ABI
Tracker

(GnuTLS)



Headers diff: 3.0.22 vs 3.0.26



 gnutls.h (3.0.22)   gnutls.h (3.0.26) 
skipping to change at line 54 skipping to change at line 54
#include <sys/types.h> #include <sys/types.h>
/* *INDENT-ON* */ /* *INDENT-ON* */
#endif #endif
/* Get time_t. */ /* Get time_t. */
#include <time.h> #include <time.h>
#ifdef __cplusplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#define GNUTLS_VERSION "3.0.22" #define GNUTLS_VERSION "3.0.26"
#define GNUTLS_VERSION_MAJOR 3 #define GNUTLS_VERSION_MAJOR 3
#define GNUTLS_VERSION_MINOR 0 #define GNUTLS_VERSION_MINOR 0
#define GNUTLS_VERSION_PATCH 22 #define GNUTLS_VERSION_PATCH 26
#define GNUTLS_VERSION_NUMBER 0x030016 #define GNUTLS_VERSION_NUMBER 0x03001a
#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
/** /**
* gnutls_cipher_algorithm_t: * gnutls_cipher_algorithm_t:
* @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm. * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
* @GNUTLS_CIPHER_NULL: NULL algorithm. * @GNUTLS_CIPHER_NULL: NULL algorithm.
skipping to change at line 296 skipping to change at line 296
} gnutls_compression_method_t; } gnutls_compression_method_t;
/* /*
* Flags for gnutls_init() * Flags for gnutls_init()
* *
* @GNUTLS_SERVER: Connection end is a server. * @GNUTLS_SERVER: Connection end is a server.
* @GNUTLS_CLIENT: Connection end is a client. * @GNUTLS_CLIENT: Connection end is a client.
* @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS). * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
* @GNUTLS_NONBLOCK: Connection should not block (DTLS). * @GNUTLS_NONBLOCK: Connection should not block (DTLS).
* *
* Enumeration of different TLS connection end types.
*/ */
#define GNUTLS_SERVER 1 #define GNUTLS_SERVER 1
#define GNUTLS_CLIENT (1<<1) #define GNUTLS_CLIENT (1<<1)
#define GNUTLS_DATAGRAM (1<<2) #define GNUTLS_DATAGRAM (1<<2)
#define GNUTLS_NONBLOCK (1<<3) #define GNUTLS_NONBLOCK (1<<3)
/** /**
* gnutls_alert_level_t: * gnutls_alert_level_t:
* @GNUTLS_AL_WARNING: Alert of warning severity. * @GNUTLS_AL_WARNING: Alert of warning severity.
* @GNUTLS_AL_FATAL: Alert of fatal severity. * @GNUTLS_AL_FATAL: Alert of fatal severity.
skipping to change at line 440 skipping to change at line 439
* @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known. * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known.
* This is the case if the issuer is not included in the trusted certific ate list. * This is the case if the issuer is not included in the trusted certific ate list.
* @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This * @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This
* may happen if this was a version 1 certificate, which is common with * may happen if this was a version 1 certificate, which is common with
* some CAs, or a version 3 certificate without the basic constrains exte nsion. * some CAs, or a version 3 certificate without the basic constrains exte nsion.
* @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an in secure * @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an in secure
* algorithm such as MD2 or MD5. These algorithms have been broken and * algorithm such as MD2 or MD5. These algorithms have been broken and
* should not be trusted. * should not be trusted.
* @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated. * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
* @GNUTLS_CERT_EXPIRED: The certificate has expired. * @GNUTLS_CERT_EXPIRED: The certificate has expired.
* @GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: The revocation data are old and
have been superseded.
* @GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: The revocation data have
a future issue date.
* *
* Enumeration of certificate status codes. Note that the status * Enumeration of certificate status codes. Note that the status
* bits have different meanings in OpenPGP keys and X.509 * bits have different meanings in OpenPGP keys and X.509
* certificate verification. * certificate verification.
*/ */
typedef enum typedef enum
{ {
GNUTLS_CERT_INVALID = 2, GNUTLS_CERT_INVALID = 1<<1,
GNUTLS_CERT_REVOKED = 32, GNUTLS_CERT_REVOKED = 1<<5,
GNUTLS_CERT_SIGNER_NOT_FOUND = 64, GNUTLS_CERT_SIGNER_NOT_FOUND = 1<<6,
GNUTLS_CERT_SIGNER_NOT_CA = 128, GNUTLS_CERT_SIGNER_NOT_CA = 1<<7,
GNUTLS_CERT_INSECURE_ALGORITHM = 256, GNUTLS_CERT_INSECURE_ALGORITHM = 1<<8,
GNUTLS_CERT_NOT_ACTIVATED = 512, GNUTLS_CERT_NOT_ACTIVATED = 1<<9,
GNUTLS_CERT_EXPIRED = 1024 GNUTLS_CERT_EXPIRED = 1<<10,
GNUTLS_CERT_SIGNATURE_FAILURE = 1<<11,
GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED = 1<<12,
GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = 1<<15,
} gnutls_certificate_status_t; } gnutls_certificate_status_t;
/** /**
* gnutls_certificate_request_t: * gnutls_certificate_request_t:
* @GNUTLS_CERT_IGNORE: Ignore certificate. * @GNUTLS_CERT_IGNORE: Ignore certificate.
* @GNUTLS_CERT_REQUEST: Request certificate. * @GNUTLS_CERT_REQUEST: Request certificate.
* @GNUTLS_CERT_REQUIRE: Require certificate. * @GNUTLS_CERT_REQUIRE: Require certificate.
* *
* Enumeration of certificate request types. * Enumeration of certificate request types.
*/ */
skipping to change at line 1897 skipping to change at line 1901
#define GNUTLS_E_USER_ERROR -320 #define GNUTLS_E_USER_ERROR -320
#define GNUTLS_E_ECC_NO_SUPPORTED_CURVES -321 #define GNUTLS_E_ECC_NO_SUPPORTED_CURVES -321
#define GNUTLS_E_ECC_UNSUPPORTED_CURVE -322 #define GNUTLS_E_ECC_UNSUPPORTED_CURVE -322
#define GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE -323 #define GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE -323
#define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324 #define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324
#define GNUTLS_E_ILLEGAL_PARAMETER -325 #define GNUTLS_E_ILLEGAL_PARAMETER -325
#define GNUTLS_E_NO_PRIORITIES_WERE_SET -326 #define GNUTLS_E_NO_PRIORITIES_WERE_SET -326
#define GNUTLS_E_X509_UNSUPPORTED_EXTENSION -327 #define GNUTLS_E_X509_UNSUPPORTED_EXTENSION -327
#define GNUTLS_E_SESSION_EOF -328 #define GNUTLS_E_SESSION_EOF -328
#define GNUTLS_E_OCSP_RESPONSE_ERROR -341
#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
#define GNUTLS_E_APPLICATION_ERROR_MAX -65000 #define GNUTLS_E_APPLICATION_ERROR_MAX -65000
#define GNUTLS_E_APPLICATION_ERROR_MIN -65500 #define GNUTLS_E_APPLICATION_ERROR_MIN -65500
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#include <gnutls/compat.h> #include <gnutls/compat.h>
 End of changes. 7 change blocks. 
11 lines changed or deleted 19 lines changed or added


 ocsp.h (3.0.22)   ocsp.h (3.0.26) 
skipping to change at line 252 skipping to change at line 252
int gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp, int gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
gnutls_x509_crt_t issuer, gnutls_x509_crt_t issuer,
unsigned int *verify, unsigned int *verify,
unsigned int flags); unsigned int flags);
int gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp, int gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp,
gnutls_x509_trust_list_t trustlist, gnutls_x509_trust_list_t trustlist,
unsigned int *verify, unsigned int *verify,
unsigned int flags); unsigned int flags);
int gnutls_ocsp_resp_check_crt (gnutls_ocsp_resp_t resp,
unsigned int indx,
gnutls_x509_crt_t crt);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* GNUTLS_OCSP_H */ #endif /* GNUTLS_OCSP_H */
 End of changes. 1 change blocks. 
0 lines changed or deleted 4 lines changed or added


 openpgp.h (3.0.22)   openpgp.h (3.0.26) 
skipping to change at line 31 skipping to change at line 31
*/ */
/* This file contains the types and prototypes for the OpenPGP /* This file contains the types and prototypes for the OpenPGP
* key and private key parsing functions. * key and private key parsing functions.
*/ */
#ifndef GNUTLS_OPENPGP_H #ifndef GNUTLS_OPENPGP_H
#define GNUTLS_OPENPGP_H #define GNUTLS_OPENPGP_H
#include <gnutls/gnutls.h> #include <gnutls/gnutls.h>
#include <limits.h>
#ifdef __cplusplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
/* Openpgp certificate stuff /* Openpgp certificate stuff
*/ */
/** /**
skipping to change at line 79 skipping to change at line 80
void *output_data, void *output_data,
size_t * output_data_size); size_t * output_data_size);
int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert, int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert,
gnutls_certificate_print_formats_t format, gnutls_certificate_print_formats_t format,
gnutls_datum_t * out); gnutls_datum_t * out);
/* The key_usage flags are defined in gnutls.h. They are /* The key_usage flags are defined in gnutls.h. They are
* the GNUTLS_KEY_* definitions. * the GNUTLS_KEY_* definitions.
*/ */
#define GNUTLS_OPENPGP_MASTER_KEYID_IDX INT_MAX
int gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key, int gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key,
unsigned int *key_usage); unsigned int *key_usage);
int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, void *f pr, int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, void *f pr,
size_t * fprlen); size_t * fprlen);
int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key, int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
unsigned int idx, unsigned int idx,
void *fpr, size_t * fprlen ); void *fpr, size_t * fprlen );
int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
int idx, char *buf, size_t * sizeof_buf) ; int idx, char *buf, size_t * sizeof_buf) ;
 End of changes. 2 change blocks. 
0 lines changed or deleted 3 lines changed or added


 x509.h (3.0.22)   x509.h (3.0.26) 
skipping to change at line 599 skipping to change at line 599
* @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow trusted CA certificates * @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow trusted CA certificates
* with version 1. This is safer than %GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA _CRT, * with version 1. This is safer than %GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA _CRT,
* and should be used instead. That way only signers in your trusted list * and should be used instead. That way only signers in your trusted list
* will be allowed to have certificates of version 1. This is the default. * will be allowed to have certificates of version 1. This is the default.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA * @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA
* certificates that have version 1. This option is to be used * certificates that have version 1. This option is to be used
* to deprecate all certificates of version 1. * to deprecate all certificates of version 1.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by * @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by
* anyone trusted but exists in the trusted CA list do not treat it * anyone trusted but exists in the trusted CA list do not treat it
* as trusted. * as trusted.
* @GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN: A certificate chain is tolerated
* if unsorted (the case with many TLS servers out there).
* @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that * @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that
* have version 1 (both root and intermediate). This might be * have version 1 (both root and intermediate). This might be
* dangerous since those haven't the basicConstraints * dangerous since those haven't the basicConstraints
* extension. Must be used in combination with * extension. Must be used in combination with
* %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT. * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.
* @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed
* using the broken MD2 algorithm. * using the broken MD2 algorithm.
* @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed
* using the broken MD5 algorithm. * using the broken MD5 algorithm.
* @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation * @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation
skipping to change at line 628 skipping to change at line 630
GNUTLS_VERIFY_DISABLE_CA_SIGN = 1, GNUTLS_VERIFY_DISABLE_CA_SIGN = 1,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2,
GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4, GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4,
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8, GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32,
GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 64, GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 64,
GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 128, GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 128,
GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256, GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256,
GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 512, GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 512,
GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1024,
} gnutls_certificate_verify_flags; } gnutls_certificate_verify_flags;
int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert, int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
gnutls_x509_crt_t issuer); gnutls_x509_crt_t issuer);
int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
int cert_list_length, int cert_list_length,
const gnutls_x509_crt_t * CA_list, const gnutls_x509_crt_t * CA_list,
int CA_list_length, int CA_list_length,
const gnutls_x509_crl_t * CRL_list, const gnutls_x509_crl_t * CRL_list,
 End of changes. 2 change blocks. 
0 lines changed or deleted 3 lines changed or added

This html diff was produced by rfcdiff 1.41.The latest version is available from http://tools.ietf.org/tools/rfcdiff/