ABI
Tracker

(GnuTLS)



Headers diff: 3.2.21 vs 3.3.0



 abstract.h (3.2.21)   abstract.h (3.3.0) 
skipping to change at line 74 skipping to change at line 74
const gnutls_datum_t * const gnutls_datum_t *
ciphertext, ciphertext,
gnutls_datum_t * plaintext); gnutls_datum_t * plaintext);
typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key, typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key,
void *userdata); void *userdata);
int gnutls_pubkey_init(gnutls_pubkey_t * key); int gnutls_pubkey_init(gnutls_pubkey_t * key);
void gnutls_pubkey_deinit(gnutls_pubkey_t key); void gnutls_pubkey_deinit(gnutls_pubkey_t key);
int gnutls_pubkey_verify_params(gnutls_pubkey_t key);
void gnutls_pubkey_set_pin_function(gnutls_pubkey_t key, void gnutls_pubkey_set_pin_function(gnutls_pubkey_t key,
gnutls_pin_callback_t fn, gnutls_pin_callback_t fn,
void *userdata); void *userdata);
int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key, int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key,
unsigned int *bits); unsigned int *bits);
int gnutls_pubkey_import_x509(gnutls_pubkey_t key, int gnutls_pubkey_import_x509(gnutls_pubkey_t key,
gnutls_x509_crt_t crt, unsigned int flags); gnutls_x509_crt_t crt, unsigned int flags);
int gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key, int gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key,
skipping to change at line 128 skipping to change at line 130
int int
gnutls_pubkey_import_tpm_raw(gnutls_pubkey_t pkey, gnutls_pubkey_import_tpm_raw(gnutls_pubkey_t pkey,
const gnutls_datum_t * fdata, const gnutls_datum_t * fdata,
gnutls_tpmkey_fmt_t format, gnutls_tpmkey_fmt_t format,
const char *srk_password, unsigned int flags); const char *srk_password, unsigned int flags);
int gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, int gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
gnutls_digest_algorithm_t gnutls_digest_algorithm_t
* hash, unsigned int *mand); * hash, unsigned int *mand);
int gnutls_pubkey_get_pk_rsa_raw(gnutls_pubkey_t key, #define gnutls_pubkey_get_pk_rsa_raw gnutls_pubkey_export_rsa_raw
int gnutls_pubkey_export_rsa_raw(gnutls_pubkey_t key,
gnutls_datum_t * m, gnutls_datum_t * e); gnutls_datum_t * m, gnutls_datum_t * e);
int gnutls_pubkey_get_pk_dsa_raw(gnutls_pubkey_t key,
#define gnutls_pubkey_get_pk_dsa_raw gnutls_pubkey_export_dsa_raw
int gnutls_pubkey_export_dsa_raw(gnutls_pubkey_t key,
gnutls_datum_t * p, gnutls_datum_t * p,
gnutls_datum_t * q, gnutls_datum_t * q,
gnutls_datum_t * g, gnutls_datum_t * y); gnutls_datum_t * g, gnutls_datum_t * y);
int gnutls_pubkey_get_pk_ecc_raw(gnutls_pubkey_t key,
#define gnutls_pubkey_get_pk_ecc_raw gnutls_pubkey_export_ecc_raw
int gnutls_pubkey_export_ecc_raw(gnutls_pubkey_t key,
gnutls_ecc_curve_t * curve, gnutls_ecc_curve_t * curve,
gnutls_datum_t * x, gnutls_datum_t * y); gnutls_datum_t * x, gnutls_datum_t * y);
int gnutls_pubkey_get_pk_ecc_x962(gnutls_pubkey_t key,
#define gnutls_pubkey_get_pk_ecc_x962 gnutls_pubkey_export_ecc_x962
int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key,
gnutls_datum_t * parameters, gnutls_datum_t * parameters,
gnutls_datum_t * ecpoint); gnutls_datum_t * ecpoint);
int gnutls_pubkey_export(gnutls_pubkey_t key, int gnutls_pubkey_export(gnutls_pubkey_t key,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size); void *output_data, size_t * output_data_size);
int gnutls_pubkey_export2(gnutls_pubkey_t key, int gnutls_pubkey_export2(gnutls_pubkey_t key,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
gnutls_datum_t * out); gnutls_datum_t * out);
skipping to change at line 227 skipping to change at line 236
gnutls_sign_algorithm_t algo, gnutls_sign_algorithm_t algo,
unsigned int flags, unsigned int flags,
const gnutls_datum_t * data, const gnutls_datum_t * data,
const gnutls_datum_t * signature); const gnutls_datum_t * signature);
/* Private key operations */ /* Private key operations */
int gnutls_privkey_init(gnutls_privkey_t * key); int gnutls_privkey_init(gnutls_privkey_t * key);
void gnutls_privkey_deinit(gnutls_privkey_t key); void gnutls_privkey_deinit(gnutls_privkey_t key);
void gnutls_privkey_set_pin_function(gnutls_privkey_t key, /* macros to allow specifying a subgroup and group size in gnutls_privkey_g
gnutls_pin_callback_t fn, enerate()
void *userdata); * and gnutls_x509_privkey_generate() */
#define GNUTLS_SUBGROUP_TO_BITS(group, subgroup) (unsigned int)((subgroup<<
16)|(group))
#define GNUTLS_BITS_TO_SUBGROUP(bits) ((bits >> 16) & 0xFFFF)
#define GNUTLS_BITS_TO_GROUP(bits) (bits & 0xFFFF)
#define GNUTLS_BITS_HAVE_SUBGROUP(bits) ((bits) & 0xFFFF0000)
int
gnutls_privkey_generate (gnutls_privkey_t key,
gnutls_pk_algorithm_t algo, unsigned int bits,
unsigned int flags);
int gnutls_privkey_verify_params(gnutls_privkey_t key);
void gnutls_privkey_set_pin_function (gnutls_privkey_t key,
gnutls_pin_callback_t fn, void *userd
ata);
int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key, int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key,
unsigned int *bits); unsigned int *bits);
gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key); gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key);
int gnutls_privkey_status(gnutls_privkey_t key); int gnutls_privkey_status(gnutls_privkey_t key);
/** /**
* gnutls_privkey_flags: * gnutls_privkey_flags:
* @GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA: Make an RSA signature on the hashed data as in the TLS protocol. * @GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA: Make an RSA signature on the hashed data as in the TLS protocol.
* @GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE: When importing a private key, autom atically * @GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE: When importing a private key, autom atically
skipping to change at line 316 skipping to change at line 338
int int
gnutls_privkey_import_ext2(gnutls_privkey_t pkey, gnutls_privkey_import_ext2(gnutls_privkey_t pkey,
gnutls_pk_algorithm_t pk, gnutls_pk_algorithm_t pk,
void *userdata, void *userdata,
gnutls_privkey_sign_func sign_func, gnutls_privkey_sign_func sign_func,
gnutls_privkey_decrypt_func gnutls_privkey_decrypt_func
decrypt_func, decrypt_func,
gnutls_privkey_deinit_func deinit_func, gnutls_privkey_deinit_func deinit_func,
unsigned int flags); unsigned int flags);
int gnutls_privkey_import_dsa_raw(gnutls_privkey_t key,
const gnutls_datum_t * p,
const gnutls_datum_t * q,
const gnutls_datum_t * g,
const gnutls_datum_t * y,
const gnutls_datum_t * x);
int gnutls_privkey_import_rsa_raw(gnutls_privkey_t key,
const gnutls_datum_t * m,
const gnutls_datum_t * e,
const gnutls_datum_t * d,
const gnutls_datum_t * p,
const gnutls_datum_t * q,
const gnutls_datum_t * u,
const gnutls_datum_t * e1,
const gnutls_datum_t * e2);
int gnutls_privkey_import_ecc_raw(gnutls_privkey_t key,
gnutls_ecc_curve_t curve,
const gnutls_datum_t * x,
const gnutls_datum_t * y,
const gnutls_datum_t * k);
int gnutls_privkey_sign_data(gnutls_privkey_t signer, int gnutls_privkey_sign_data(gnutls_privkey_t signer,
gnutls_digest_algorithm_t hash, gnutls_digest_algorithm_t hash,
unsigned int flags, unsigned int flags,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_datum_t * signature); gnutls_datum_t * signature);
int gnutls_privkey_sign_hash(gnutls_privkey_t signer, int gnutls_privkey_sign_hash(gnutls_privkey_t signer,
gnutls_digest_algorithm_t hash_algo, gnutls_digest_algorithm_t hash_algo,
unsigned int flags, unsigned int flags,
const gnutls_datum_t * hash_data, const gnutls_datum_t * hash_data,
gnutls_datum_t * signature); gnutls_datum_t * signature);
int gnutls_privkey_decrypt_data(gnutls_privkey_t key, int gnutls_privkey_decrypt_data(gnutls_privkey_t key,
unsigned int flags, unsigned int flags,
const gnutls_datum_t * ciphertext, const gnutls_datum_t * ciphertext,
gnutls_datum_t * plaintext); gnutls_datum_t * plaintext);
int
gnutls_privkey_export_rsa_raw(gnutls_privkey_t key,
gnutls_datum_t * m, gnutls_datum_t * e,
gnutls_datum_t * d, gnutls_datum_t * p,
gnutls_datum_t * q, gnutls_datum_t * u,
gnutls_datum_t * e1,
gnutls_datum_t * e2);
int
gnutls_privkey_export_dsa_raw(gnutls_privkey_t key,
gnutls_datum_t * p, gnutls_datum_t * q,
gnutls_datum_t * g, gnutls_datum_t * y,
gnutls_datum_t * x);
int
gnutls_privkey_export_ecc_raw(gnutls_privkey_t key,
gnutls_ecc_curve_t * curve,
gnutls_datum_t * x,
gnutls_datum_t * y,
gnutls_datum_t * k);
int gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt, int gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt,
gnutls_x509_crt_t issuer, gnutls_x509_crt_t issuer,
gnutls_privkey_t issuer_key, gnutls_privkey_t issuer_key,
gnutls_digest_algorithm_t dig, gnutls_digest_algorithm_t dig,
unsigned int flags); unsigned int flags);
int gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl, int gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl,
gnutls_x509_crt_t issuer, gnutls_x509_crt_t issuer,
gnutls_privkey_t issuer_key, gnutls_privkey_t issuer_key,
gnutls_digest_algorithm_t dig, gnutls_digest_algorithm_t dig,
 End of changes. 8 change blocks. 
7 lines changed or deleted 75 lines changed or added


 compat.h (3.2.21)   compat.h (3.3.0) 
skipping to change at line 116 skipping to change at line 116
typedef gnutls_params_type_t gnutls_params_type typedef gnutls_params_type_t gnutls_params_type
_GNUTLS_GCC_ATTR_DEPRECATED; _GNUTLS_GCC_ATTR_DEPRECATED;
typedef gnutls_credentials_type_t gnutls_credentials_type typedef gnutls_credentials_type_t gnutls_credentials_type
_GNUTLS_GCC_ATTR_DEPRECATED; _GNUTLS_GCC_ATTR_DEPRECATED;
typedef gnutls_certificate_type_t gnutls_certificate_type typedef gnutls_certificate_type_t gnutls_certificate_type
_GNUTLS_GCC_ATTR_DEPRECATED; _GNUTLS_GCC_ATTR_DEPRECATED;
typedef gnutls_datum_t gnutls_datum _GNUTLS_GCC_ATTR_DEPRECATED; typedef gnutls_datum_t gnutls_datum _GNUTLS_GCC_ATTR_DEPRECATED;
typedef gnutls_transport_ptr_t gnutls_transport_ptr typedef gnutls_transport_ptr_t gnutls_transport_ptr
_GNUTLS_GCC_ATTR_DEPRECATED; _GNUTLS_GCC_ATTR_DEPRECATED;
/* Old verification flags */
#define GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT (0)
/* Old SRP alerts removed in 2.1.x because the TLS-SRP RFC was /* Old SRP alerts removed in 2.1.x because the TLS-SRP RFC was
modified to use the PSK alert. */ modified to use the PSK alert. */
#define GNUTLS_A_MISSING_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY #define GNUTLS_A_MISSING_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY
#define GNUTLS_A_UNKNOWN_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY #define GNUTLS_A_UNKNOWN_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY
/* OpenPGP stuff renamed in 2.1.x. */ /* OpenPGP stuff renamed in 2.1.x. */
#define GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT #define GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT
#define GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT #define GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT
#define gnutls_openpgp_send_key gnutls_openpgp_send_cert #define gnutls_openpgp_send_key gnutls_openpgp_send_cert
typedef gnutls_openpgp_crt_status_t gnutls_openpgp_key_status_t typedef gnutls_openpgp_crt_status_t gnutls_openpgp_key_status_t
skipping to change at line 391 skipping to change at line 394
_GNUTLS_GCC_ATTR_DEPRECATED; _GNUTLS_GCC_ATTR_DEPRECATED;
static inline const void static inline const void
*gnutls_session_get_client_random(gnutls_session_t session) *gnutls_session_get_client_random(gnutls_session_t session)
{ {
gnutls_datum_t rnd; gnutls_datum_t rnd;
gnutls_session_get_random(session, &rnd, NULL); /*doc-skip */ gnutls_session_get_random(session, &rnd, NULL); /*doc-skip */
return rnd.data; return rnd.data;
} }
#endif #endif
void
gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func,
gnutls_alloc_function secure_alloc_func,
gnutls_is_secure_function is_secure_func,
gnutls_realloc_function realloc_func,
gnutls_free_function free_func) _GNUTLS_GCC_
ATTR_DEPRECATED;
/* *INDENT-OFF* */ /* *INDENT-OFF* */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
/* *INDENT-ON* */ /* *INDENT-ON* */
#endif /* _GNUTLS_COMPAT_H */ #endif /* _GNUTLS_COMPAT_H */
 End of changes. 2 change blocks. 
0 lines changed or deleted 11 lines changed or added


 gnutls.h (3.2.21)   gnutls.h (3.3.0) 
skipping to change at line 56 skipping to change at line 56
#endif #endif
/* Get time_t. */ /* Get time_t. */
#include <time.h> #include <time.h>
/* *INDENT-OFF* */ /* *INDENT-OFF* */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/* *INDENT-ON* */ /* *INDENT-ON* */
#define GNUTLS_VERSION "3.2.21" #define GNUTLS_VERSION "3.3.0"
#define GNUTLS_VERSION_MAJOR 3 #define GNUTLS_VERSION_MAJOR 3
#define GNUTLS_VERSION_MINOR 2 #define GNUTLS_VERSION_MINOR 3
#define GNUTLS_VERSION_PATCH 21 #define GNUTLS_VERSION_PATCH 0
#define GNUTLS_VERSION_NUMBER 0x030215 #define GNUTLS_VERSION_NUMBER 0x030300
#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
/** /**
* gnutls_cipher_algorithm_t: * gnutls_cipher_algorithm_t:
* @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm. * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
* @GNUTLS_CIPHER_NULL: NULL algorithm. * @GNUTLS_CIPHER_NULL: NULL algorithm.
skipping to change at line 666 skipping to change at line 666
GNUTLS_SIGN_RSA_SHA384 = 7, GNUTLS_SIGN_RSA_SHA384 = 7,
GNUTLS_SIGN_RSA_SHA512 = 8, GNUTLS_SIGN_RSA_SHA512 = 8,
GNUTLS_SIGN_RSA_SHA224 = 9, GNUTLS_SIGN_RSA_SHA224 = 9,
GNUTLS_SIGN_DSA_SHA224 = 10, GNUTLS_SIGN_DSA_SHA224 = 10,
GNUTLS_SIGN_DSA_SHA256 = 11, GNUTLS_SIGN_DSA_SHA256 = 11,
GNUTLS_SIGN_ECDSA_SHA1 = 12, GNUTLS_SIGN_ECDSA_SHA1 = 12,
GNUTLS_SIGN_ECDSA_SHA224 = 13, GNUTLS_SIGN_ECDSA_SHA224 = 13,
GNUTLS_SIGN_ECDSA_SHA256 = 14, GNUTLS_SIGN_ECDSA_SHA256 = 14,
GNUTLS_SIGN_ECDSA_SHA384 = 15, GNUTLS_SIGN_ECDSA_SHA384 = 15,
GNUTLS_SIGN_ECDSA_SHA512 = 16, GNUTLS_SIGN_ECDSA_SHA512 = 16,
GNUTLS_SIGN_DSA_SHA384 = 17,
GNUTLS_SIGN_DSA_SHA512 = 18,
} gnutls_sign_algorithm_t; } gnutls_sign_algorithm_t;
/** /**
* gnutls_ecc_curve_t: * gnutls_ecc_curve_t:
* @GNUTLS_ECC_CURVE_INVALID: Cannot be known * @GNUTLS_ECC_CURVE_INVALID: Cannot be known
* @GNUTLS_ECC_CURVE_SECP192R1: the SECP192R1 curve * @GNUTLS_ECC_CURVE_SECP192R1: the SECP192R1 curve
* @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve * @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve
* @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve * @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve
* @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve * @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve
* @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve
skipping to change at line 703 skipping to change at line 705
/** /**
* gnutls_sec_param_t: * gnutls_sec_param_t:
* @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
* @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security * @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security
* @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security * @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security
* @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security * @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security
* @GNUTLS_SEC_PARAM_WEAK: 72 bits of security * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security
* @GNUTLS_SEC_PARAM_LOW: 80 bits of security * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
* @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security * @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security
* @GNUTLS_SEC_PARAM_NORMAL: 112 bits of security * @GNUTLS_SEC_PARAM_MEDIUM: 112 bits of security (used to be %GNUTLS_SEC_P ARAM_NORMAL)
* @GNUTLS_SEC_PARAM_HIGH: 128 bits of security * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
* @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
* *
* Enumeration of security parameters for passive attacks. * Enumeration of security parameters for passive attacks.
*/ */
typedef enum { typedef enum {
GNUTLS_SEC_PARAM_INSECURE = -20, GNUTLS_SEC_PARAM_INSECURE = -20,
GNUTLS_SEC_PARAM_EXPORT = -15, GNUTLS_SEC_PARAM_EXPORT = -15,
GNUTLS_SEC_PARAM_VERY_WEAK = -12, GNUTLS_SEC_PARAM_VERY_WEAK = -12,
GNUTLS_SEC_PARAM_WEAK = -10, GNUTLS_SEC_PARAM_WEAK = -10,
GNUTLS_SEC_PARAM_UNKNOWN = 0, GNUTLS_SEC_PARAM_UNKNOWN = 0,
GNUTLS_SEC_PARAM_LOW = 1, GNUTLS_SEC_PARAM_LOW = 1,
GNUTLS_SEC_PARAM_LEGACY = 2, GNUTLS_SEC_PARAM_LEGACY = 2,
GNUTLS_SEC_PARAM_NORMAL = 3, GNUTLS_SEC_PARAM_MEDIUM = 3,
GNUTLS_SEC_PARAM_HIGH = 4, GNUTLS_SEC_PARAM_HIGH = 4,
GNUTLS_SEC_PARAM_ULTRA = 5, GNUTLS_SEC_PARAM_ULTRA = 5,
} gnutls_sec_param_t; } gnutls_sec_param_t;
/* old name */
#define GNUTLS_SEC_PARAM_NORMAL GNUTLS_SEC_PARAM_MEDIUM
/** /**
* gnutls_channel_binding_t: * gnutls_channel_binding_t:
* @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
* *
* Enumeration of support channel binding types. * Enumeration of support channel binding types.
*/ */
typedef enum { typedef enum {
GNUTLS_CB_TLS_UNIQUE GNUTLS_CB_TLS_UNIQUE
} gnutls_channel_binding_t; } gnutls_channel_binding_t;
skipping to change at line 799 skipping to change at line 804
gnutls_alert_description_t desc); gnutls_alert_description_t desc);
int gnutls_alert_send_appropriate(gnutls_session_t session, int err); int gnutls_alert_send_appropriate(gnutls_session_t session, int err);
const char *gnutls_alert_get_name(gnutls_alert_description_t alert); const char *gnutls_alert_get_name(gnutls_alert_description_t alert);
const char *gnutls_alert_get_strname(gnutls_alert_description_t alert); const char *gnutls_alert_get_strname(gnutls_alert_description_t alert);
gnutls_sec_param_t gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo, gnutls_sec_param_t gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo,
unsigned int bits); unsigned int bits);
const char *gnutls_sec_param_get_name(gnutls_sec_param_t param); const char *gnutls_sec_param_get_name(gnutls_sec_param_t param);
unsigned int gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo, unsigned int gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo,
gnutls_sec_param_t param); gnutls_sec_param_t param);
unsigned int
gnutls_sec_param_to_symmetric_bits(gnutls_sec_param_t param);
/* Elliptic curves */ /* Elliptic curves */
const char *gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve); const char *gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve);
int gnutls_ecc_curve_get_size(gnutls_ecc_curve_t curve); int gnutls_ecc_curve_get_size(gnutls_ecc_curve_t curve);
gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session); gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
/* get information on the current session */ /* get information on the current session */
gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session); gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session);
gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session); gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session);
gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session); gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session);
skipping to change at line 1451 skipping to change at line 1459
mutex_deinit_func deinit, mutex_deinit_func deinit,
mutex_lock_func lock, mutex_lock_func lock,
mutex_unlock_func unlock); mutex_unlock_func unlock);
typedef void *(*gnutls_alloc_function) (size_t); typedef void *(*gnutls_alloc_function) (size_t);
typedef void *(*gnutls_calloc_function) (size_t, size_t); typedef void *(*gnutls_calloc_function) (size_t, size_t);
typedef int (*gnutls_is_secure_function) (const void *); typedef int (*gnutls_is_secure_function) (const void *);
typedef void (*gnutls_free_function) (void *); typedef void (*gnutls_free_function) (void *);
typedef void *(*gnutls_realloc_function) (void *, size_t); typedef void *(*gnutls_realloc_function) (void *, size_t);
void
gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func,
gnutls_alloc_function secure_alloc_func,
gnutls_is_secure_function is_secure_func,
gnutls_realloc_function realloc_func,
gnutls_free_function free_func);
void gnutls_global_set_time_function(gnutls_time_func time_func); void gnutls_global_set_time_function(gnutls_time_func time_func);
/* For use in callbacks */ /* For use in callbacks */
extern gnutls_alloc_function gnutls_malloc; extern gnutls_alloc_function gnutls_malloc;
extern gnutls_alloc_function gnutls_secure_malloc; extern gnutls_alloc_function gnutls_secure_malloc;
extern gnutls_realloc_function gnutls_realloc; extern gnutls_realloc_function gnutls_realloc;
extern gnutls_calloc_function gnutls_calloc; extern gnutls_calloc_function gnutls_calloc;
extern gnutls_free_function gnutls_free; extern gnutls_free_function gnutls_free;
extern char *(*gnutls_strdup) (const char *); extern char *(*gnutls_strdup) (const char *);
skipping to change at line 1674 skipping to change at line 1675
int gnutls_srp_base64_encode(const gnutls_datum_t * data, char *result, int gnutls_srp_base64_encode(const gnutls_datum_t * data, char *result,
size_t * result_size); size_t * result_size);
int gnutls_srp_base64_encode_alloc(const gnutls_datum_t * data, int gnutls_srp_base64_encode_alloc(const gnutls_datum_t * data,
gnutls_datum_t * result); gnutls_datum_t * result);
int gnutls_srp_base64_decode(const gnutls_datum_t * b64_data, char *result, int gnutls_srp_base64_decode(const gnutls_datum_t * b64_data, char *result,
size_t * result_size); size_t * result_size);
int gnutls_srp_base64_decode_alloc(const gnutls_datum_t * b64_data, int gnutls_srp_base64_decode_alloc(const gnutls_datum_t * b64_data,
gnutls_datum_t * result); gnutls_datum_t * result);
void
gnutls_srp_set_server_fake_salt_seed(gnutls_srp_server_credentials_t
sc,
const gnutls_datum_t * seed,
unsigned int salt_length);
/* PSK stuff */ /* PSK stuff */
typedef struct gnutls_psk_server_credentials_st typedef struct gnutls_psk_server_credentials_st
*gnutls_psk_server_credentials_t; *gnutls_psk_server_credentials_t;
typedef struct gnutls_psk_client_credentials_st typedef struct gnutls_psk_client_credentials_st
*gnutls_psk_client_credentials_t; *gnutls_psk_client_credentials_t;
/** /**
* gnutls_psk_key_flags: * gnutls_psk_key_flags:
* @GNUTLS_PSK_KEY_RAW: PSK-key in raw format. * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
* @GNUTLS_PSK_KEY_HEX: PSK-key in hex format. * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
skipping to change at line 1898 skipping to change at line 1905
time_t gnutls_certificate_activation_time_peers(gnutls_session_t session); time_t gnutls_certificate_activation_time_peers(gnutls_session_t session);
time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session); time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session);
int gnutls_certificate_client_get_request_status(gnutls_session_t session); int gnutls_certificate_client_get_request_status(gnutls_session_t session);
int gnutls_certificate_verify_peers2(gnutls_session_t session, int gnutls_certificate_verify_peers2(gnutls_session_t session,
unsigned int *status); unsigned int *status);
int gnutls_certificate_verify_peers3(gnutls_session_t session, int gnutls_certificate_verify_peers3(gnutls_session_t session,
const char *hostname, const char *hostname,
unsigned int *status); unsigned int *status);
/**
* gnutls_vdata_types_t:
* @GNUTLS_DT_UNKNOWN: Unknown data type.
* @GNUTLS_DT_DNS_HOSTNAME: The data contain a null-terminated DNS hostname
.
* @GNUTLS_DT_KEY_PURPOSE_OID: The data contain a null-terminated key purpo
se OID.
*
* Enumeration of different key exchange algorithms.
*/
typedef enum {
GNUTLS_DT_UNKNOWN = 0,
GNUTLS_DT_DNS_HOSTNAME = 1,
GNUTLS_DT_KEY_PURPOSE_OID = 2,
} gnutls_vdata_types_t;
typedef struct {
gnutls_vdata_types_t type;
unsigned char *data;
unsigned int size;
} gnutls_typed_vdata_st;
int
gnutls_certificate_verify_peers(gnutls_session_t session,
gnutls_typed_vdata_st * data,
unsigned int elements,
unsigned int *status);
int gnutls_certificate_verification_status_print(unsigned int status, int gnutls_certificate_verification_status_print(unsigned int status,
gnutls_certificate_type_t gnutls_certificate_type_t
type, type,
gnutls_datum_t * out, gnutls_datum_t * out,
unsigned int flags); unsigned int flags);
int gnutls_pem_base64_encode(const char *msg, const gnutls_datum_t * data, int gnutls_pem_base64_encode(const char *msg, const gnutls_datum_t * data,
char *result, size_t * result_size); char *result, size_t * result_size);
int gnutls_pem_base64_decode(const char *header, int gnutls_pem_base64_decode(const char *header,
const gnutls_datum_t * b64_data, const gnutls_datum_t * b64_data,
skipping to change at line 2083 skipping to change at line 2116
typedef int (*gnutls_pin_callback_t) (void *userdata, int attempt, typedef int (*gnutls_pin_callback_t) (void *userdata, int attempt,
const char *token_url, const char *token_url,
const char *token_label, const char *token_label,
unsigned int flags, unsigned int flags,
char *pin, size_t pin_max); char *pin, size_t pin_max);
void gnutls_certificate_set_pin_function(gnutls_certificate_credentials_t, void gnutls_certificate_set_pin_function(gnutls_certificate_credentials_t,
gnutls_pin_callback_t fn, gnutls_pin_callback_t fn,
void *userdata); void *userdata);
/* Self checking functions */
int gnutls_cipher_self_test(unsigned all, gnutls_cipher_algorithm_t cipher)
;
int gnutls_mac_self_test(unsigned all, gnutls_mac_algorithm_t mac);
int gnutls_digest_self_test(unsigned all, gnutls_digest_algorithm_t digest)
;
int gnutls_pk_self_test(unsigned all, gnutls_pk_algorithm_t pk);
/* FIPS140-2 related functions */
int gnutls_fips140_mode_enabled(void);
/* Gnutls error codes. The mapping to a TLS alert is also shown in /* Gnutls error codes. The mapping to a TLS alert is also shown in
* comments. * comments.
*/ */
#define GNUTLS_E_SUCCESS 0 #define GNUTLS_E_SUCCESS 0
#define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3 #define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
#define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6 #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
#define GNUTLS_E_LARGE_PACKET -7 #define GNUTLS_E_LARGE_PACKET -7
#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */ #define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */ #define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
skipping to change at line 2272 skipping to change at line 2314
#define GNUTLS_E_TPM_SRK_PASSWORD_ERROR -331 #define GNUTLS_E_TPM_SRK_PASSWORD_ERROR -331
#define GNUTLS_E_TPM_SESSION_ERROR -332 #define GNUTLS_E_TPM_SESSION_ERROR -332
#define GNUTLS_E_TPM_KEY_NOT_FOUND -333 #define GNUTLS_E_TPM_KEY_NOT_FOUND -333
#define GNUTLS_E_TPM_UNINITIALIZED -334 #define GNUTLS_E_TPM_UNINITIALIZED -334
#define GNUTLS_E_NO_CERTIFICATE_STATUS -340 #define GNUTLS_E_NO_CERTIFICATE_STATUS -340
#define GNUTLS_E_OCSP_RESPONSE_ERROR -341 #define GNUTLS_E_OCSP_RESPONSE_ERROR -341
#define GNUTLS_E_RANDOM_DEVICE_ERROR -342 #define GNUTLS_E_RANDOM_DEVICE_ERROR -342
#define GNUTLS_E_AUTH_ERROR -343 #define GNUTLS_E_AUTH_ERROR -343
#define GNUTLS_E_NO_APPLICATION_PROTOCOL -344 #define GNUTLS_E_NO_APPLICATION_PROTOCOL -344
#define GNUTLS_E_SOCKETS_INIT_ERROR -345
#define GNUTLS_E_SELF_TEST_ERROR -400
#define GNUTLS_E_NO_SELF_TEST -401
#define GNUTLS_E_LIB_IN_ERROR_STATE -402
#define GNUTLS_E_PK_GENERATION_ERROR -403
#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
#define GNUTLS_E_APPLICATION_ERROR_MAX -65000 #define GNUTLS_E_APPLICATION_ERROR_MAX -65000
#define GNUTLS_E_APPLICATION_ERROR_MIN -65500 #define GNUTLS_E_APPLICATION_ERROR_MIN -65500
/* *INDENT-OFF* */ /* *INDENT-OFF* */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 13 change blocks. 
13 lines changed or deleted 64 lines changed or added


 openpgp.h (3.2.21)   openpgp.h (3.3.0) 
skipping to change at line 113 skipping to change at line 113
int gnutls_openpgp_crt_get_version(gnutls_openpgp_crt_t key); int gnutls_openpgp_crt_get_version(gnutls_openpgp_crt_t key);
time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t key); time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t key);
time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t key); time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t key);
int gnutls_openpgp_crt_get_key_id(gnutls_openpgp_crt_t key, int gnutls_openpgp_crt_get_key_id(gnutls_openpgp_crt_t key,
gnutls_openpgp_keyid_t keyid); gnutls_openpgp_keyid_t keyid);
int gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t key, int gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t key,
const char *hostname); const char *hostname);
int gnutls_openpgp_crt_check_hostname2(gnutls_openpgp_crt_t key,
const char *hostname, unsigned int fla
gs);
int gnutls_openpgp_crt_get_revoked_status(gnutls_openpgp_crt_t key); int gnutls_openpgp_crt_get_revoked_status(gnutls_openpgp_crt_t key);
int gnutls_openpgp_crt_get_subkey_count(gnutls_openpgp_crt_t key); int gnutls_openpgp_crt_get_subkey_count(gnutls_openpgp_crt_t key);
int gnutls_openpgp_crt_get_subkey_idx(gnutls_openpgp_crt_t key, int gnutls_openpgp_crt_get_subkey_idx(gnutls_openpgp_crt_t key,
const gnutls_openpgp_keyid_t keyid); const gnutls_openpgp_keyid_t keyid);
int gnutls_openpgp_crt_get_subkey_revoked_status int gnutls_openpgp_crt_get_subkey_revoked_status
(gnutls_openpgp_crt_t key, unsigned int idx); (gnutls_openpgp_crt_t key, unsigned int idx);
gnutls_pk_algorithm_t gnutls_pk_algorithm_t
gnutls_openpgp_crt_get_subkey_pk_algorithm(gnutls_openpgp_crt_t gnutls_openpgp_crt_get_subkey_pk_algorithm(gnutls_openpgp_crt_t
 End of changes. 1 change blocks. 
0 lines changed or deleted 3 lines changed or added


 pkcs11.h (3.2.21)   pkcs11.h (3.3.0) 
skipping to change at line 139 skipping to change at line 139
gnutls_datum_t * out); gnutls_datum_t * out);
int gnutls_pkcs11_obj_export3(gnutls_pkcs11_obj_t obj, gnutls_x509_crt_fmt_ t fmt, int gnutls_pkcs11_obj_export3(gnutls_pkcs11_obj_t obj, gnutls_x509_crt_fmt_ t fmt,
gnutls_datum_t * out); gnutls_datum_t * out);
int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert, int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert,
gnutls_datum_t * issuer, gnutls_datum_t * issuer,
gnutls_x509_crt_fmt_t fmt, gnutls_x509_crt_fmt_t fmt,
unsigned int flags); unsigned int flags);
int gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
unsigned int flags);
int gnutls_pkcs11_copy_x509_crt(const char *token_url, int gnutls_pkcs11_copy_x509_crt(const char *token_url,
gnutls_x509_crt_t crt, gnutls_x509_crt_t crt,
const char *label, unsigned int flags const char *label, unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ ); /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_pkcs11_copy_x509_privkey(const char *token_url, int gnutls_pkcs11_copy_x509_privkey(const char *token_url,
gnutls_x509_privkey_t key, gnutls_x509_privkey_t key,
const char *label, const char *label,
unsigned int key_usage unsigned int key_usage
/*GNUTLS_KEY_* */ , /*GNUTLS_KEY_* */ ,
unsigned int flags unsigned int flags
 End of changes. 1 change blocks. 
0 lines changed or deleted 3 lines changed or added


 x509.h (3.2.21)   x509.h (3.3.0) 
skipping to change at line 90 skipping to change at line 90
#define GNUTLS_KP_IPSEC_IKE "1.3.6.1.5.5.7.3.17" #define GNUTLS_KP_IPSEC_IKE "1.3.6.1.5.5.7.3.17"
#define GNUTLS_KP_ANY "2.5.29.37.0" #define GNUTLS_KP_ANY "2.5.29.37.0"
#define GNUTLS_OID_AIA "1.3.6.1.5.5.7.1.1" #define GNUTLS_OID_AIA "1.3.6.1.5.5.7.1.1"
#define GNUTLS_OID_AD_OCSP "1.3.6.1.5.5.7.48.1" #define GNUTLS_OID_AD_OCSP "1.3.6.1.5.5.7.48.1"
#define GNUTLS_OID_AD_CAISSUERS "1.3.6.1.5.5.7.48.2" #define GNUTLS_OID_AD_CAISSUERS "1.3.6.1.5.5.7.48.2"
#define GNUTLS_FSAN_SET 0 #define GNUTLS_FSAN_SET 0
#define GNUTLS_FSAN_APPEND 1 #define GNUTLS_FSAN_APPEND 1
#define GNUTLS_X509EXT_OID_SUBJECT_KEY_ID "2.5.29.14"
#define GNUTLS_X509EXT_OID_KEY_USAGE "2.5.29.15"
#define GNUTLS_X509EXT_OID_PRIVATE_KEY_USAGE_PERIOD "2.5.29.16"
#define GNUTLS_X509EXT_OID_SAN "2.5.29.17"
#define GNUTLS_X509EXT_OID_IAN "2.5.29.18"
#define GNUTLS_X509EXT_OID_BASIC_CONSTRAINTS "2.5.29.19"
#define GNUTLS_X509EXT_OID_NAME_CONSTRAINTS "2.5.29.30"
#define GNUTLS_X509EXT_OID_CRL_DIST_POINTS "2.5.29.31"
#define GNUTLS_X509EXT_OID_CRT_POLICY "2.5.29.32"
#define GNUTLS_X509EXT_OID_AUTHORITY_KEY_ID "2.5.29.35"
#define GNUTLS_X509EXT_OID_EXTENDED_KEY_USAGE "2.5.29.37"
#define GNUTLS_X509EXT_OID_AUTHORITY_INFO_ACCESS "1.3.6.1.5.5.7.1.1"
#define GNUTLS_X509EXT_OID_PROXY_CRT_INFO "1.3.6.1.5.5.7.1.14"
/* Certificate handling functions. /* Certificate handling functions.
*/ */
/** /**
* gnutls_certificate_import_flags: * gnutls_certificate_import_flags:
* @GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED: Fail if the * @GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED: Fail if the
* certificates in the buffer are more than the space allocated for * certificates in the buffer are more than the space allocated for
* certificates. The error code will be %GNUTLS_E_SHORT_MEMORY_BUFFER. * certificates. The error code will be %GNUTLS_E_SHORT_MEMORY_BUFFER.
* @GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: Fail if the certificates * @GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: Fail if the certificates
* in the buffer are not ordered starting from subject to issuer. * in the buffer are not ordered starting from subject to issuer.
skipping to change at line 160 skipping to change at line 174
size_t * buf_size); size_t * buf_size);
int gnutls_x509_crt_get_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn); int gnutls_x509_crt_get_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn);
int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, int indx, int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, int indx,
void *oid, size_t * oid_size); void *oid, size_t * oid_size);
int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert,
const char *oid, int indx, const char *oid, int indx,
unsigned int raw_flag, void *buf, unsigned int raw_flag, void *buf,
size_t * buf_size); size_t * buf_size);
int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert, int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert,
const char *hostname); const char *hostname);
int gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
const char *hostname, unsigned int flags
);
int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert); int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert);
int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert,
char *sig, size_t * sizeof_sig); char *sig, size_t * sizeof_sig);
int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert);
int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt,
unsigned int flags, unsigned int flags,
unsigned char *output_data, unsigned char *output_data,
size_t * output_data_size); size_t * output_data_size);
skipping to change at line 224 skipping to change at line 240
* *
* Enumeration of types for the @what parameter of * Enumeration of types for the @what parameter of
* gnutls_x509_crt_get_authority_info_access(). * gnutls_x509_crt_get_authority_info_access().
*/ */
typedef enum gnutls_info_access_what_t { typedef enum gnutls_info_access_what_t {
GNUTLS_IA_ACCESSMETHOD_OID = 1, GNUTLS_IA_ACCESSMETHOD_OID = 1,
GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE = 2, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE = 2,
/* use 100-108 for the generalName types, populate as needed */ /* use 100-108 for the generalName types, populate as needed */
GNUTLS_IA_URI = 106, GNUTLS_IA_URI = 106,
/* quick-access variants that match both OID and name type. */ /* quick-access variants that match both OID and name type. */
GNUTLS_IA_UNKNOWN = 10000,
GNUTLS_IA_OCSP_URI = 10006, GNUTLS_IA_OCSP_URI = 10006,
GNUTLS_IA_CAISSUERS_URI = 10106 GNUTLS_IA_CAISSUERS_URI = 10106
} gnutls_info_access_what_t; } gnutls_info_access_what_t;
int gnutls_x509_crt_get_authority_info_access(gnutls_x509_crt_t int gnutls_x509_crt_get_authority_info_access(gnutls_x509_crt_t
crt, crt,
unsigned int seq, unsigned int seq,
int what, int what,
gnutls_datum_t * gnutls_datum_t *
data, unsigned int data, unsigned int
*critical); *critical);
typedef struct gnutls_name_constraints_st *gnutls_x509_name_constraints_t;
unsigned gnutls_x509_name_constraints_check(gnutls_x509_name_constraints_t
nc,
gnutls_x509_subject_alt_name_t type,
const gnutls_datum_t * name);
unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraint
s_t nc,
gnutls_x509_subject_alt_name_t type,
gnutls_x509_crt_t crt);
int gnutls_x509_name_constraints_init(gnutls_x509_name_constraints_t *nc);
void gnutls_x509_name_constraints_deinit(gnutls_x509_name_constraints_t nc)
;
#define GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND 1
int gnutls_x509_crt_get_name_constraints(gnutls_x509_crt_t crt,
gnutls_x509_name_constraints_t nc,
unsigned int flags,
unsigned int *critical);
int gnutls_x509_name_constraints_add_permitted(gnutls_x509_name_constraints
_t nc,
gnutls_x509_subject_alt_name_
t type,
const gnutls_datum_t * name);
int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_
t nc,
gnutls_x509_subject_alt_name_t
type,
const gnutls_datum_t * name);
int gnutls_x509_crt_set_name_constraints(gnutls_x509_crt_t crt,
gnutls_x509_name_constraints_t nc,
unsigned int critical);
int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints
_t nc,
unsigned idx,
unsigned *type, gnutls_datum_t * name);
int gnutls_x509_name_constraints_get_excluded(gnutls_x509_name_constraints_
t nc,
unsigned idx,
unsigned *type, gnutls_datum_t * name);
#define GNUTLS_CRL_REASON_SUPERSEEDED GNUTLS_CRL_REASON_SUPERSEDED, #define GNUTLS_CRL_REASON_SUPERSEEDED GNUTLS_CRL_REASON_SUPERSEDED,
/** /**
* gnutls_x509_crl_reason_flags_t: * gnutls_x509_crl_reason_flags_t:
* @GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN: The privileges were withdrawn from the owner. * @GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN: The privileges were withdrawn from the owner.
* @GNUTLS_CRL_REASON_CERTIFICATE_HOLD: The certificate is on hold. * @GNUTLS_CRL_REASON_CERTIFICATE_HOLD: The certificate is on hold.
* @GNUTLS_CRL_REASON_CESSATION_OF_OPERATION: The end-entity is no longer operating. * @GNUTLS_CRL_REASON_CESSATION_OF_OPERATION: The end-entity is no longer operating.
* @GNUTLS_CRL_REASON_SUPERSEDED: There is a newer certificate of the own er. * @GNUTLS_CRL_REASON_SUPERSEDED: There is a newer certificate of the own er.
* @GNUTLS_CRL_REASON_AFFILIATION_CHANGED: The end-entity affiliation has changed. * @GNUTLS_CRL_REASON_AFFILIATION_CHANGED: The end-entity affiliation has changed.
* @GNUTLS_CRL_REASON_CA_COMPROMISE: The CA was compromised. * @GNUTLS_CRL_REASON_CA_COMPROMISE: The CA was compromised.
* @GNUTLS_CRL_REASON_KEY_COMPROMISE: The certificate's key was compromis ed. * @GNUTLS_CRL_REASON_KEY_COMPROMISE: The certificate's key was compromis ed.
skipping to change at line 395 skipping to change at line 445
gnutls_x509_qualifier_t type; gnutls_x509_qualifier_t type;
char *data; char *data;
unsigned int size; unsigned int size;
} qualifier[GNUTLS_MAX_QUALIFIERS]; } qualifier[GNUTLS_MAX_QUALIFIERS];
} gnutls_x509_policy_st; } gnutls_x509_policy_st;
void gnutls_x509_policy_release(struct gnutls_x509_policy_st void gnutls_x509_policy_release(struct gnutls_x509_policy_st
*policy); *policy);
int gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, int indx, struct gnut ls_x509_policy_st int gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, int indx, struct gnut ls_x509_policy_st
*policy, unsigned int *critical); *policy, unsigned int *critical);
int gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt, struct gnutls_x509_po licy_st int gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt, const struct gnutls_x 509_policy_st
*policy, unsigned int critical); *policy, unsigned int critical);
int gnutls_x509_dn_oid_known(const char *oid); int gnutls_x509_dn_oid_known(const char *oid);
#define GNUTLS_X509_DN_OID_RETURN_OID 1 #define GNUTLS_X509_DN_OID_RETURN_OID 1
const char *gnutls_x509_dn_oid_name(const char *oid, unsigned int flags); const char *gnutls_x509_dn_oid_name(const char *oid, unsigned int flags);
/* Read extensions by OID. */ /* Read extensions by OID. */
int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert,
int indx, void *oid, int indx, void *oid,
skipping to change at line 421 skipping to change at line 471
unsigned int *critical); unsigned int *critical);
/* Read extensions by sequence number. */ /* Read extensions by sequence number. */
int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert,
int indx, void *oid, int indx, void *oid,
size_t * oid_size, size_t * oid_size,
unsigned int *critical); unsigned int *critical);
int gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, int gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert,
int indx, void *data, int indx, void *data,
size_t * sizeof_data); size_t * sizeof_data);
int
gnutls_x509_crt_get_extension_data2(gnutls_x509_crt_t cert,
unsigned indx, gnutls_datum_t * data);
int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt, int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt,
const char *oid, const char *oid,
const void *buf, const void *buf,
size_t sizeof_buf, size_t sizeof_buf,
unsigned int critical); unsigned int critical);
/* X.509 Certificate writing. /* X.509 Certificate writing.
*/ */
int gnutls_x509_crt_set_dn(gnutls_x509_crt_t crt, const char *dn, int gnutls_x509_crt_set_dn(gnutls_x509_crt_t crt, const char *dn,
skipping to change at line 464 skipping to change at line 517
int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t
crt, crt,
gnutls_x509_subject_alt_nam e_t gnutls_x509_subject_alt_nam e_t
type, const char type, const char
*data_string); *data_string);
int gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t crt, int gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t crt,
gnutls_x509_subject_alt_name_t gnutls_x509_subject_alt_name_t
type, const void *data, type, const void *data,
unsigned int data_size, unsigned int data_size,
unsigned int flags); unsigned int flags);
int gnutls_x509_crt_set_issuer_alt_name(gnutls_x509_crt_t crt,
gnutls_x509_subject_alt_name_t
type, const void *data,
unsigned int data_size,
unsigned int flags);
int gnutls_x509_crt_sign(gnutls_x509_crt_t crt, int gnutls_x509_crt_sign(gnutls_x509_crt_t crt,
gnutls_x509_crt_t issuer, gnutls_x509_crt_t issuer,
gnutls_x509_privkey_t issuer_key); gnutls_x509_privkey_t issuer_key);
int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt,
gnutls_x509_crt_t issuer, gnutls_x509_crt_t issuer,
gnutls_x509_privkey_t issuer_key, gnutls_x509_privkey_t issuer_key,
gnutls_digest_algorithm_t dig, gnutls_digest_algorithm_t dig,
unsigned int flags); unsigned int flags);
int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert, int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert,
time_t act_time); time_t act_time);
skipping to change at line 652 skipping to change at line 712
size_t * sizeof_oid); size_t * sizeof_oid);
int gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl, int gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl,
int indx, void *oid, int indx, void *oid,
size_t * sizeof_oid, size_t * sizeof_oid,
unsigned int *critical); unsigned int *critical);
int gnutls_x509_crl_get_extension_data(gnutls_x509_crl_t crl, int gnutls_x509_crl_get_extension_data(gnutls_x509_crl_t crl,
int indx, void *data, int indx, void *data,
size_t * sizeof_data); size_t * sizeof_data);
int
gnutls_x509_crl_get_extension_data2(gnutls_x509_crl_t crl,
unsigned indx, gnutls_datum_t * data);
int gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t crl, int gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t crl,
const void *id, size_t id_size); const void *id, size_t id_size);
int gnutls_x509_crl_set_number(gnutls_x509_crl_t crl, int gnutls_x509_crl_set_number(gnutls_x509_crl_t crl,
const void *nr, size_t nr_size); const void *nr, size_t nr_size);
/* PKCS7 structures handling /* PKCS7 structures handling
*/ */
struct gnutls_pkcs7_int; struct gnutls_pkcs7_int;
skipping to change at line 704 skipping to change at line 767
/* X.509 Certificate verification functions. /* X.509 Certificate verification functions.
*/ */
/** /**
* gnutls_certificate_verify_flags: * gnutls_certificate_verify_flags:
* @GNUTLS_VERIFY_DISABLE_CA_SIGN: If set a signer does not have to be * @GNUTLS_VERIFY_DISABLE_CA_SIGN: If set a signer does not have to be
* a certificate authority. This flag should normally be disabled, * a certificate authority. This flag should normally be disabled,
* unless you know what this means. * unless you know what this means.
* @GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: If set a signer in the trust ed * @GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: If set a signer in the trust ed
* list is never checked for expiration or activation. * list is never checked for expiration or activation.
* @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow trusted CA certificates
* with version 1. This is safer than %GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA
_CRT,
* and should be used instead. That way only signers in your trusted list
* will be allowed to have certificates of version 1. This is the default
.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA * @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA
* certificates that have version 1. This option is to be used * certificates that have version 1. This option is to be used
* to deprecate all certificates of version 1. * to deprecate all certificates of version 1.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by * @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by
* anyone trusted but exists in the trusted CA list do not treat it * anyone trusted but exists in the trusted CA list do not treat it
* as trusted. * as trusted.
* @GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN: A certificate chain is tolerated * @GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN: A certificate chain is tolerated
* if unsorted (the case with many TLS servers out there). This is the * if unsorted (the case with many TLS servers out there). This is the
* default since GnuTLS 3.1.4. * default since GnuTLS 3.1.4.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Do not tolerate an unsorted * @GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Do not tolerate an unsorted
* certificate chain. * certificate chain.
* @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that * @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that
* have version 1 (both root and intermediate). This might be * have version 1 (both root and intermediate). This might be
* dangerous since those haven't the basicConstraints * dangerous since those haven't the basicConstraints
* extension. Must be used in combination with * extension.
* %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.
* @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed
* using the broken MD2 algorithm. * using the broken MD2 algorithm.
* @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed
* using the broken MD5 algorithm. * using the broken MD5 algorithm.
* @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation * @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation
* and expiration validity periods of certificate chains. Don't set * and expiration validity periods of certificate chains. Don't set
* this unless you understand the security implications. * this unless you understand the security implications.
* @GNUTLS_VERIFY_DISABLE_CRL_CHECKS: Disable checking for validity * @GNUTLS_VERIFY_DISABLE_CRL_CHECKS: Disable checking for validity
* using certificate revocation lists or the available OCSP data. * using certificate revocation lists or the available OCSP data.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS: When including a hostname
* check in the verification, do not consider any wildcards.
* *
* Enumeration of different certificate verify flags. * Enumeration of different certificate verify flags. Additional
* verification profiles can be set using GNUTLS_PROFILE_TO_VFLAGS()
* and %gnutls_certificate_verification_profiles_t.
*/ */
typedef enum gnutls_certificate_verify_flags { typedef enum gnutls_certificate_verify_flags {
GNUTLS_VERIFY_DISABLE_CA_SIGN = 1 << 0, GNUTLS_VERIFY_DISABLE_CA_SIGN = 1 << 0,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 1 << 1,
GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1 << 2, GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1 << 2,
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1 << 3, GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1 << 3,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1 << 4, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1 << 4,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1 << 5, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1 << 5,
GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1 << 6, GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1 << 6,
GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1 << 7, GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1 << 7,
GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1 << 8, GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1 << 8,
GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1 << 9, GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1 << 9,
GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1 << 10, GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1 << 10,
GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1 << 11, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1 << 11,
GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS = 1 << 12,
} gnutls_certificate_verify_flags; } gnutls_certificate_verify_flags;
/**
* gnutls_certificate_verification_profiles_t:
* @GNUTLS_PROFILE_LOW: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_LOW (80 bits)
* @GNUTLS_PROFILE_LEGACY: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_LEGACY (96 bits)
* @GNUTLS_PROFILE_MEDIUM: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_MEDIUM (112 bits)
* @GNUTLS_PROFILE_HIGH: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_HIGH (128 bits)
* @GNUTLS_PROFILE_ULTRA: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_ULTRA (256 bits)
% * @GNUTLS_PROFILE_SUITEB128: A verification profile that
* applies the SUITEB128 rules
* @GNUTLS_PROFILE_SUITEB192: A verification profile that
* applies the SUITEB192 rules
*
* Enumeration of different certificate verification profiles.
*/
typedef enum gnutls_certificate_verification_profiles_t {
GNUTLS_PROFILE_LOW = 2,
GNUTLS_PROFILE_LEGACY = 4,
GNUTLS_PROFILE_MEDIUM = 5,
GNUTLS_PROFILE_HIGH = 6,
GNUTLS_PROFILE_ULTRA = 7,
GNUTLS_PROFILE_SUITEB128=32,
GNUTLS_PROFILE_SUITEB192=33,
/*GNUTLS_PROFILE_MAX=255*/
} gnutls_certificate_verification_profiles_t;
#define GNUTLS_PROFILE_TO_VFLAGS(x) \
(((unsigned)x)<<24)
#define GNUTLS_VFLAGS_PROFILE_MASK (0xff000000)
#define GNUTLS_VFLAGS_TO_PROFILE(x) \
((((unsigned)x)>>24)&0xff)
int gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert, int gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert,
gnutls_x509_crt_t issuer); gnutls_x509_crt_t issuer);
int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t *
cert_list, int cert_list_length, cert_list, int cert_list_length,
const gnutls_x509_crt_t * CA_list, const gnutls_x509_crt_t * CA_list,
int CA_list_length, int CA_list_length,
const gnutls_x509_crl_t * CRL_list, const gnutls_x509_crl_t * CRL_list,
int CRL_list_length, int CRL_list_length,
unsigned int flags, unsigned int *verify); unsigned int flags, unsigned int *verify);
skipping to change at line 1039 skipping to change at line 1140
const void *oid, const void *oid,
unsigned int critical); unsigned int critical);
int gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq, int gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq,
int indx, void *oid, int indx, void *oid,
size_t * sizeof_oid, size_t * sizeof_oid,
unsigned int *critical); unsigned int *critical);
int gnutls_x509_crq_get_extension_data(gnutls_x509_crq_t crq, int gnutls_x509_crq_get_extension_data(gnutls_x509_crq_t crq,
int indx, void *data, int indx, void *data,
size_t * sizeof_data); size_t * sizeof_data);
int
gnutls_x509_crq_get_extension_data2(gnutls_x509_crq_t crq,
unsigned indx,
gnutls_datum_t * data);
int gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq, int gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq,
int indx, void *oid, int indx, void *oid,
size_t * sizeof_oid, size_t * sizeof_oid,
unsigned int *critical); unsigned int *critical);
int gnutls_x509_crq_get_attribute_data(gnutls_x509_crq_t crq, int gnutls_x509_crq_get_attribute_data(gnutls_x509_crq_t crq,
int indx, void *data, int indx, void *data,
size_t * sizeof_data); size_t * sizeof_data);
int gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t crq, int gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t crq,
int indx, void *oid, int indx, void *oid,
size_t * sizeof_oid); size_t * sizeof_oid);
skipping to change at line 1099 skipping to change at line 1204
void void
gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list, gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list,
unsigned int all); unsigned int all);
int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t
list, gnutls_x509_crt_t cert, list, gnutls_x509_crt_t cert,
gnutls_x509_crt_t * issuer, gnutls_x509_crt_t * issuer,
unsigned int flags); unsigned int flags);
#define GNUTLS_TL_VERIFY_CRL 1
#define GNUTLS_TL_USE_IN_TLS (1<<1)
int int
gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list, gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list,
const gnutls_x509_crt_t * clist, const gnutls_x509_crt_t * clist,
int clist_size, unsigned int flags); int clist_size, unsigned int flags);
int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t
list, list,
const gnutls_x509_crt_t * const gnutls_x509_crt_t *
clist, int clist_size); clist, int clist_size);
int gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t int gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t
list, list,
gnutls_x509_crt_t cert, gnutls_x509_crt_t cert,
const void *name, const void *name,
size_t name_size, size_t name_size,
unsigned int flags); unsigned int flags);
#define GNUTLS_TL_VERIFY_CRL 1
int int
gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list,
const gnutls_x509_crl_t * const gnutls_x509_crl_t *
crl_list, int crl_size, crl_list, int crl_size,
unsigned int flags, unsigned int flags,
unsigned int verification_flags); unsigned int verification_flags);
typedef int gnutls_verify_output_function(gnutls_x509_crt_t cert, gnutls_x5 09_crt_t issuer, /* The issuer if verification failed typedef int gnutls_verify_output_function(gnutls_x509_crt_t cert, gnutls_x5 09_crt_t issuer, /* The issuer if verification failed
* because of him. might be null. * because of him. might be null.
*/ */
 End of changes. 18 change blocks. 
12 lines changed or deleted 126 lines changed or added

This html diff was produced by rfcdiff 1.41.The latest version is available from http://tools.ietf.org/tools/rfcdiff/