls_algorithms.c

lib/gnutls_algorithms.h

lib/gnutls_anon_cred.c

lib/gnutls_auth.c

lib/gnutls_auth.h

lib/gnutls_buffers.c

lib/gnutls_buffers.h

lib/gnutls_cert.c

lib/gnutls_cert.h

lib/gnutls_cipher.c

lib/gnutls_cipher.h

lib/gnutls_cipher_int.c

lib/gnutls_cipher_int.h

lib/gnutls_compress.c

lib/gnutls_compress.h

lib/gnutls_constate.c

lib/gnutls_constate.h

lib/gnutls_datum.c

lib/gnutls_datum.h

lib/gnutls_db.c

lib/gnutls_db.h

lib/gnutls_dh.c

lib/gnutls_dh.h

lib/gnutls_dh_primes.c

lib/gnutls_errors.c

lib/gnutls_errors.h

lib/gnutls_extensions.c

lib/gnutls_extensions.h

lib/gnutls_global.c

lib/gnutls_global.h

lib/gnutls_handshake.c

lib/gnutls_handshake.h

lib/gnutls_hash_int.c

lib/gnutls_hash_int.h

lib/gnutls_int.h

lib/gnutls_kx.c

lib/gnutls_kx.h

lib/gnutls_mem.h

lib/gnutls_mpi.c

lib/gnutls_mpi.h

lib/gnutls_num.c

lib/gnutls_num.h

lib/gnutls_pk.c

lib/gnutls_pk.h

lib/gnutls_priority.c

lib/gnutls_psk.c

lib/gnutls_psk_netconf.c

lib/gnutls_record.c

lib/gnutls_record.h

lib/gnutls_rsa_export.c

lib/gnutls_session.c

lib/gnutls_session_pack.c

lib/gnutls_session_pack.h

lib/gnutls_sig.c

lib/gnutls_sig.h

lib/gnutls_srp.c

lib/gnutls_srp.h

lib/gnutls_state.c

lib/gnutls_state.h

lib/gnutls_str.c

lib/gnutls_str.h

lib/gnutls_supplemental.c

lib/gnutls_supplemental.h

lib/gnutls_ui.c

lib/gnutls_v2_compat.c

lib/gnutls_v2_compat.h

lib/gnutls_x509.c

lib/gnutls_x509.h

lib/gnutlsxx.cpp

lib/includes/Makefile.am

lib/includes/Makefile.in

lib/includes/gnutls/compat.h

lib/includes/gnutls/crypto.h

lib/includes/gnutls/gnutls.h.in

lib/includes/gnutls/gnutlsxx.h

lib/includes/gnutls/openpgp.h

lib/includes/gnutls/pkcs12.h

lib/includes/gnutls/x509.h

lib/libgnutls.map

lib/libgnutlsxx.map

lib/m4/hooks.m4

lib/m4/libtool.m4

lib/m4/ltversion.m4

lib/minitasn1/Makefile.in

lib/minitasn1/coding.c

lib/minitasn1/element.c

lib/minitasn1/libtasn1.h

lib/minitasn1/structure.c

lib/opencdk/Makefile.am

lib/opencdk/Makefile.in

lib/opencdk/armor.c

lib/opencdk/context.h

lib/opencdk/dummy.c

lib/opencdk/filters.h

lib/opencdk/hash.c

lib/opencdk/kbnode.c

lib/opencdk/keydb.c

lib/opencdk/keydb.h

lib/opencdk/literal.c

lib/opencdk/main.c

lib/opencdk/main.h

lib/opencdk/misc.c

lib/opencdk/new-packet.c

lib/opencdk/opencdk.h

lib/opencdk/packet.h

lib/opencdk/pubkey.c

lib/opencdk/read-packet.c

lib/opencdk/seskey.c

lib/opencdk/sig-check.c

lib/opencdk/stream.c

lib/opencdk/stream.h

lib/opencdk/types.h

lib/opencdk/write-packet.c

lib/openpgp/Makefile.in

lib/openpgp/compat.c

lib/openpgp/extras.c

lib/openpgp/gnutls_openpgp.c

lib/openpgp/gnutls_openpgp.h

lib/openpgp/openpgp_int.h

lib/openpgp/output.c

lib/openpgp/pgp.c

lib/openpgp/pgpverify.c

lib/openpgp/privkey.c

lib/pkix.asn

lib/pkix_asn1_tab.c

lib/po/cs.gmo

lib/po/cs.po

lib/po/de.gmo

lib/po/de.po

lib/po/en@boldquot.gmo

lib/po/en@boldquot.po

lib/po/en@quot.gmo

lib/po/en@quot.po

lib/po/fr.gmo

lib/po/fr.po

lib/po/it.gmo

lib/po/it.po

lib/po/libgnutls.pot

lib/po/ms.gmo

lib/po/ms.po

lib/po/nl.gmo

lib/po/nl.po

lib/po/pl.gmo

lib/po/pl.po

lib/po/sv.gmo

lib/po/sv.po

lib/po/vi.gmo

lib/po/vi.po

lib/po/zh_CN.gmo

lib/po/zh_CN.po

lib/random.c

lib/random.h

lib/x509/Makefile.in

lib/x509/common.c

lib/x509/common.h

lib/x509/crl.c

lib/x509/crl_write.c

lib/x509/crq.c

lib/x509/dn.c

lib/x509/extensions.c

lib/x509/mpi.c

lib/x509/output.c

lib/x509/pbkdf2-sha1.c

lib/x509/pbkdf2-sha1.h

lib/x509/pkcs12.c

lib/x509/pkcs12_bag.c

lib/x509/pkcs12_encr.c

lib/x509/pkcs7.c

lib/x509/privkey.c

lib/x509/privkey_pkcs8.c

lib/x509/rfc2818_hostname.c

lib/x509/sign.c

lib/x509/verify.c

lib/x509/x509.c

lib/x509/x509_int.h

lib/x509/x509_write.c

lib/x509_b64.c

lib/x509_b64.h

libextra/Makefile.am

libextra/Makefile.in

libextra/aclocal.m4

libextra/build-aux/config.guess

libextra/build-aux/config.rpath

libextra/build-aux/config.sub

libextra/build-aux/ltmain.sh

libextra/config.h.in

libextra/configure

libextra/configure.ac

libextra/ext_inner_application.c

libextra/ext_inner_application.h

libextra/fipsmd5.c

libextra/gl/Makefile.in

libextra/gl/gnulib.mk

libextra/gl/hmac-md5.c

libextra/gl/hmac.h

libextra/gl/m4/00gnulib.m4

libextra/gl/m4/extensions.m4

libextra/gl/m4/gnulib-common.m4

libextra/gl/m4/gnulib-comp.m4

libextra/gl/m4/hmac-md5.m4

libextra/gl/m4/ld-output-def.m4

libextra/gl/m4/ld-version-script.m4

libextra/gl/m4/lib-ld.m4

libextra/gl/m4/lib-link.m4

libextra/gl/m4/lib-prefix.m4

libextra/gl/m4/md5.m4

libextra/gl/m4/memxor.m4

libextra/gl/md5.c

libextra/gl/md5.h

libextra/gl/memxor.c

libextra/gl/memxor.h

libextra/gnutls_extra.c

libextra/gnutls_ia.c

libextra/gnutls_openssl.c

libextra/includes/Makefile.in

libextra/includes/gnutls/extra.h

libextra/includes/gnutls/openssl.h

libextra/m4/libtool.m4

libextra/m4/ltversion.m4

libextra/openssl_compat.c

libextra/openssl_compat.h

m4/libtool.m4

m4/ltversion.m4

maint.mk

src/Makefile.am

src/Makefile.in

src/benchmark.c

src/certtool-cfg.c

src/certtool-cfg.h

src/certtool-common.h

src/certtool-gaa.c

src/certtool-gaa.h

src/certtool.c

src/certtool.gaa

src/cfg/Makefile.in

src/cfg/platon/Makefile.in

src/cfg/platon/str/Makefile.in

src/cli-gaa.c

src/cli-gaa.h

src/cli.c

src/cli.gaa

src/common.c

src/common.h

src/crypt-gaa.c

src/crypt-gaa.h

src/crypt.c

src/crypt.gaa

src/prime.c

src/psk-gaa.c

src/psk-gaa.h

src/psk.c

src/psk.gaa

src/serv-gaa.c

src/serv-gaa.h

src/serv.c

src/serv.gaa

src/tests.c

src/tests.h

src/tls_test.c

tests/Makefile.am

tests/Makefile.in

tests/anonself.c

tests/certder.c

tests/certificate_set_x509_crl.c

tests/chainverify.c

tests/crq_apis.c

tests/crq_key_id.c

tests/crypto_rng.c

tests/cve-2008-4989.c

tests/cve-2009-1415.c

tests/cve-2009-1416.c

tests/dhepskself.c

tests/dn.c

tests/dn2.c

tests/gc.c

tests/hostname-check.c

tests/init_roundtrip.c

tests/key-id/Makefile.in

tests/mini-eagain.c

tests/mini-x509-rehandshake.c

tests/mini-x509.c

tests/mini.c

tests/moredn.c

tests/mpi.c

tests/nul-in-x509-names.c

tests/openpgp-certs/Makefile.in

tests/openpgp-certs/testcerts

tests/openpgp-certs/testselfsigs

tests/openpgp-keyring.c

tests/openpgpself.c

tests/openssl.c

tests/parse_ca.c

tests/pathlen/Makefile.in

tests/pathlen/ca-no-pathlen.pem

tests/pathlen/no-ca-or-pathlen.pem

tests/pgps2kgnu.c

tests/pkcs1-padding/Makefile.in

tests/pkcs1-padding/pkcs1-pad

tests/pkcs12-decode/Makefile.in

tests/pkcs12-decode/pkcs12

tests/pkcs12_encode.c

tests/pkcs12_s2k.c

tests/pkcs12_s2k_pem.c

tests/pkcs8-decode/Makefile.in

tests/pkcs8-decode/pkcs8

tests/pskself.c

tests/resume.c

tests/rsa-md5-collision/Makefile.in

tests/safe-renegotiation/Makefile.am

tests/safe-renegotiation/Makefile.in

tests/safe-renegotiation/README

tests/safe-renegotiation/srn0.c

tests/safe-renegotiation/srn1.c

tests/safe-renegotiation/srn2.c

tests/safe-renegotiation/srn3.c

tests/safe-renegotiation/srn4.c

tests/safe-renegotiation/srn5.c

tests/set_pkcs12_cred.c

tests/setcredcrash.c

tests/sha2/Makefile.am

tests/sha2/Makefile.in

tests/sha2/sha2

tests/simple.c

tests/userid/Makefile.in

tests/userid/userid

tests/utils.c

tests/utils.h

tests/x509_altname.c

tests/x509dn.c

tests/x509self.c

tests/x509sign-verify.c

Show diffs side-by-side

added added

removed removed

lib/x509/verify.c

#include <gnutls_cert.h>

#include <libtasn1.h>

#include <gnutls_global.h>

#include <gnutls_num.h> /* MAX */

#include <gnutls_sig.h>

#include <gnutls_str.h>

#include <gnutls_datum.h>

#include <common.h>

static int _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,

const gnutls_x509_crt_t * trusted_cas,

int tcas_size, unsigned int flags,

unsigned int *output,

gnutls_x509_crt_t * issuer);

const gnutls_x509_crt_t * trusted_cas,

int tcas_size, unsigned int flags,

unsigned int *output,

gnutls_x509_crt_t * issuer);

static int is_crl_issuer (gnutls_x509_crl_t crl,

gnutls_x509_crt_t issuer_cert);

static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl,

const gnutls_x509_crt_t * trusted_cas,

int tcas_size, unsigned int flags,

unsigned int *output);

const gnutls_x509_crt_t * trusted_cas,

int tcas_size, unsigned int flags,

unsigned int *output);

/* Checks if two certs are identical. Return 0 onn match. */

/* Checks if two certs are identical. Return 0 on match. */

static int

check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)

{

NULL, 0};

int result;

opaque serial1[128], serial2[128];

size_t serial1_size, serial2_size;

serial1_size = sizeof (serial1);

result = gnutls_x509_crt_get_serial (cert1, serial1, &serial1_size);

if (result < 0)

{

gnutls_assert ();

goto cmp;

}

serial2_size = sizeof (serial2);

result = gnutls_x509_crt_get_serial (cert2, serial2, &serial2_size);

if (result < 0)

{

gnutls_assert ();

goto cmp;

}

if (serial2_size != serial1_size

|| memcmp (serial1, serial2, serial1_size) != 0)

{

return 1;

}

cmp:

result = _gnutls_x509_der_encode (cert1->cert, "", &cert1bin, 0);

if (result < 0)

{

122

123

static int

124

check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,

100

unsigned int flags)

125

unsigned int flags)

101

126

{

102

127

gnutls_datum_t cert_signed_data = { NULL, 0 };

103

128

gnutls_datum_t issuer_signed_data = { NULL, 0 };

112

137

113

138

result =

114

139

_gnutls_x509_get_signed_data (issuer->cert, "tbsCertificate",

115

&issuer_signed_data);

140

&issuer_signed_data);

116

141

if (result < 0)

117

142

{

118

143

gnutls_assert ();

121

146

122

147

result =

123

148

_gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",

124

&cert_signed_data);

149

&cert_signed_data);

125

150

if (result < 0)

126

151

{

127

152

gnutls_assert ();

150

175

if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))

151

176

if (cert_signed_data.size == issuer_signed_data.size)

152

177

{

153

if ((memcmp (cert_signed_data.data, issuer_signed_data.data,

154

cert_signed_data.size) == 0) &&

155

(cert_signature.size == issuer_signature.size) &&

156

(memcmp (cert_signature.data, issuer_signature.data,

157

cert_signature.size) == 0))

158

{

159

result = 1;

160

goto cleanup;

161

}

178

if ((memcmp (cert_signed_data.data, issuer_signed_data.data,

179

cert_signed_data.size) == 0) &&

180

(cert_signature.size == issuer_signature.size) &&

181

(memcmp (cert_signature.data, issuer_signature.data,

182

cert_signature.size) == 0))

183

{

184

result = 1;

185

goto cleanup;

186

}

162

187

}

163

188

164

189

result = gnutls_x509_crt_get_ca_status (issuer, NULL);

170

195

/* Handle V1 CAs that do not have a basicConstraint, but accept

171

196

these certs only if the appropriate flags are set. */

172

197

else if ((result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) &&

173

((flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT) ||

174

(!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) &&

175

(gnutls_x509_crt_check_issuer (issuer, issuer) == 1))))

198

((flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT) ||

199

(!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) &&

200

(gnutls_x509_crt_check_issuer (issuer, issuer) == 1))))

176

201

{

177

202

gnutls_assert ();

178

203

result = 1;

233

258

234

259

static inline gnutls_x509_crt_t

235

260

find_issuer (gnutls_x509_crt_t cert,

236

const gnutls_x509_crt_t * trusted_cas, int tcas_size)

261

const gnutls_x509_crt_t * trusted_cas, int tcas_size)

237

262

{

238

263

int i;

239

264

243

268

for (i = 0; i < tcas_size; i++)

244

269

{

245

270

if (is_issuer (cert, trusted_cas[i]) == 1)

246

return trusted_cas[i];

271

return trusted_cas[i];

247

272

}

248

273

249

274

gnutls_assert ();

266

291

267

292

static int

268

293

_gnutls_verify_certificate2 (gnutls_x509_crt_t cert,

269

const gnutls_x509_crt_t * trusted_cas,

270

int tcas_size, unsigned int flags,

271

unsigned int *output,

272

gnutls_x509_crt_t * _issuer)

294

const gnutls_x509_crt_t * trusted_cas,

295

int tcas_size, unsigned int flags,

296

unsigned int *output,

297

gnutls_x509_crt_t * _issuer)

273

298

{

274

299

gnutls_datum_t cert_signed_data = { NULL, 0 };

275

300

gnutls_datum_t cert_signature = { NULL, 0 };

276

301

gnutls_x509_crt_t issuer = NULL;

277

int ret, issuer_version, result;

302

int issuer_version, result;

278

303

279

304

if (output)

280

305

*output = 0;

285

310

{

286

311

gnutls_assert ();

287

312

if (output)

288

*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;

313

*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;

289

314

return 0;

290

315

}

291

316

295

320

if (issuer == NULL)

296

321

{

297

322

if (output)

298

*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;

323

*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;

299

324

gnutls_assert ();

300

325

return 0;

301

326

}

311

336

}

312

337

313

338

if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&

314

((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) || issuer_version != 1))

339

((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)

340

|| issuer_version != 1))

315

341

{

316

342

if (check_if_ca (cert, issuer, flags) == 0)

317

{

318

gnutls_assert ();

319

if (output)

320

*output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;

321

return 0;

322

}

343

{

344

gnutls_assert ();

345

if (output)

346

*output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;

347

return 0;

348

}

323

349

}

324

350

325

351

result =

326

352

_gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",

327

&cert_signed_data);

353

&cert_signed_data);

328

354

if (result < 0)

329

355

{

330

356

gnutls_assert ();

339

365

goto cleanup;

340

366

}

341

367

342

ret =

368

result =

343

369

_gnutls_x509_verify_signature (&cert_signed_data, NULL, &cert_signature,

344

issuer);

345

if (ret < 0)

346

{

347

gnutls_assert ();

348

}

349

else if (ret == 0)

370

issuer);

371

if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)

350

372

{

351

373

gnutls_assert ();

352

374

/* error. ignore it */

353

375

if (output)

354

*output |= GNUTLS_CERT_INVALID;

355

ret = 0;

376

*output |= GNUTLS_CERT_INVALID;

377

result = 0;

378

}

379

else if (result < 0)

380

{

381

gnutls_assert();

382

goto cleanup;

356

383

}

357

384

358

385

/* If the certificate is not self signed check if the algorithms

366

393

sigalg = gnutls_x509_crt_get_signature_algorithm (cert);

367

394

368

395

if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&

369

!(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||

370

((sigalg == GNUTLS_SIGN_RSA_MD5) &&

371

!(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))

372

{

373

if (output)

374

*output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;

375

ret = 0;

376

}

396

!(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||

397

((sigalg == GNUTLS_SIGN_RSA_MD5) &&

398

!(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))

399

{

400

if (output)

401

*output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;

402

result = 0;

403

}

377

404

}

378

405

379

result = ret;

380

381

406

cleanup:

382

407

_gnutls_free_datum (&cert_signed_data);

383

408

_gnutls_free_datum (&cert_signature);

399

424

**/

400

425

int

401

426

gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,

402

gnutls_x509_crt_t issuer)

427

gnutls_x509_crt_t issuer)

403

428

{

404

429

return is_issuer (cert, issuer);

405

430

}

438

463

439

464

static unsigned int

440

465

_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,

441

int clist_size,

442

const gnutls_x509_crt_t * trusted_cas,

443

int tcas_size,

444

const gnutls_x509_crl_t * CRLs,

445

int crls_size, unsigned int flags)

466

int clist_size,

467

const gnutls_x509_crt_t * trusted_cas,

468

int tcas_size,

469

const gnutls_x509_crl_t * CRLs,

470

int crls_size, unsigned int flags)

446

471

{

447

472

int i = 0, ret;

448

473

unsigned int status = 0, output;

449

time_t now = time (0);

474

time_t now = gnutls_time (0);

450

475

gnutls_x509_crt_t issuer = NULL;

451

476

452

477

if (clist_size > 1)

461

486

* MD2 algorithm.

462

487

463

488

if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],

464

certificate_list[clist_size - 1]) > 0)

465

{

466

clist_size--;

467

}

489

certificate_list[clist_size - 1]) > 0)

490

{

491

clist_size--;

492

}

468

493

}

469

494

470

495

/* We want to shorten the chain by removing the cert that matches

473

498

* self-signed E but already removed above), and we trust B, remove

474

499

* B, C and D. */

475

500

if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))

501

i = 0; /* also replace the first one */

502

else

503

i = 1; /* do not replace the first one */

504

505

for (; i < clist_size; i++)

476

506

{

477

for (i = 0; i < clist_size; i++)

478

{

479

int j;

507

int j;

480

508

481

for (j = 0; j < tcas_size; j++)

482

{

483

if (check_if_same_cert (certificate_list[i],

484

trusted_cas[j]) == 0)

485

{

486

/* explicity time check for trusted CA that we remove from

487

* list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS

488

489

if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)

490

&& !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))

491

{

492

status |= check_time (trusted_cas[j], now);

493

if (status != 0)

494

{

495

return status;

496

}

497

}

498

clist_size = i;

499

break;

500

}

501

}

502

/* clist_size may have been changed which gets out of loop */

503

}

509

for (j = 0; j < tcas_size; j++)

510

{

511

if (check_if_same_cert (certificate_list[i], trusted_cas[j]) == 0)

512

{

513

/* explicity time check for trusted CA that we remove from

514

* list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS

515

516

if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)

517

&& !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))

518

{

519

status |= check_time (trusted_cas[j], now);

520

if (status != 0)

521

{

522

return status;

523

}

524

}

525

clist_size = i;

526

break;

527

}

528

}

529

/* clist_size may have been changed which gets out of loop */

504

530

}

505

531

506

532

if (clist_size == 0)

515

541

* in self signed etc certificates.

516

542

517

543

ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1],

518

trusted_cas, tcas_size, flags, &output,

519

&issuer);

544

trusted_cas, tcas_size, flags, &output,

545

&issuer);

520

546

if (ret == 0)

521

547

{

522

548

/* if the last certificate in the certificate

535

561

for (i = 0; i < clist_size; i++)

536

562

{

537

563

ret = gnutls_x509_crt_check_revocation (certificate_list[i],

538

CRLs, crls_size);

564

CRLs, crls_size);

539

565

if (ret == 1)

540

{ /* revoked */

541

status |= GNUTLS_CERT_REVOKED;

542

status |= GNUTLS_CERT_INVALID;

543

return status;

544

}

566

{ /* revoked */

567

status |= GNUTLS_CERT_REVOKED;

568

status |= GNUTLS_CERT_INVALID;

569

return status;

570

}

545

571

}

546

572

#endif

547

573

552

578

{

553

579

/* check the time of the issuer first */

554

580

if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS))

555

{

556

if (issuer == NULL)

557

{

558

gnutls_assert ();

559

return GNUTLS_E_INTERNAL_ERROR;

560

}

581

{

582

if (issuer == NULL)

583

{

584

gnutls_assert ();

585

return GNUTLS_E_INTERNAL_ERROR;

586

}

561

587

562

status |= check_time (issuer, now);

563

if (status != 0)

564

{

565

return status;

566

}

567

}

588

status |= check_time (issuer, now);

589

if (status != 0)

590

{

591

return status;

592

}

593

}

568

594

569

595

for (i = 0; i < clist_size; i++)

570

{

571

status |= check_time (certificate_list[i], now);

572

if (status != 0)

573

{

574

return status;

575

}

576

}

596

{

597

status |= check_time (certificate_list[i], now);

598

if (status != 0)

599

{

600

return status;

601

}

602

}

577

603

}

578

604

579

605

/* Verify the certificate path (chain)

581

607

for (i = clist_size - 1; i > 0; i--)

582

608

{

583

609

if (i - 1 < 0)

584

break;

610

break;

585

611

586

612

/* note that here we disable this V1 CA flag. So that no version 1

587

613

* certificates can exist in a supplied chain.

588

614

589

615

if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))

590

flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);

616

flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);

591

617

if ((ret =

592

_gnutls_verify_certificate2 (certificate_list[i - 1],

593

&certificate_list[i], 1, flags,

594

NULL, NULL)) == 0)

595

{

596

status |= GNUTLS_CERT_INVALID;

597

return status;

598

}

618

_gnutls_verify_certificate2 (certificate_list[i - 1],

619

&certificate_list[i], 1, flags,

620

NULL, NULL)) == 0)

621

{

622

status |= GNUTLS_CERT_INVALID;

623

return status;

624

}

599

625

}

600

626

601

627

return 0;

608

634

609

635

static int

610

636

decode_ber_digest_info (const gnutls_datum_t * info,

611

gnutls_mac_algorithm_t * hash,

612

opaque * digest, int *digest_size)

637

gnutls_mac_algorithm_t * hash,

638

opaque * digest, int *digest_size)

613

639

{

614

640

ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;

615

641

int result;

617

643

int len;

618

644

619

645

if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),

620

"GNUTLS.DigestInfo",

621

&dinfo)) != ASN1_SUCCESS)

646

"GNUTLS.DigestInfo",

647

&dinfo)) != ASN1_SUCCESS)

622

648

{

623

649

gnutls_assert ();

624

650

return _gnutls_asn2err (result);

658

684

/* To avoid permitting garbage in the parameters field, either the

659

685

parameters field is not present, or it contains 0x05 0x00. */

660

686

if (!(result == ASN1_ELEMENT_NOT_FOUND ||

661

(result == ASN1_SUCCESS && len == 2 &&

662

str[0] == 0x05 && str[1] == 0x00)))

687

(result == ASN1_SUCCESS && len == ASN1_NULL_SIZE &&

688

memcmp (str, ASN1_NULL, ASN1_NULL_SIZE) == 0)))

663

689

{

664

690

gnutls_assert ();

665

691

asn1_delete_structure (&dinfo);

686

712

687

713

static int

688

714

_pkcs1_rsa_verify_sig (const gnutls_datum_t * text,

689

const gnutls_datum_t * prehash,

690

const gnutls_datum_t * signature, bigint_t * params,

691

int params_len)

715

const gnutls_datum_t * prehash,

716

const gnutls_datum_t * signature, bigint_t * params,

717

int params_len)

692

718

{

693

719

gnutls_mac_algorithm_t hash = GNUTLS_MAC_UNKNOWN;

694

720

int ret;

732

758

else

733

759

{

734

760

if (!text)

735

{

736

gnutls_assert ();

737

return GNUTLS_E_INVALID_REQUEST;

738

}

761

{

762

gnutls_assert ();

763

return GNUTLS_E_INVALID_REQUEST;

764

}

739

765

740

766

ret = _gnutls_hash_init (&hd, hash);

741

767

if (ret < 0)

742

{

743

gnutls_assert ();

744

return ret;

745

}

768

{

769

gnutls_assert ();

770

return ret;

771

}

746

772

747

773

_gnutls_hash (&hd, text->data, text->size);

748

774

_gnutls_hash_deinit (&hd, md);

763

789

764

790

static int

765

791

dsa_verify_sig (const gnutls_datum_t * text,

766

const gnutls_datum_t * hash,

767

const gnutls_datum_t * signature, bigint_t * params,

768

int params_len)

792

const gnutls_datum_t * hash,

793

const gnutls_datum_t * signature, bigint_t * params,

794

int params_len)

769

795

{

770

796

int ret;

771

797

opaque _digest[MAX_HASH_SIZE];

772

798

gnutls_datum_t digest;

773

799

digest_hd_st hd;

800

gnutls_digest_algorithm_t algo;

801

unsigned int hash_len;

774

802

775

if (hash && hash->data && hash->size == 20)

803

algo = _gnutls_dsa_q_to_hash (params[1], &hash_len);

804

if (hash)

776

805

{

806

/* SHA1 or better allowed */

807

if (!hash->data || hash->size < hash_len)

808

{

809

gnutls_assert();

810

_gnutls_debug_log("Hash size (%d) does not correspond to hash %s", (int)hash->size, gnutls_mac_get_name(algo));

811

812

if (hash->size != 20)

813

return GNUTLS_E_PK_SIG_VERIFY_FAILED;

814

}

777

815

digest = *hash;

778

816

}

779

817

else

780

818

{

781

ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);

819

820

ret = _gnutls_hash_init (&hd, algo);

782

821

if (ret < 0)

783

{

784

gnutls_assert ();

785

return ret;

786

}

822

{

823

gnutls_assert ();

824

return ret;

825

}

787

826

788

827

_gnutls_hash (&hd, text->data, text->size);

789

828

_gnutls_hash_deinit (&hd, _digest);

790

829

791

830

digest.data = _digest;

792

digest.size = 20;

831

digest.size = _gnutls_hash_get_algo_len(algo);

793

832

}

794

833

795

834

ret = _gnutls_dsa_verify (&digest, signature, params, params_len);

797

836

return ret;

798

837

}

799

838

800

/* Verifies the signature data, and returns 0 if not verified,

801

* or 1 otherwise.

839

/* Verifies the signature data, and returns GNUTLS_E_PK_SIG_VERIFY_FAILED if

840

* not verified, or 1 otherwise.

802

841

803

static int

804

verify_sig (const gnutls_datum_t * tbs,

805

const gnutls_datum_t * hash,

806

const gnutls_datum_t * signature,

807

gnutls_pk_algorithm_t pk, bigint_t * issuer_params,

808

int issuer_params_size)

842

int

843

pubkey_verify_sig (const gnutls_datum_t * tbs,

844

const gnutls_datum_t * hash,

845

const gnutls_datum_t * signature,

846

gnutls_pk_algorithm_t pk, bigint_t * issuer_params,

847

int issuer_params_size)

809

848

{

810

849

811

850

switch (pk)

813

852

case GNUTLS_PK_RSA:

814

853

815

854

if (_pkcs1_rsa_verify_sig

816

(tbs, hash, signature, issuer_params, issuer_params_size) != 0)

817

{

818

gnutls_assert ();

819

return 0;

820

}

855

(tbs, hash, signature, issuer_params, issuer_params_size) != 0)

856

{

857

gnutls_assert ();

858

return GNUTLS_E_PK_SIG_VERIFY_FAILED;

859

}

821

860

822

861

return 1;

823

862

break;

824

863

825

864

case GNUTLS_PK_DSA:

826

865

if (dsa_verify_sig

827

(tbs, hash, signature, issuer_params, issuer_params_size) != 0)

828

{

829

gnutls_assert ();

830

return 0;

831

}

866

(tbs, hash, signature, issuer_params, issuer_params_size) != 0)

867

{

868

gnutls_assert ();

869

return GNUTLS_E_PK_SIG_VERIFY_FAILED;

870

}

832

871

833

872

return 1;

834

873

break;

840

879

}

841

880

842

881

gnutls_digest_algorithm_t

843

_gnutls_dsa_q_to_hash (bigint_t q)

882

_gnutls_dsa_q_to_hash (bigint_t q, unsigned int* hash_len)

844

883

{

845

884

int bits = _gnutls_mpi_get_nbits (q);

846

885

847

886

if (bits <= 160)

848

887

{

888

if (hash_len) *hash_len = 20;

849

889

return GNUTLS_DIG_SHA1;

850

890

}

851

891

else if (bits <= 224)

852

892

{

853

return GNUTLS_DIG_SHA224;

893

if (hash_len) *hash_len = 28;

894

return GNUTLS_DIG_SHA256;

854

895

}

855

896

else

856

897

{

898

if (hash_len) *hash_len = 32;

857

899

return GNUTLS_DIG_SHA256;

858

900

}

859

901

}

860

902

903

/* This will return the appropriate hash to verify the given signature.

904

* If signature is NULL it will return an (or the) appropriate hash for

905

* the given parameters.

906

861

907

int

862

908

_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,

863

const gnutls_datum_t * signature,

864

const gnutls_x509_crt_t issuer)

909

const gnutls_datum_t * signature,

910

gnutls_pk_algorithm pk,

911

bigint_t * issuer_params,

912

unsigned int issuer_params_size)

865

913

{

866

bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE];

867

914

opaque digest[MAX_HASH_SIZE];

868

915

gnutls_datum_t decrypted;

869

int issuer_params_size;

870

916

int digest_size;

871

int ret, i;

872

873

issuer_params_size = MAX_PUBLIC_PARAMS_SIZE;

874

ret =

875

_gnutls_x509_crt_get_mpis (issuer, issuer_params, &issuer_params_size);

876

if (ret < 0)

877

{

878

gnutls_assert ();

879

return ret;

880

}

881

882

switch (gnutls_x509_crt_get_pk_algorithm (issuer, NULL))

917

int ret;

918

919

switch (pk)

883

920

{

884

921

case GNUTLS_PK_DSA:

885

922

886

923

if (hash)

887

*hash = _gnutls_dsa_q_to_hash (issuer_params[1]);

924

*hash = _gnutls_dsa_q_to_hash (issuer_params[1], NULL);

888

925

889

926

ret = 0;

890

927

break;

891

892

928

case GNUTLS_PK_RSA:

929

if (signature == NULL)

930

{ /* return a sensible algorithm */

931

if (hash)

932

*hash = GNUTLS_DIG_SHA256;

933

return 0;

934

}

893

935

894

936

ret =

895

_gnutls_pkcs1_rsa_decrypt (&decrypted, signature,

896

issuer_params, issuer_params_size, 1);

937

_gnutls_pkcs1_rsa_decrypt (&decrypted, signature,

938

issuer_params, issuer_params_size, 1);

897

939

898

940

899

941

if (ret < 0)

900

{

901

gnutls_assert ();

902

goto cleanup;

903

}

942

{

943

gnutls_assert ();

944

goto cleanup;

945

}

904

946

905

947

digest_size = sizeof (digest);

906

948

if ((ret =

907

decode_ber_digest_info (&decrypted, hash, digest,

908

&digest_size)) != 0)

909

{

910

gnutls_assert ();

911

_gnutls_free_datum (&decrypted);

912

goto cleanup;

913

}

949

decode_ber_digest_info (&decrypted, hash, digest,

950

&digest_size)) != 0)

951

{

952

gnutls_assert ();

953

_gnutls_free_datum (&decrypted);

954

goto cleanup;

955

}

914

956

915

957

_gnutls_free_datum (&decrypted);

916

958

if (digest_size != _gnutls_hash_get_algo_len (*hash))

917

{

918

gnutls_assert ();

919

ret = GNUTLS_E_ASN1_GENERIC_ERROR;

920

goto cleanup;

921

}

959

{

960

gnutls_assert ();

961

ret = GNUTLS_E_ASN1_GENERIC_ERROR;

962

goto cleanup;

963

}

922

964

923

965

ret = 0;

924

966

break;

929

971

}

930

972

931

973

cleanup:

932

/* release allocated mpis */

933

for (i = 0; i < issuer_params_size; i++)

934

{

935

_gnutls_mpi_release (&issuer_params[i]);

936

}

937

974

938

975

return ret;

939

976

940

977

}

941

978

942

979

/* verifies if the certificate is properly signed.

943

* returns 0 on failure and 1 on success.

980

* returns GNUTLS_E_PK_VERIFY_SIG_FAILED on failure and 1 on success.

944

981

945

982

* 'tbs' is the signed data

946

983

* 'signature' is the signature!

947

984

948

985

int

949

986

_gnutls_x509_verify_signature (const gnutls_datum_t * tbs,

950

const gnutls_datum_t * hash,

951

const gnutls_datum_t * signature,

952

gnutls_x509_crt_t issuer)

987

const gnutls_datum_t * hash,

988

const gnutls_datum_t * signature,

989

gnutls_x509_crt_t issuer)

953

990

{

954

991

bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE];

955

992

int ret, issuer_params_size, i;

966

1003

}

967

1004

968

1005

ret =

969

verify_sig (tbs, hash, signature,

970

gnutls_x509_crt_get_pk_algorithm (issuer, NULL),

971

issuer_params, issuer_params_size);

1006

pubkey_verify_sig (tbs, hash, signature,

1007

gnutls_x509_crt_get_pk_algorithm (issuer, NULL),

1008

issuer_params, issuer_params_size);

972

1009

if (ret < 0)

973

1010

{

974

1011

gnutls_assert ();

985

1022

}

986

1023

987

1024

/* verifies if the certificate is properly signed.

988

* returns 0 on failure and 1 on success.

1025

* returns GNUTLS_E_PK_VERIFY_SIG_FAILED on failure and 1 on success.

989

1026

990

1027

* 'tbs' is the signed data

991

1028

* 'signature' is the signature!

992

1029

993

1030

int

994

1031

_gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,

995

const gnutls_datum_t * signature,

996

gnutls_x509_privkey_t issuer)

1032

const gnutls_datum_t * signature,

1033

gnutls_x509_privkey_t issuer)

997

1034

{

998

1035

int ret;

999

1036

1000

ret = verify_sig (tbs, NULL, signature, issuer->pk_algorithm,

1001

issuer->params, issuer->params_size);

1037

ret = pubkey_verify_sig (tbs, NULL, signature, issuer->pk_algorithm,

1038

issuer->params, issuer->params_size);

1002

1039

if (ret < 0)

1003

1040

{

1004

1041

gnutls_assert ();

1041

1078

**/

1042

1079

int

1043

1080

gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,

1044

int cert_list_length,

1045

const gnutls_x509_crt_t * CA_list,

1046

int CA_list_length,

1047

const gnutls_x509_crl_t * CRL_list,

1048

int CRL_list_length, unsigned int flags,

1049

unsigned int *verify)

1081

int cert_list_length,

1082

const gnutls_x509_crt_t * CA_list,

1083

int CA_list_length,

1084

const gnutls_x509_crl_t * CRL_list,

1085

int CRL_list_length, unsigned int flags,

1086

unsigned int *verify)

1050

1087

{

1051

1088

if (cert_list == NULL || cert_list_length == 0)

1052

1089

return GNUTLS_E_NO_CERTIFICATE_FOUND;

1055

1092

1056

1093

*verify =

1057

1094

_gnutls_x509_verify_certificate (cert_list, cert_list_length,

1058

CA_list, CA_list_length, CRL_list,

1059

CRL_list_length, flags);

1095

CA_list, CA_list_length, CRL_list,

1096

CRL_list_length, flags);

1060

1097

1061

1098

return 0;

1062

1099

}

1077

1114

**/

1078

1115

int

1079

1116

gnutls_x509_crt_verify (gnutls_x509_crt_t cert,

1080

const gnutls_x509_crt_t * CA_list,

1081

int CA_list_length, unsigned int flags,

1082

unsigned int *verify)

1117

const gnutls_x509_crt_t * CA_list,

1118

int CA_list_length, unsigned int flags,

1119

unsigned int *verify)

1083

1120

{

1084

1121

/* Verify certificate

1085

1122

1086

1123

*verify =

1087

1124

_gnutls_x509_verify_certificate (&cert, 1,

1088

CA_list, CA_list_length, NULL, 0, flags);

1125

CA_list, CA_list_length, NULL, 0, flags);

1089

1126

return 0;

1090

1127

}

1091

1128

1107

1144

**/

1108

1145

int

1109

1146

gnutls_x509_crl_check_issuer (gnutls_x509_crl_t cert,

1110

gnutls_x509_crt_t issuer)

1147

gnutls_x509_crt_t issuer)

1111

1148

{

1112

1149

return is_crl_issuer (cert, issuer);

1113

1150

}

1129

1166

**/

1130

1167

int

1131

1168

gnutls_x509_crl_verify (gnutls_x509_crl_t crl,

1132

const gnutls_x509_crt_t * CA_list,

1133

int CA_list_length, unsigned int flags,

1134

unsigned int *verify)

1169

const gnutls_x509_crt_t * CA_list,

1170

int CA_list_length, unsigned int flags,

1171

unsigned int *verify)

1135

1172

{

1136

1173

int ret;

1137

1174

/* Verify crl

1157

1194

NULL, 0};

1158

1195

int ret;

1159

1196

1160

ret = _gnutls_x509_crl_get_raw_issuer_dn (crl, &dn1);

1197

ret = gnutls_x509_crl_get_raw_issuer_dn (crl, &dn1);

1161

1198

if (ret < 0)

1162

1199

{

1163

1200

gnutls_assert ();

1182

1219

1183

1220

static inline gnutls_x509_crt_t

1184

1221

find_crl_issuer (gnutls_x509_crl_t crl,

1185

const gnutls_x509_crt_t * trusted_cas, int tcas_size)

1222

const gnutls_x509_crt_t * trusted_cas, int tcas_size)

1186

1223

{

1187

1224

int i;

1188

1225

1192

1229

for (i = 0; i < tcas_size; i++)

1193

1230

{

1194

1231

if (is_crl_issuer (crl, trusted_cas[i]) == 1)

1195

return trusted_cas[i];

1232

return trusted_cas[i];

1196

1233

}

1197

1234

1198

1235

gnutls_assert ();

1210

1247

1211

1248

static int

1212

1249

_gnutls_verify_crl2 (gnutls_x509_crl_t crl,

1213

const gnutls_x509_crt_t * trusted_cas,

1214

int tcas_size, unsigned int flags, unsigned int *output)

1250

const gnutls_x509_crt_t * trusted_cas,

1251

int tcas_size, unsigned int flags, unsigned int *output)

1215

1252

{

1216

1253

/* CRL is ignored for now */

1217

1254

gnutls_datum_t crl_signed_data = { NULL, 0 };

1218

1255

gnutls_datum_t crl_signature = { NULL, 0 };

1219

1256

gnutls_x509_crt_t issuer;

1220

int ret, result;

1257

int result;

1221

1258

1222

1259

if (output)

1223

1260

*output = 0;

1228

1265

{

1229

1266

gnutls_assert ();

1230

1267

if (output)

1231

*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;

1268

*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;

1232

1269

return 0;

1233

1270

}

1234

1271

1239

1276

{

1240

1277

gnutls_assert ();

1241

1278

if (output)

1242

*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;

1279

*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;

1243

1280

return 0;

1244

1281

}

1245

1282

1246

1283

if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN))

1247

1284

{

1248

1285

if (gnutls_x509_crt_get_ca_status (issuer, NULL) != 1)

1249

{

1250

gnutls_assert ();

1251

if (output)

1252

*output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;

1253

return 0;

1254

}

1286

{

1287

gnutls_assert ();

1288

if (output)

1289

*output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;

1290

return 0;

1291

}

1255

1292

}

1256

1293

1257

1294

result =

1269

1306

goto cleanup;

1270

1307

}

1271

1308

1272

ret =

1309

result =

1273

1310

_gnutls_x509_verify_signature (&crl_signed_data, NULL, &crl_signature,

1274

issuer);

1275

if (ret < 0)

1276

{

1277

gnutls_assert ();

1278

}

1279

else if (ret == 0)

1311

issuer);

1312

if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)

1280

1313

{

1281

1314

gnutls_assert ();

1282

1315

/* error. ignore it */

1283

1316

if (output)

1284

*output |= GNUTLS_CERT_INVALID;

1285

ret = 0;

1317

*output |= GNUTLS_CERT_INVALID;

1318

result = 0;

1319

}

1320

else if (result < 0)

1321

{

1322

gnutls_assert ();

1323

goto cleanup;

1286

1324

}

1287

1325

1288

1326

{

1291

1329

sigalg = gnutls_x509_crl_get_signature_algorithm (crl);

1292

1330

1293

1331

if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&

1294

!(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||

1295

((sigalg == GNUTLS_SIGN_RSA_MD5) &&

1296

!(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))

1332

!(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||

1333

((sigalg == GNUTLS_SIGN_RSA_MD5) &&

1334

!(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))

1297

1335

{

1298

if (output)

1299

*output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;

1300

ret = 0;

1336

if (output)

1337

*output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;

1338

result = 0;

1301

1339

}

1302

1340

}

1303

1341

1304

result = ret;

1305

1306

1342

cleanup:

1307

1343

_gnutls_free_datum (&crl_signed_data);

1308

1344

_gnutls_free_datum (&crl_signature);

Older »