[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_2-34-g49df2b0
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_2-34-g49df2b0 |
|
Date: |
Sun, 11 Sep 2011 15:51:21 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=49df2b00630ecfd29d4862dc18b55bd3fc701f8a
The branch, master has been updated
via 49df2b00630ecfd29d4862dc18b55bd3fc701f8a (commit)
from 4d57e71e9916543258118c05d6580b8c64127b58 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 49df2b00630ecfd29d4862dc18b55bd3fc701f8a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Sep 11 17:47:51 2011 +0200
Modified gdoc to be able to handle enumerations. Only valid to latex.
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 4 +
doc/cha-cert-auth.texi | 86 +-----
doc/cha-intro-tls.texi | 2 +
doc/gnutls.texi | 8 +
doc/latex/Makefile.am | 16 +-
doc/latex/gnutls.tex | 2 +
doc/latex/macros.tex | 29 ++
doc/scripts/gdoc | 147 ++++++++-
doc/scripts/mytexi2latex | 9 +
doc/scripts/split.pl | 29 ++-
lib/includes/gnutls/dtls.h | 22 +-
lib/includes/gnutls/gnutls.h.in | 701 ++++++++++++++++++++-------------------
lib/includes/gnutls/pkcs12.h | 26 +-
lib/includes/gnutls/x509.h | 8 +-
14 files changed, 615 insertions(+), 474 deletions(-)
diff --git a/.gitignore b/.gitignore
index 1440d09..4c10f3b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -510,3 +510,7 @@ gl/getopt.h
gl/math.h
doc/doxygen/latex/
doc/doxygen/html/
+doc/latex/gnutls-enums.tex
+doc/latex/enums
+doc/latex/gnutls.lof
+doc/latex/gnutls.lot
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index cc519e9..6ee340d 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -157,9 +157,11 @@ provided.
The verification function will verify a given certificate chain against a list
of certificate
authorities and certificate revocation lists, and output
a bit-wise OR of elements of the @address@hidden@-status_t}
-enumeration.
-A detailed description of these elements can be found
-in @ref{tab:cert-verify}. An example of certificate verification is shown in
@ref{ex:verify2}.
+enumeration shown in @ref{gnutls_certificate_status_t}.
+
address@hidden,The @address@hidden@-status_t} enumeration.}
+
+An example of certificate verification is shown in @ref{ex:verify2}.
It is also possible to have a set of certificates that
are trusted for a particular server but not to authorize other certificates.
This purpose is served by the functions
@funcref{gnutls_x509_trust_list_add_named_crt} and
@funcref{gnutls_x509_trust_list_verify_named_crt}.
@@ -177,88 +179,15 @@ Convenience functions such as
@funcref{gnutls_certificate_verify_peers2}
are equivalent and will verify the peer's certificate chain
in a TLS session.
address@hidden Table,tab:cert-verify
address@hidden @columnfractions .46 .44
-
address@hidden Flag @tab Description
-
address@hidden GNUTLS_CERT_INVALID @tab
-The certificate is not signed by one of the known authorities, or
-the signature is invalid.
-
address@hidden GNUTLS_CERT_REVOKED @tab
-The certificate has been revoked by its CA.
-
address@hidden GNUTLS_CERT_SIGNER_NOT_FOUND @tab
-The certificate's issuer is not known. This is the case when the
-issuer is not in the trusted certificates list.
-
address@hidden GNUTLS_CERT_SIGNER_NOT_CA @tab
-The certificate's signer was not a CA. This may happen if
-this was a version 1 certificate, which is common with some CAs, or
-a version 3 certificate without the basic constrains extension.
-
address@hidden GNUTLS_CERT_INSECURE_ALGORITHM @tab
-The certificate was signed using an insecure algorithm such as MD2 or
-MD5. These algorithms have been broken and should not be trusted.
-
address@hidden multitable
address@hidden verification output flags.}
address@hidden float
-
There is also the possibility to pass some input to the verification
functions in the form of flags. For
@funcref{gnutls_x509_trust_list_verify_crt} the
flags are passed straightforward, but
@funcref{gnutls_certificate_verify_peers2} depends on the flags set by
calling @funcref{gnutls_certificate_set_verify_flags}. All the available
flags are part of the enumeration
address@hidden and are explained in @ref{tab:cert-flags}.
address@hidden@address@hidden@-flags} shown in
@ref{gnutls_certificate_verify_flags}.
address@hidden Table,tab:cert-flags
address@hidden @columnfractions .5 .4
-
address@hidden Flag @tab Description
address@hidden address@hidden @tab
-If set a signer does not have to be a certificate authority. This
-flag should normally be disabled, unless you know what this means.
-
address@hidden address@hidden @tab
-Allow only trusted CA certificates that have version 1. This is
-safer than address@hidden, and should be
-used instead. That way only signers in your trusted list will be
-allowed to have certificates of version 1. This is the default.
-
address@hidden address@hidden @tab
-Do not allow trusted version 1 CA certificates. This option is to be used
-in order consider all V1 certificates as deprecated.
-
address@hidden address@hidden @tab
-Allow CA certificates that have version 1 (both root and
-intermediate). This is dangerous since those haven't the
-basicConstraints extension. Must be used in combination with
address@hidden
-
address@hidden address@hidden @tab
-If a certificate is not signed by anyone trusted but exists in
-the trusted CA list do not treat it as trusted.
-
address@hidden address@hidden @tab
-Allow certificates to be signed using the old MD2 algorithm.
-
address@hidden address@hidden @tab
-Allow certificates to be signed using the broken MD5 algorithm.
-
address@hidden address@hidden @tab
-Disable checking of activation
-and expiration validity periods of certificate chains. Don't set
-this unless you understand the security implications.
-
address@hidden address@hidden @tab
-Disables checking for validity using certificate revocation lists.
-
address@hidden multitable
address@hidden verification flags.}
address@hidden float
address@hidden,The @address@hidden@address@hidden enumeration.}
Although the verification of a certificate path indicates that the
certificate is signed by trusted authority, does not reveal anything
@@ -281,6 +210,7 @@ are not currently supported.
@showfuncB{gnutls_x509_crq_init,gnutls_x509_crq_deinit}
@showfuncdesc{gnutls_x509_crq_import}
+
@showfuncdesc{gnutls_x509_crq_export}
A certificate request can be generated by
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index c0afef1..8380c6c 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -681,6 +681,8 @@ parameter with actual bit sizes of parameters for DH, RSA,
SRP and ECC algorithm
A mapping to @code{gnutls_sec_param_t} value is given for each security
parameter, on
the next column, and finally a brief description of the level.
address@hidden @showenumdesc{gnutls_sec_param_t,The @address@hidden
enumeration.}
+
Note, however, that the values suggested here are nothing more than an
educated guess that is valid today. There are no guarantees that an
algorithm will remain unbreakable or that these values will remain
diff --git a/doc/gnutls.texi b/doc/gnutls.texi
index 3010b47..044aee8 100644
--- a/doc/gnutls.texi
+++ b/doc/gnutls.texi
@@ -132,6 +132,14 @@ Documentation License''.
@end itemize
@end macro
address@hidden showenumdesc{ref}
address@hidden Table,\ref\
address@hidden
address@hidden @code{\ref\}
address@hidden itemize
address@hidden float
address@hidden macro
+
@contents
@ifnottex
diff --git a/doc/latex/Makefile.am b/doc/latex/Makefile.am
index a4c2d43..6fffa40 100644
--- a/doc/latex/Makefile.am
+++ b/doc/latex/Makefile.am
@@ -68,6 +68,16 @@ gnutls-api.tex: $(srcdir)/../../lib/*.c
$(srcdir)/../../lib/ext/*.c $(srcdir)/..
rm -f address@hidden
mv -f address@hidden $@
+gnutls-enums.tex: $(srcdir)/../../lib/includes/gnutls/*.h
+ echo "" > address@hidden
+ for i in $^; do \
+ echo -n "Creating documentation for file $$i... " && \
+ $(srcdir)/../scripts/gdoc -tex $$i >> address@hidden && \
+ echo "ok"; \
+ done
+ $(srcdir)/../scripts/split.pl enums enum < address@hidden
+ mv -f address@hidden $@
+
x509-api.tex: $(srcdir)/../../lib/x509/*.c
echo "" > address@hidden
for i in $^; do \
@@ -104,9 +114,9 @@ extra-api.tex: $(srcdir)/../../libextra/gnutls_extra.c
rm -f address@hidden
mv -f address@hidden $@
-SOURCE_GEN_FILES = extra-api.tex pgp-api.tex x509-api.tex gnutls-api.tex
+SOURCE_GEN_FILES = extra-api.tex pgp-api.tex x509-api.tex gnutls-api.tex
gnutls-enums.tex
-gnutls.pdf: $(TEX_OBJECTS) $(GEN_TEX_OBJECTS) $(SOURCE_GEN_FILES)
+gnutls.pdf: $(SOURCE_GEN_FILES) $(TEX_OBJECTS) $(GEN_TEX_OBJECTS)
-pdflatex gnutls.tex
-bibtex gnutls
-makeindex gnutls.idx
@@ -114,5 +124,5 @@ gnutls.pdf: $(TEX_OBJECTS) $(GEN_TEX_OBJECTS)
$(SOURCE_GEN_FILES)
clean-am:
rm -f $(GEN_TEX_OBJECTS) $(SOURCE_GEN_FILES) gnutls.aux gnutls.bbl
gnutls.blg gnutls.idx gnutls.ilg gnutls.ind gnutls.log gnutls.out gnutls.toc
- rm -rf functions
+ rm -rf functions enums
diff --git a/doc/latex/gnutls.tex b/doc/latex/gnutls.tex
index 65207ec..ba4a9d3 100644
--- a/doc/latex/gnutls.tex
+++ b/doc/latex/gnutls.tex
@@ -37,6 +37,8 @@
\setcounter{tocdepth}{1}
\tableofcontents
+\listoftables
+\listoffigures
\pagestyle{fancy}
\fancyhead[RE]{\slshape \rightmark}
diff --git a/doc/latex/macros.tex b/doc/latex/macros.tex
index 0a53b47..1b48459 100644
--- a/doc/latex/macros.tex
+++ b/doc/latex/macros.tex
@@ -69,8 +69,24 @@
\input{functions/#1}
}
\end{framed}
+ \vspace{0.10cm}
+ \end{minipage}
+ \par
+}
+
+\newcommand{\showenumdesc}[2]{%
+ \begin{table}[h]
+ \begin{minipage}[l]{\linewidth}
+ \begin{framed}
+ \texttt{
+ \input{enums/#1}
+ }
+ \end{framed}
\vspace{0.15cm}
\end{minipage}
+ \caption{#2}
+ \label{#1}
+ \end{table}
}
\newcommand{\showfuncA}[1]{%
@@ -162,7 +178,20 @@
{\vspace{0.5cm}{\bf Description:}\footnotesize}
{}
+\newenvironment{enum}%
+{}%
+{}
+
+\newcommand{\enumElement}[2]{%
+{\scriptsize {\bf #1}} & {\scriptsize #2}\\%
+}
+
+\newenvironment{enumList}%
+{\begin{tabular}{p{.43\linewidth}p{.53\linewidth}}}%
+{\end{tabular}}
+
\newcommand{\functionTitle}[1]{}
+\newcommand{\enumTitle}[1]{enum {\bf #1}:}
\newenvironment{functionReturns}%
{\vspace{0.5cm}{\bf Returns:}\footnotesize}
diff --git a/doc/scripts/gdoc b/doc/scripts/gdoc
index 49868db..86dceb3 100755
--- a/doc/scripts/gdoc
+++ b/doc/scripts/gdoc
@@ -502,6 +502,46 @@ sub output_tex {
print "\\end{function}\n\n";
}
+sub output_enum_tex {
+ my %args = %{$_[0]};
+ my ($parameter, $section);
+ my $count;
+ my $name = $args{'enum'};
+ my $param;
+ my $param2;
+ my $sec;
+ my $check;
+ my $type;
+
+ $func =~ s/_/\\_/g;
+
+ print "\n\n\\begin{enum}\n";
+ $name =~ s/_/\\_/g;
+ print "\\enumTitle{". $name . "}\n";
+
+ print "\n\\begin{enumList}\n";
+
+ $check=0;
+ foreach $parameter (@{$args{'parameterlist'}}) {
+ $param1 = $parameter;
+ $param1 =~ s/_/\\_\\-/g;
+
+ $check = 1;
+ print "\\enumElement{".$param1."}{";
+# print "\n";
+
+ $param2 = $args{'parameters'}{$parameter};
+ $param2 =~ s/\#([a-zA-Z\_]+)/{\\it $1}/g;
+ $param2 =~ s/\%([a-zA-Z\_]+)/{\\bf $1}/g;
+ $out = just_highlight($param2);
+ $out =~ s/_/\\_/g;
+ chomp $out;
+ print $out . "}\n";
+ }
+ print "\\end{enumList}\n";
+
+ print "\\end{enum}\n\n";
+}
# output in sgml DocBook
sub output_sgml {
@@ -707,6 +747,10 @@ sub output_function {
eval "output_".$output_mode."(address@hidden);";
}
+sub output_enum {
+ eval "output_enum_".$output_mode."(address@hidden);";
+}
+
##
# takes a function prototype and spits out all the details
@@ -783,6 +827,56 @@ sub dump_function {
}
}
+sub dump_enum {
+ my $prototype = shift @_;
+
+ if (($prototype =~
m/^\s*typedef\s+enum\s*[a-zA-Z0-9_~:]*\s*\{([a-zA-Z0-9_~=,:\s]+)\s*\}\s*([a-zA-Z0-9_]+);.*/))
{
+# || $prototype =~ m/^\s*enum\s+([a-zA-Z0-9_~:]+).*/) {
+ $args = $1;
+ $name = $2;
+
+ foreach $arg (split ',', $args) {
+ # strip leading/trailing spaces
+ $arg =~ s/^\s*//;
+ $arg =~ s/\s*$//;
+ $arg =~ s/([A-Za-z0-9_]+)\s*=.*/$1/g;
+# print STDERR "SCAN ARG: '$arg'\n";
+
+ next if $arg eq '';
+ if ((!defined($parameters{$arg}) || $parameters{$arg} eq "")) {
+ $parameters{$arg} = "-- undescribed --";
+ print STDERR "warning: $lineno: Enumeration parameter '$arg'
not described in '$name'\n";
+ }
+
+ push @parameterlist, $arg;
+
+# print STDERR "param = '$arg'\n";
+ }
+ } else {
+# print STDERR "warning: $lineno: Cannot understand enumeration:
'$prototype'\n";
+ return;
+ }
+
+ output_enum({'enum' => $name,
+ 'module' => $modulename,
+ 'sourceversion' => $sourceversion,
+ 'include' => $include,
+ 'includefuncprefix' => $includefuncprefix,
+ 'bugsto' => $bugsto,
+ 'pkgname' => $pkgname,
+ 'copyright' => $copyright,
+ 'verbatimcopying' => $verbatimcopying,
+ 'seeinfo' => $seeinfo,
+ 'functiontype' => $return_type,
+ 'parameterlist' => address@hidden,
+ 'parameters' => \%parameters,
+ 'parametertypes' => \%parametertypes,
+ 'sectionlist' => address@hidden,
+ 'sections' => \%sections,
+ 'purpose' => $function_purpose
+ });
+}
+
######################################################################
# main
# states
@@ -811,6 +905,7 @@ $doc_content = $doc_com."(.*)";
$contents = "";
$section_default = "Description"; # default section
$section = $section_default;
+$enum = 0;
$lineno = 0;
foreach $file (@ARGV) {
@@ -818,18 +913,21 @@ foreach $file (@ARGV) {
print STDERR "Error: Cannot open file $file\n";
next;
}
- while (<IN>) {
+ while ($line = <IN>) {
$lineno++;
if ($state == 0) {
- if (/$doc_start/o) {
+ if ($line =~ /$doc_start/o) {
$state = 1; # next line is always the function name
+# print STDERR "XXX: start of doc comment\n";
}
} elsif ($state == 1) { # this line is the function name (always)
- if (/$doc_func/o) {
+ if ($line =~ /$doc_func/o) {
$function = $1;
$state = 2;
- if (/-\s*(.*)/) {
+# print STDERR "XXX: start of doc comment, looking for prototype\n";
+
+ if ($line =~ /-\s*(.*)/) {
$function_purpose = $1;
} else {
$function_purpose = "";
@@ -843,7 +941,7 @@ foreach $file (@ARGV) {
$state = 0;
}
} elsif ($state == 2) { # look for head: lines, and include content
- if (/$doc_sect/o) {
+ if ($line =~ /$doc_sect/o) {
$newsection = $1;
$newcontents = $2;
@@ -857,7 +955,7 @@ foreach $file (@ARGV) {
$contents .= "\n";
}
$section = $newsection;
- } elsif (/$doc_end/) {
+ } elsif ($line =~ /$doc_end/) {
if ($contents ne "") {
dump_section($section, $contents);
@@ -865,10 +963,9 @@ foreach $file (@ARGV) {
$contents = "";
}
-# print STDERR "end of doc comment, looking for prototype\n";
$prototype = "";
$state = 3;
- } elsif (/$doc_content/) {
+ } elsif ($line =~ /$doc_content/) {
# miguel-style comment kludge, look for blank lines after
# @parameter line to signify start of description
if ($1 eq "" && $section =~ m/^@/) {
@@ -883,17 +980,20 @@ foreach $file (@ARGV) {
print STDERR "warning: $lineno: Bad line: $_";
}
} elsif ($state == 3) { # scanning for function { (end of prototype)
- if (m#\s*/\*\s+MACDOC\s*#io) {
+ if ($line =~ m#\s*/\*\s+MACDOC\s*#io) {
# do nothing
}
- elsif (/([^\{]*)/) {
+ elsif ($enum == 1 && $line =~ /(^\s*\{).*/) {
+ $prototype .= "{";
+ }
+ elsif ($line =~ /([^\{]*)/) {
$prototype .= $1;
}
- if (/\{/) {
+ if ($enum == 0 && $line =~ /\{/) {
$prototype =~ s@/\*.*?\*/@@gos; # strip comments.
$prototype =~ address@hidden@ @gos; # strip newlines/cr's.
$prototype =~ address@hidden +@@gos; # strip leading spaces
- dump_function($prototype);
+ dump_function($prototype);
$function = "";
%constants = ();
@@ -903,9 +1003,32 @@ foreach $file (@ARGV) {
%sections = ();
@sectionlist = ();
$prototype = "";
+ $enum = 0;
$state = 0;
}
+ elsif ($enum == 1 && $line =~ /\}/) {
+ $prototype =~ s@/\*.*?\*/@@gos; # strip comments.
+ $prototype =~ address@hidden@ @gos; # strip newlines/cr's.
+ $prototype =~ address@hidden +@@gos; # strip leading spaces
+ dump_enum($prototype);
+
+ $function = "";
+ %constants = ();
+ %parameters = ();
+ %parametertypes = ();
+ @parameterlist = ();
+ %sections = ();
+ @sectionlist = ();
+ $prototype = "";
+ $enum = 0;
+
+ $state = 0;
+ }
+ elsif ($line =~ /([a-zA-Z\s]+)enum(.*)$/) {
+ $enum = 1;
+ }
+
}
}
}
diff --git a/doc/scripts/mytexi2latex b/doc/scripts/mytexi2latex
index 53f88de..74829b9 100755
--- a/doc/scripts/mytexi2latex
+++ b/doc/scripts/mytexi2latex
@@ -47,10 +47,18 @@ my $suffix = $_[0];
return "\\showfuncdesc\{$suffix\}";
}
+sub showenumdesc()
+{
+my $suffix = $_[0];
+ $suffix =~ s/\\//g;
+ return "\\showenumdesc\{$suffix\}";
+}
+
my $punescape = \&unescape;
my $pfuncref = \&funcref;
my $pshowfunc = \&showfunc;
my $pshowfuncdesc = \&showfuncdesc;
+my $pshowenumdesc = \&showenumdesc;
my $mode;
my $num_args = $#ARGV + 1;
@@ -331,6 +339,7 @@ multitable:
$line =~ s/address@hidden($codematch+)\}/$pfuncref->($1)/ge;
$line =~
s/address@hidden([A-Z])\{($codematch+)\}/$pshowfunc->($1,$2)/ge;
$line =~
s/address@hidden($codematch+)\}/$pshowfuncdesc->($1)/ge;
+ $line =~
s/address@hidden($codematch+)\}/$pshowenumdesc->($1)/ge;
$line =~ s/address@hidden/\\myref\{/g;
$line =~ s/address@hidden
(.*)/\\begin{center}\n$1\n\\end{center}/g;
if ($line =~ m/address@hidden/) {
diff --git a/doc/scripts/split.pl b/doc/scripts/split.pl
index ca7d785..ed71634 100755
--- a/doc/scripts/split.pl
+++ b/doc/scripts/split.pl
@@ -1,6 +1,13 @@
#!/usr/bin/perl
$dir = shift;
+$param2 = shift;
+
+if ($param2 ne '') {
+ $enum = 1;
+} else {
+ $enum = 0;
+}
sub key_of_record {
local($record) = @_;
@@ -11,12 +18,20 @@ sub key_of_record {
my ($i) = 1;
my ($key) = $lines[$i];
- while( !($key =~ m/^\\functionTitle\{(.*)\}/) && ($i < 5)) { $i=$i+1; $key =
$lines[$i]; }
+ if ($enum == 1) {
+ while( !($key =~ m/^$\\enumTitle\{(.*)\}/) && ($i < 5)) { $i=$i+1; $key =
$lines[$i]; }
+ } else {
+ while( !($key =~ m/^$\\functionTitle\{(.*)\}/) && ($i < 5)) { $i=$i+1;
$key = $lines[$i]; }
+ }
return $key;
}
-$/="\n\\end{function}"; # Records are separated by blank lines.
+if ($enum == 1) {
+ $/="\n\\end{enum}"; # Records are separated by blank lines.
+} else {
+ $/="\n\\end{function}"; # Records are separated by blank lines.
+}
@records = <>; # Read in whole file, one record per array element.
mkdir $dir;
@@ -24,11 +39,15 @@ mkdir $dir;
@records = sort { key_of_record($a) cmp key_of_record($b) } @records;
foreach (@records) {
$key = $_;
- $key =~ m/\\functionTitle\{(.*)\}/;
+ if ($enum == 1) {
+ $key =~ m/\\enumTitle\{(.*)\}/;
+ $key = $1;
+ } else {
+ $key =~ m/\\functionTitle\{(.*)\}/;
+ $key = $1;
+ }
- $key = $1;
$key =~ s/\\_/_/g;
-
if (defined $key && $key ne "") {
open FILE, "> $dir/$key\n" or die $!;
print FILE $_ . "\n";
diff --git a/lib/includes/gnutls/dtls.h b/lib/includes/gnutls/dtls.h
index 7a43707..2f3369c 100644
--- a/lib/includes/gnutls/dtls.h
+++ b/lib/includes/gnutls/dtls.h
@@ -45,17 +45,17 @@ unsigned int gnutls_dtls_get_data_mtu (gnutls_session_t
session);
void gnutls_dtls_set_mtu (gnutls_session_t session, unsigned int mtu);
- /**
- * gnutls_dtls_prestate_st:
- * @record_seq: record sequence number
- * @hsk_read_seq: handshake read sequence number
- * @hsk_write_seq: handshake write sequence number
- *
- * DTLS cookie prestate struct. This is usually never modified by
- * the application, it is used to carry the cookie data between
- * gnutls_dtls_cookie_send(), gnutls_dtls_cookie_verify() and
- * gnutls_dtls_prestate_set().
- */
+/**
+ * gnutls_dtls_prestate_st:
+ * @record_seq: record sequence number
+ * @hsk_read_seq: handshake read sequence number
+ * @hsk_write_seq: handshake write sequence number
+ *
+ * DTLS cookie prestate struct. This is usually never modified by
+ * the application, it is used to carry the cookie data between
+ * gnutls_dtls_cookie_send(), gnutls_dtls_cookie_verify() and
+ * gnutls_dtls_prestate_set().
+ */
typedef struct
{
unsigned int record_seq;
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 3488c55..dea88db 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -63,34 +63,34 @@ extern "C"
#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
- /**
- * gnutls_cipher_algorithm_t:
- * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
- * @GNUTLS_CIPHER_NULL: NULL algorithm.
- * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
- * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
- * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
- * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
- * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
- * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
- * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
- * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
- * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
- * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
- * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
- * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
- * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode.
- * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode.
- * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode.
- * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode.
- * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit
keys.
- * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys.
- * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys.
- * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys.
- * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode.
- *
- * Enumeration of different symmetric encryption algorithms.
- */
+/**
+ * gnutls_cipher_algorithm_t:
+ * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
+ * @GNUTLS_CIPHER_NULL: NULL algorithm.
+ * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
+ * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
+ * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
+ * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
+ * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
+ * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
+ * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
+ * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
+ * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
+ * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
+ * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
+ * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
+ * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode.
+ * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode.
+ * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode.
+ * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode.
+ * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys.
+ * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys.
+ * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys.
+ * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys.
+ * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode.
+ *
+ * Enumeration of different symmetric encryption algorithms.
+ */
typedef enum gnutls_cipher_algorithm
{
GNUTLS_CIPHER_UNKNOWN = 0,
@@ -121,26 +121,26 @@ extern "C"
GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208
} gnutls_cipher_algorithm_t;
- /**
- * gnutls_kx_algorithm_t:
- * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
- * @GNUTLS_KX_RSA: RSA key-exchange algorithm.
- * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
- * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
- * @GNUTLS_KX_ECDHE_RSA: ECDHE-RSA key-exchange algorithm.
- * @GNUTLS_KX_ECDHE_ECDSA: ECDHE-ECDSA key-exchange algorithm.
- * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
- * @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm.
- * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
- * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm.
- * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
- * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
- * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
- * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
- * @GNUTLS_KX_ECDHE_PSK: ECDHE-PSK key-exchange algorithm.
- *
- * Enumeration of different key exchange algorithms.
- */
+/**
+ * gnutls_kx_algorithm_t:
+ * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
+ * @GNUTLS_KX_RSA: RSA key-exchange algorithm.
+ * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
+ * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
+ * @GNUTLS_KX_ECDHE_RSA: ECDHE-RSA key-exchange algorithm.
+ * @GNUTLS_KX_ECDHE_ECDSA: ECDHE-ECDSA key-exchange algorithm.
+ * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
+ * @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm.
+ * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
+ * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm.
+ * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
+ * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
+ * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
+ * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
+ * @GNUTLS_KX_ECDHE_PSK: ECDHE-PSK key-exchange algorithm.
+ *
+ * Enumeration of different key exchange algorithms.
+ */
typedef enum
{
GNUTLS_KX_UNKNOWN = 0,
@@ -160,14 +160,14 @@ extern "C"
GNUTLS_KX_ECDHE_PSK = 14,
} gnutls_kx_algorithm_t;
- /**
- * gnutls_params_type_t:
- * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters.
- * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
- * @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters.
- *
- * Enumeration of different TLS session parameter types.
- */
+/**
+ * gnutls_params_type_t:
+ * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters.
+ * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
+ * @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters.
+ *
+ * Enumeration of different TLS session parameter types.
+ */
typedef enum
{
GNUTLS_PARAMS_RSA_EXPORT = 1,
@@ -175,16 +175,16 @@ extern "C"
GNUTLS_PARAMS_ECDH = 3,
} gnutls_params_type_t;
- /**
- * gnutls_credentials_type_t:
- * @GNUTLS_CRD_CERTIFICATE: Certificate credential.
- * @GNUTLS_CRD_ANON: Anonymous credential.
- * @GNUTLS_CRD_SRP: SRP credential.
- * @GNUTLS_CRD_PSK: PSK credential.
- * @GNUTLS_CRD_IA: IA credential.
- *
- * Enumeration of different credential types.
- */
+/**
+ * gnutls_credentials_type_t:
+ * @GNUTLS_CRD_CERTIFICATE: Certificate credential.
+ * @GNUTLS_CRD_ANON: Anonymous credential.
+ * @GNUTLS_CRD_SRP: SRP credential.
+ * @GNUTLS_CRD_PSK: PSK credential.
+ * @GNUTLS_CRD_IA: IA credential.
+ *
+ * Enumeration of different credential types.
+ */
typedef enum
{
GNUTLS_CRD_CERTIFICATE = 1,
@@ -197,23 +197,23 @@ extern "C"
#define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
#define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
- /**
- * gnutls_mac_algorithm_t:
- * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
- * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
- * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
- * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
- * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
- * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
- * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
- * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
- * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
- * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
- * @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher.
- *
- * Enumeration of different Message Authentication Code (MAC)
- * algorithms.
- */
+/**
+ * gnutls_mac_algorithm_t:
+ * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
+ * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
+ * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
+ * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
+ * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
+ * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
+ * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
+ * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
+ * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
+ * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
+ * @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher.
+ *
+ * Enumeration of different Message Authentication Code (MAC)
+ * algorithms.
+ */
typedef enum
{
GNUTLS_MAC_UNKNOWN = 0,
@@ -231,21 +231,21 @@ extern "C"
GNUTLS_MAC_AEAD = 200 /* indicates that MAC is on the cipher */
} gnutls_mac_algorithm_t;
- /**
- * gnutls_digest_algorithm_t:
- * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
- * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
- * @GNUTLS_DIG_MD5: MD5 algorithm.
- * @GNUTLS_DIG_SHA1: SHA-1 algorithm.
- * @GNUTLS_DIG_RMD160: RMD160 algorithm.
- * @GNUTLS_DIG_MD2: MD2 algorithm.
- * @GNUTLS_DIG_SHA256: SHA-256 algorithm.
- * @GNUTLS_DIG_SHA384: SHA-384 algorithm.
- * @GNUTLS_DIG_SHA512: SHA-512 algorithm.
- * @GNUTLS_DIG_SHA224: SHA-224 algorithm.
- *
- * Enumeration of different digest (hash) algorithms.
- */
+/**
+ * gnutls_digest_algorithm_t:
+ * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
+ * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
+ * @GNUTLS_DIG_MD5: MD5 algorithm.
+ * @GNUTLS_DIG_SHA1: SHA-1 algorithm.
+ * @GNUTLS_DIG_RMD160: RMD160 algorithm.
+ * @GNUTLS_DIG_MD2: MD2 algorithm.
+ * @GNUTLS_DIG_SHA256: SHA-256 algorithm.
+ * @GNUTLS_DIG_SHA384: SHA-384 algorithm.
+ * @GNUTLS_DIG_SHA512: SHA-512 algorithm.
+ * @GNUTLS_DIG_SHA224: SHA-224 algorithm.
+ *
+ * Enumeration of different digest (hash) algorithms.
+ */
typedef enum
{
GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
@@ -267,15 +267,15 @@ extern "C"
*/
#define GNUTLS_MAX_ALGORITHM_NUM 32
- /**
- * gnutls_compression_method_t:
- * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
- * @GNUTLS_COMP_NULL: The NULL compression method (uncompressed).
- * @GNUTLS_COMP_DEFLATE: The deflate/zlib compression method.
- * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
- *
- * Enumeration of different TLS compression methods.
- */
+/**
+ * gnutls_compression_method_t:
+ * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
+ * @GNUTLS_COMP_NULL: The NULL compression method (uncompressed).
+ * @GNUTLS_COMP_DEFLATE: The deflate/zlib compression method.
+ * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
+ *
+ * Enumeration of different TLS compression methods.
+ */
typedef enum
{
GNUTLS_COMP_UNKNOWN = 0,
@@ -299,56 +299,56 @@ extern "C"
#define GNUTLS_DATAGRAM (1<<2)
#define GNUTLS_NONBLOCK (1<<3)
- /**
- * gnutls_alert_level_t:
- * @GNUTLS_AL_WARNING: Alert of warning severity.
- * @GNUTLS_AL_FATAL: Alert of fatal severity.
- *
- * Enumeration of different TLS alert severities.
- */
+/**
+ * gnutls_alert_level_t:
+ * @GNUTLS_AL_WARNING: Alert of warning severity.
+ * @GNUTLS_AL_FATAL: Alert of fatal severity.
+ *
+ * Enumeration of different TLS alert severities.
+ */
typedef enum
{
GNUTLS_AL_WARNING = 1,
GNUTLS_AL_FATAL
} gnutls_alert_level_t;
- /**
- * gnutls_alert_description_t:
- * @GNUTLS_A_CLOSE_NOTIFY: Close notify.
- * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
- * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
- * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
- * @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
- * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
- * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
- * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
- * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
- * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
- * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
- * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
- * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
- * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
- * @GNUTLS_A_UNKNOWN_CA: CA is unknown.
- * @GNUTLS_A_ACCESS_DENIED: Access was denied.
- * @GNUTLS_A_DECODE_ERROR: Decode error.
- * @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
- * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
- * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
- * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
- * @GNUTLS_A_USER_CANCELED: User canceled.
- * @GNUTLS_A_INTERNAL_ERROR: Internal error.
- * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
- * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
- * specified certificate.
- * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
- * sent.
- * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
- * recognized.
- * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
- * or not known.
- *
- * Enumeration of different TLS alerts.
- */
+/**
+ * gnutls_alert_description_t:
+ * @GNUTLS_A_CLOSE_NOTIFY: Close notify.
+ * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
+ * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
+ * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
+ * @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
+ * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
+ * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
+ * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
+ * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
+ * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
+ * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
+ * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
+ * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
+ * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
+ * @GNUTLS_A_UNKNOWN_CA: CA is unknown.
+ * @GNUTLS_A_ACCESS_DENIED: Access was denied.
+ * @GNUTLS_A_DECODE_ERROR: Decode error.
+ * @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
+ * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
+ * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
+ * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
+ * @GNUTLS_A_USER_CANCELED: User canceled.
+ * @GNUTLS_A_INTERNAL_ERROR: Internal error.
+ * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
+ * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
+ * specified certificate.
+ * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
+ * sent.
+ * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
+ * recognized.
+ * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
+ * or not known.
+ *
+ * Enumeration of different TLS alerts.
+ */
typedef enum
{
GNUTLS_A_CLOSE_NOTIFY,
@@ -381,26 +381,26 @@ extern "C"
GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
} gnutls_alert_description_t;
- /**
- * gnutls_handshake_description_t:
- * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
- * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
- * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
- * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
- * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
- * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
- * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
- * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
- * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
- * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
- * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
- * @GNUTLS_HANDSHAKE_FINISHED: Finished.
- * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
- * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec
- * @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello.
- *
- * Enumeration of different TLS handshake packets.
- */
+/**
+ * gnutls_handshake_description_t:
+ * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
+ * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
+ * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
+ * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
+ * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
+ * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
+ * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
+ * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
+ * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
+ * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
+ * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
+ * @GNUTLS_HANDSHAKE_FINISHED: Finished.
+ * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
+ * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec
+ * @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello.
+ *
+ * Enumeration of different TLS handshake packets.
+ */
typedef enum
{
GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
@@ -420,25 +420,28 @@ extern "C"
GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024,
} gnutls_handshake_description_t;
- /**
- * gnutls_certificate_status_t:
- * @GNUTLS_CERT_INVALID: Will be set if the certificate was not
- * verified.
- * @GNUTLS_CERT_REVOKED: Certificate revoked. In X.509 this will be
- * set only if CRLs are checked.
- * @GNUTLS_CERT_SIGNER_NOT_FOUND: Certificate not verified. Signer
- * not found.
- * @GNUTLS_CERT_SIGNER_NOT_CA: Certificate not verified. Signer
- * not a CA certificate.
- * @GNUTLS_CERT_INSECURE_ALGORITHM: Certificate not verified,
- * insecure algorithm.
- * @GNUTLS_CERT_NOT_ACTIVATED: Certificate not yet activated.
- * @GNUTLS_CERT_EXPIRED: Certificate expired.
- *
- * Enumeration of certificate status codes. Note that the status
- * bits have different meanings in OpenPGP keys and X.509
- * certificate verification.
- */
+/**
+ * gnutls_certificate_status_t:
+ * @GNUTLS_CERT_INVALID: The certificate is not signed by one of the
+ * known authorities or the signature is invalid.
+ * @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509
this will be
+ * set only if CRLs are checked.
+ * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known.
+ * This is the case if the issue is not included in the trusted certificate
list.
+ * not found.
+ * @GNUTLS_CERT_SIGNER_NOT_CA: The certiï¬cateâs signer was not a CA. This
+ * may happen if this was a version 1 certiï¬cate, which is common with
+ * some CAs, or a version 3 certiï¬cate without the basic constrains
extension.
+ * @GNUTLS_CERT_INSECURE_ALGORITHM: The certiï¬cate was signed using an in-
+ * secure algorithm such as MD2 or MD5. These algorithms have been broken and
+ * should not be trusted.
+ * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
+ * @GNUTLS_CERT_EXPIRED: The certificate has expired.
+ *
+ * Enumeration of certificate status codes. Note that the status
+ * bits have different meanings in OpenPGP keys and X.509
+ * certificate verification.
+ */
typedef enum
{
GNUTLS_CERT_INVALID = 2,
@@ -450,14 +453,14 @@ extern "C"
GNUTLS_CERT_EXPIRED = 1024
} gnutls_certificate_status_t;
- /**
- * gnutls_certificate_request_t:
- * @GNUTLS_CERT_IGNORE: Ignore certificate.
- * @GNUTLS_CERT_REQUEST: Request certificate.
- * @GNUTLS_CERT_REQUIRE: Require certificate.
- *
- * Enumeration of certificate request types.
- */
+/**
+ * gnutls_certificate_request_t:
+ * @GNUTLS_CERT_IGNORE: Ignore certificate.
+ * @GNUTLS_CERT_REQUEST: Request certificate.
+ * @GNUTLS_CERT_REQUIRE: Require certificate.
+ *
+ * Enumeration of certificate request types.
+ */
typedef enum
{
GNUTLS_CERT_IGNORE = 0,
@@ -465,45 +468,45 @@ extern "C"
GNUTLS_CERT_REQUIRE = 2
} gnutls_certificate_request_t;
- /**
- * gnutls_openpgp_crt_status_t:
- * @GNUTLS_OPENPGP_CERT: Send entire certificate.
- * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
- *
- * Enumeration of ways to send OpenPGP certificate.
- */
+/**
+ * gnutls_openpgp_crt_status_t:
+ * @GNUTLS_OPENPGP_CERT: Send entire certificate.
+ * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
+ *
+ * Enumeration of ways to send OpenPGP certificate.
+ */
typedef enum
{
GNUTLS_OPENPGP_CERT = 0,
GNUTLS_OPENPGP_CERT_FINGERPRINT = 1
} gnutls_openpgp_crt_status_t;
- /**
- * gnutls_close_request_t:
- * @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
- * @GNUTLS_SHUT_WR: Disallow further sends.
- *
- * Enumeration of how TLS session should be terminated. See gnutls_bye().
- */
+/**
+ * gnutls_close_request_t:
+ * @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
+ * @GNUTLS_SHUT_WR: Disallow further sends.
+ *
+ * Enumeration of how TLS session should be terminated. See gnutls_bye().
+ */
typedef enum
{
GNUTLS_SHUT_RDWR = 0,
GNUTLS_SHUT_WR = 1
} gnutls_close_request_t;
- /**
- * gnutls_protocol_t:
- * @GNUTLS_SSL3: SSL version 3.0.
- * @GNUTLS_TLS1_0: TLS version 1.0.
- * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
- * @GNUTLS_TLS1_1: TLS version 1.1.
- * @GNUTLS_TLS1_2: TLS version 1.2.
- * @GNUTLS_DTLS1_0: DTLS version 1.0.
- * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
- * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
- *
- * Enumeration of different SSL/TLS protocol versions.
- */
+/**
+ * gnutls_protocol_t:
+ * @GNUTLS_SSL3: SSL version 3.0.
+ * @GNUTLS_TLS1_0: TLS version 1.0.
+ * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
+ * @GNUTLS_TLS1_1: TLS version 1.1.
+ * @GNUTLS_TLS1_2: TLS version 1.2.
+ * @GNUTLS_DTLS1_0: DTLS version 1.0.
+ * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
+ * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
+ *
+ * Enumeration of different SSL/TLS protocol versions.
+ */
typedef enum
{
GNUTLS_SSL3 = 1,
@@ -516,14 +519,14 @@ extern "C"
GNUTLS_VERSION_UNKNOWN = 0xff
} gnutls_protocol_t;
- /**
- * gnutls_certificate_type_t:
- * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
- * @GNUTLS_CRT_X509: X.509 Certificate.
- * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
- *
- * Enumeration of different certificate types.
- */
+/**
+ * gnutls_certificate_type_t:
+ * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
+ * @GNUTLS_CRT_X509: X.509 Certificate.
+ * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
+ *
+ * Enumeration of different certificate types.
+ */
typedef enum
{
GNUTLS_CRT_UNKNOWN = 0,
@@ -531,27 +534,27 @@ extern "C"
GNUTLS_CRT_OPENPGP = 2
} gnutls_certificate_type_t;
- /**
- * gnutls_x509_crt_fmt_t:
- * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
- * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
- *
- * Enumeration of different certificate encoding formats.
- */
+/**
+ * gnutls_x509_crt_fmt_t:
+ * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
+ * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
+ *
+ * Enumeration of different certificate encoding formats.
+ */
typedef enum
{
GNUTLS_X509_FMT_DER = 0,
GNUTLS_X509_FMT_PEM = 1
} gnutls_x509_crt_fmt_t;
- /**
- * gnutls_certificate_print_formats_t:
- * @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
- * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
- * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
- *
- * Enumeration of different certificate printing variants.
- */
+/**
+ * gnutls_certificate_print_formats_t:
+ * @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
+ * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
+ * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
+ *
+ * Enumeration of different certificate printing variants.
+ */
typedef enum gnutls_certificate_print_formats
{
GNUTLS_CRT_PRINT_FULL = 0,
@@ -559,16 +562,16 @@ extern "C"
GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2
} gnutls_certificate_print_formats_t;
- /**
- * gnutls_pk_algorithm_t:
- * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
- * @GNUTLS_PK_RSA: RSA public-key algorithm.
- * @GNUTLS_PK_DSA: DSA public-key algorithm.
- * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
- * @GNUTLS_PK_ECC: Elliptic curve algorithm. Used to generate parameters.
- *
- * Enumeration of different public-key algorithms.
- */
+/**
+ * gnutls_pk_algorithm_t:
+ * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
+ * @GNUTLS_PK_RSA: RSA public-key algorithm.
+ * @GNUTLS_PK_DSA: DSA public-key algorithm.
+ * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
+ * @GNUTLS_PK_ECC: Elliptic curve algorithm. Used to generate parameters.
+ *
+ * Enumeration of different public-key algorithms.
+ */
typedef enum
{
GNUTLS_PK_UNKNOWN = 0,
@@ -580,30 +583,30 @@ extern "C"
const char *gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm);
- /**
- * gnutls_sign_algorithm_t:
- * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
- * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
- * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
- * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
- * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
- * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
- * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
- * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
- * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
- * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
- * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
- * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
- * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
- * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
- * @GNUTLS_SIGN_ECDSA_SHA1: ECDSA with SHA1.
- * @GNUTLS_SIGN_ECDSA_SHA256: Digital signature algorithm ECDSA with SHA-256.
- * @GNUTLS_SIGN_ECDSA_SHA384: Digital signature algorithm ECDSA with SHA-384.
- * @GNUTLS_SIGN_ECDSA_SHA512: Digital signature algorithm ECDSA with SHA-512.
- * @GNUTLS_SIGN_ECDSA_SHA224: Digital signature algorithm ECDSA with SHA-224.
- *
- * Enumeration of different digital signature algorithms.
- */
+/**
+ * gnutls_sign_algorithm_t:
+ * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
+ * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
+ * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
+ * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
+ * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
+ * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
+ * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
+ * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
+ * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
+ * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
+ * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
+ * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
+ * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
+ * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
+ * @GNUTLS_SIGN_ECDSA_SHA1: ECDSA with SHA1.
+ * @GNUTLS_SIGN_ECDSA_SHA256: Digital signature algorithm ECDSA with SHA-256.
+ * @GNUTLS_SIGN_ECDSA_SHA384: Digital signature algorithm ECDSA with SHA-384.
+ * @GNUTLS_SIGN_ECDSA_SHA512: Digital signature algorithm ECDSA with SHA-512.
+ * @GNUTLS_SIGN_ECDSA_SHA224: Digital signature algorithm ECDSA with SHA-224.
+ *
+ * Enumeration of different digital signature algorithms.
+ */
typedef enum
{
GNUTLS_SIGN_UNKNOWN = 0,
@@ -627,16 +630,16 @@ extern "C"
GNUTLS_SIGN_ECDSA_SHA512 = 16,
} gnutls_sign_algorithm_t;
- /**
- * gnutls_ecc_curve_t:
- * @GNUTLS_ECC_CURVE_INVALID: Cannot be known
- * @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve
- * @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve
- * @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve
- * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve
- *
- * Enumeration of ECC curves.
- */
+/**
+ * gnutls_ecc_curve_t:
+ * @GNUTLS_ECC_CURVE_INVALID: Cannot be known
+ * @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve
+ * @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve
+ * @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve
+ * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve
+ *
+ * Enumeration of ECC curves.
+ */
typedef enum
{
GNUTLS_ECC_CURVE_INVALID=0,
@@ -646,17 +649,17 @@ typedef enum
GNUTLS_ECC_CURVE_SECP521R1,
} gnutls_ecc_curve_t;
- /**
- * gnutls_sec_param_t:
- * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
- * @GNUTLS_SEC_PARAM_WEAK: 50 or less bits of security
- * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
- * @GNUTLS_SEC_PARAM_NORMAL: 112 bits of security
- * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
- * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
- *
- * Enumeration of security parameters for passive attacks
- */
+/**
+ * gnutls_sec_param_t:
+ * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
+ * @GNUTLS_SEC_PARAM_WEAK: 50 or less bits of security
+ * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
+ * @GNUTLS_SEC_PARAM_NORMAL: 112 bits of security
+ * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
+ * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
+ *
+ * Enumeration of security parameters for passive attacks
+ */
typedef enum
{
GNUTLS_SEC_PARAM_UNKNOWN,
@@ -667,12 +670,12 @@ typedef enum
GNUTLS_SEC_PARAM_ULTRA
} gnutls_sec_param_t;
- /**
- * gnutls_channel_binding_t:
- * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
- *
- * Enumeration of support channel binding types.
- */
+/**
+ * gnutls_channel_binding_t:
+ * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
+ *
+ * Enumeration of support channel binding types.
+ */
typedef enum
{
GNUTLS_CB_TLS_UNIQUE
@@ -854,12 +857,12 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
size_t seed_size, const char *seed,
size_t outsize, char *out);
- /**
- * gnutls_server_name_type_t:
- * @GNUTLS_NAME_DNS: Domain Name System name type.
- *
- * Enumeration of different server name types.
- */
+/**
+ * gnutls_server_name_type_t:
+ * @GNUTLS_NAME_DNS: Domain Name System name type.
+ *
+ * Enumeration of different server name types.
+ */
typedef enum
{
GNUTLS_NAME_DNS = 1
@@ -876,12 +879,12 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
/* Safe renegotiation */
int gnutls_safe_renegotiation_status (gnutls_session_t session);
- /**
- * gnutls_supplemental_data_format_type_t:
- * @GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: Supplemental user mapping data.
- *
- * Enumeration of different supplemental data types (RFC 4680).
- */
+/**
+ * gnutls_supplemental_data_format_type_t:
+ * @GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: Supplemental user mapping data.
+ *
+ * Enumeration of different supplemental data types (RFC 4680).
+ */
typedef enum
{
GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
@@ -1388,13 +1391,13 @@ gnutls_ecc_curve_t
gnutls_ecc_curve_get(gnutls_session_t session);
typedef struct gnutls_psk_client_credentials_st
*gnutls_psk_client_credentials_t;
- /**
- * gnutls_psk_key_flags:
- * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
- * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
- *
- * Enumeration of different PSK key flags.
- */
+/**
+ * gnutls_psk_key_flags:
+ * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
+ * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
+ *
+ * Enumeration of different PSK key flags.
+ */
typedef enum gnutls_psk_key_flags
{
GNUTLS_PSK_KEY_RAW = 0,
@@ -1456,19 +1459,19 @@ gnutls_ecc_curve_t
gnutls_ecc_curve_get(gnutls_session_t session);
res,
gnutls_params_function * func);
- /**
- * gnutls_x509_subject_alt_name_t:
- * @GNUTLS_SAN_DNSNAME: DNS-name SAN.
- * @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
- * @GNUTLS_SAN_URI: URI SAN.
- * @GNUTLS_SAN_IPADDRESS: IP address SAN.
- * @GNUTLS_SAN_OTHERNAME: OtherName SAN.
- * @GNUTLS_SAN_DN: DN SAN.
- * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by
- * gnutls_x509_crt_get_subject_alt_othername_oid().
- *
- * Enumeration of different subject alternative names types.
- */
+/**
+ * gnutls_x509_subject_alt_name_t:
+ * @GNUTLS_SAN_DNSNAME: DNS-name SAN.
+ * @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
+ * @GNUTLS_SAN_URI: URI SAN.
+ * @GNUTLS_SAN_IPADDRESS: IP address SAN.
+ * @GNUTLS_SAN_OTHERNAME: OtherName SAN.
+ * @GNUTLS_SAN_DN: DN SAN.
+ * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by
+ * gnutls_x509_crt_get_subject_alt_othername_oid().
+ *
+ * Enumeration of different subject alternative names types.
+ */
typedef enum gnutls_x509_subject_alt_name_t
{
GNUTLS_SAN_DNSNAME = 1,
@@ -1492,14 +1495,14 @@ gnutls_ecc_curve_t
gnutls_ecc_curve_get(gnutls_session_t session);
struct gnutls_pkcs11_privkey_st;
typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t;
- /**
- * gnutls_privkey_type_t:
- * @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t.
- * @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t.
- * @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t.
- *
- * Enumeration of different private key types.
- */
+/**
+ * gnutls_privkey_type_t:
+ * @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t.
+ * @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t.
+ * @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t.
+ *
+ * Enumeration of different private key types.
+ */
typedef enum
{
GNUTLS_PRIVKEY_X509,
diff --git a/lib/includes/gnutls/pkcs12.h b/lib/includes/gnutls/pkcs12.h
index 45fce1f..85a1259 100644
--- a/lib/includes/gnutls/pkcs12.h
+++ b/lib/includes/gnutls/pkcs12.h
@@ -58,19 +58,19 @@ extern "C"
int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
unsigned int flags);
- /**
- * gnutls_pkcs12_bag_type_t:
- * @GNUTLS_BAG_EMPTY: Empty PKCS-12 bag.
- * @GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: PKCS-12 bag with PKCS-8 encrypted key.
- * @GNUTLS_BAG_PKCS8_KEY: PKCS-12 bag with PKCS-8 key.
- * @GNUTLS_BAG_CERTIFICATE: PKCS-12 bag with certificate.
- * @GNUTLS_BAG_CRL: PKCS-12 bag with CRL.
- * @GNUTLS_BAG_SECRET: PKCS-12 bag with secret PKCS-9 keys.
- * @GNUTLS_BAG_ENCRYPTED: Encrypted PKCS-12 bag.
- * @GNUTLS_BAG_UNKNOWN: Unknown PKCS-12 bag.
- *
- * Enumeration of different PKCS 12 bag types.
- */
+/**
+ * gnutls_pkcs12_bag_type_t:
+ * @GNUTLS_BAG_EMPTY: Empty PKCS-12 bag.
+ * @GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: PKCS-12 bag with PKCS-8 encrypted key.
+ * @GNUTLS_BAG_PKCS8_KEY: PKCS-12 bag with PKCS-8 key.
+ * @GNUTLS_BAG_CERTIFICATE: PKCS-12 bag with certificate.
+ * @GNUTLS_BAG_CRL: PKCS-12 bag with CRL.
+ * @GNUTLS_BAG_SECRET: PKCS-12 bag with secret PKCS-9 keys.
+ * @GNUTLS_BAG_ENCRYPTED: Encrypted PKCS-12 bag.
+ * @GNUTLS_BAG_UNKNOWN: Unknown PKCS-12 bag.
+ *
+ * Enumeration of different PKCS 12 bag types.
+ */
typedef enum gnutls_pkcs12_bag_type_t
{
GNUTLS_BAG_EMPTY = 0,
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 9344558..67b5a1e 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -527,11 +527,13 @@ extern "C"
* unless you know what this means.
* @GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: If set a signer in the trusted
* list is never checked for expiration or activation.
- * @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow trusted CA
- * certificates that have version 1. This is the default.
+ * @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow trusted CA certiï¬cates
+ * with version 1. This is safer than
%GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT,
+ * and should be used instead. That way only signers in your trusted list
+ * will be allowed to have certiï¬cates of version 1. This is the default.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA
* certificates that have version 1. This option is to be used
- * to deprecate all V1 certificates.
+ * to deprecate all certificates of version 1.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by
* anyone trusted but exists in the trusted CA list do not treat it
* as trusted.
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_2-34-g49df2b0,
Nikos Mavrogiannopoulos <=