ABI
Tracker

(GnuTLS)



Headers diff: 3.4.1 vs 3.4.2



 abstract.h (3.4.1)   abstract.h (3.4.2) 
skipping to change at line 43 skipping to change at line 43
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/* *INDENT-ON* */ /* *INDENT-ON* */
/* Public key operations */ /* Public key operations */
#define GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RS A #define GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RS A
/** /**
* gnutls_pubkey_flags: * gnutls_pubkey_flags:
* @GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA: This indicates that a (raw) RSA sig
nature is provided
* as in the TLS 1.0 protocol.
* @GNUTLS_PUBKEY_DISABLE_CALLBACKS: The following flag disables call to PI N callbacks. Only * @GNUTLS_PUBKEY_DISABLE_CALLBACKS: The following flag disables call to PI N callbacks. Only
* relevant to TPM keys. * relevant to TPM keys.
* @GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT: request an OPENPGP fingerprint i nstead of the default. * @GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT: request an OPENPGP fingerprint i nstead of the default.
* *
* Enumeration of different certificate import flags. * Enumeration of different certificate import flags.
*/ */
typedef enum gnutls_pubkey_flags { typedef enum gnutls_pubkey_flags {
GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA = 1,
GNUTLS_PUBKEY_DISABLE_CALLBACKS = 1 << 2, GNUTLS_PUBKEY_DISABLE_CALLBACKS = 1 << 2,
GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT = 1 << 3 GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT = 1 << 3
} gnutls_pubkey_flags_t; } gnutls_pubkey_flags_t;
#define GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA GNUTLS_VERIFY_USE_TLS1_RSA
typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key, typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key,
void *userdata, void *userdata,
const gnutls_datum_t * const gnutls_datum_t *
raw_data, raw_data,
gnutls_datum_t * signature); gnutls_datum_t * signature);
typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key, typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key,
void *userdata, void *userdata,
const gnutls_datum_t * const gnutls_datum_t *
ciphertext, ciphertext,
gnutls_datum_t * plaintext); gnutls_datum_t * plaintext);
 End of changes. 3 change blocks. 
4 lines changed or deleted 2 lines changed or added


 compat.h (3.4.1)   compat.h (3.4.2) 
skipping to change at line 176 skipping to change at line 176
int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key,
const gnutls_datum_t * hash, const gnutls_datum_t * hash,
gnutls_datum_t * signature) gnutls_datum_t * signature)
_GNUTLS_GCC_ATTR_DEPRECATED; _GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key, int gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key,
const gnutls_datum_t * hash, const gnutls_datum_t * hash,
gnutls_datum_t * signature) gnutls_datum_t * signature)
_GNUTLS_GCC_ATTR_DEPRECATED; _GNUTLS_GCC_ATTR_DEPRECATED;
/* we support the gnutls_privkey_sign_data() instead.
*/
int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key,
gnutls_digest_algorithm_t digest,
unsigned int flags,
const gnutls_datum_t * data,
void *signature,
size_t * signature_size)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* gnutls_pubkey_get_preferred_hash_algorithm() */ /* gnutls_pubkey_get_preferred_hash_algorithm() */
int gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t int gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t
crt, crt,
gnutls_digest_algorithm_t gnutls_digest_algorithm_t
* hash, unsigned int * hash, unsigned int
*mand) *mand)
_GNUTLS_GCC_ATTR_DEPRECATED; _GNUTLS_GCC_ATTR_DEPRECATED;
/* gnutls_x509_crq_privkey_sign() */ /* gnutls_x509_crq_privkey_sign() */
int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, int gnutls_x509_crq_sign(gnutls_x509_crq_t crq,
skipping to change at line 241 skipping to change at line 231
} }
#endif #endif
void void
gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func, gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func,
gnutls_alloc_function secure_alloc_func, gnutls_alloc_function secure_alloc_func,
gnutls_is_secure_function is_secure_func, gnutls_is_secure_function is_secure_func,
gnutls_realloc_function realloc_func, gnutls_realloc_function realloc_func,
gnutls_free_function free_func) _GNUTLS_GCC_ ATTR_DEPRECATED; gnutls_free_function free_func) _GNUTLS_GCC_ ATTR_DEPRECATED;
/* defined in old headers - unused nevertheless */
#define GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA 0
/* *INDENT-OFF* */ /* *INDENT-OFF* */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
/* *INDENT-ON* */ /* *INDENT-ON* */
#endif /* _GNUTLS_COMPAT_H */ #endif /* _GNUTLS_COMPAT_H */
 End of changes. 2 change blocks. 
10 lines changed or deleted 3 lines changed or added


 gnutls.h (3.4.1)   gnutls.h (3.4.2) 
skipping to change at line 56 skipping to change at line 56
#endif #endif
/* Get time_t. */ /* Get time_t. */
#include <time.h> #include <time.h>
/* *INDENT-OFF* */ /* *INDENT-OFF* */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/* *INDENT-ON* */ /* *INDENT-ON* */
#define GNUTLS_VERSION "3.4.1" #define GNUTLS_VERSION "3.4.2"
#define GNUTLS_VERSION_MAJOR 3 #define GNUTLS_VERSION_MAJOR 3
#define GNUTLS_VERSION_MINOR 4 #define GNUTLS_VERSION_MINOR 4
#define GNUTLS_VERSION_PATCH 1 #define GNUTLS_VERSION_PATCH 2
#define GNUTLS_VERSION_NUMBER 0x030401 #define GNUTLS_VERSION_NUMBER 0x030402
#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
#if !defined(GNUTLS_INTERNAL_BUILD) && defined(_WIN32) #if !defined(GNUTLS_INTERNAL_BUILD) && defined(_WIN32)
# define _SYM_EXPORT __declspec(dllimport) # define _SYM_EXPORT __declspec(dllimport)
#else #else
# define _SYM_EXPORT # define _SYM_EXPORT
skipping to change at line 323 skipping to change at line 323
GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE
} gnutls_compression_method_t; } gnutls_compression_method_t;
/* /*
* Flags for gnutls_init() * Flags for gnutls_init()
* *
* @GNUTLS_SERVER: Connection end is a server. * @GNUTLS_SERVER: Connection end is a server.
* @GNUTLS_CLIENT: Connection end is a client. * @GNUTLS_CLIENT: Connection end is a client.
* @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS). * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
* @GNUTLS_NONBLOCK: Connection should not block. * @GNUTLS_NONBLOCK: Connection should not block.
* @GNUTLS_NO_SIGNAL: In systems where SIGPIPE is delivered on send, it w ill be disabled. That flag has effect in systems which support the MSG_NOSI GNAL sockets flag.
* @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default. * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default.
* @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS. * @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS.
* *
*/ */
#define GNUTLS_SERVER 1 #define GNUTLS_SERVER 1
#define GNUTLS_CLIENT (1<<1) #define GNUTLS_CLIENT (1<<1)
#define GNUTLS_DATAGRAM (1<<2) #define GNUTLS_DATAGRAM (1<<2)
#define GNUTLS_NONBLOCK (1<<3) #define GNUTLS_NONBLOCK (1<<3)
#define GNUTLS_NO_EXTENSIONS (1<<4) #define GNUTLS_NO_EXTENSIONS (1<<4)
#define GNUTLS_NO_REPLAY_PROTECTION (1<<5) #define GNUTLS_NO_REPLAY_PROTECTION (1<<5)
#define GNUTLS_NO_SIGNAL (1<<6)
/** /**
* gnutls_alert_level_t: * gnutls_alert_level_t:
* @GNUTLS_AL_WARNING: Alert of warning severity. * @GNUTLS_AL_WARNING: Alert of warning severity.
* @GNUTLS_AL_FATAL: Alert of fatal severity. * @GNUTLS_AL_FATAL: Alert of fatal severity.
* *
* Enumeration of different TLS alert severities. * Enumeration of different TLS alert severities.
*/ */
typedef enum { typedef enum {
GNUTLS_AL_WARNING = 1, GNUTLS_AL_WARNING = 1,
skipping to change at line 2440 skipping to change at line 2442
#define GNUTLS_E_HANDSHAKE_TOO_LARGE -210 #define GNUTLS_E_HANDSHAKE_TOO_LARGE -210
#define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211 #define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211
#define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212 #define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212
#define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213 #define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
#define GNUTLS_E_BAD_COOKIE -214 #define GNUTLS_E_BAD_COOKIE -214
#define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215 #define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
#define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216 #define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216
#define GNUTLS_E_INSUFFICIENT_SECURITY -217
#define GNUTLS_E_HEARTBEAT_PONG_RECEIVED -292 #define GNUTLS_E_HEARTBEAT_PONG_RECEIVED -292
#define GNUTLS_E_HEARTBEAT_PING_RECEIVED -293 #define GNUTLS_E_HEARTBEAT_PING_RECEIVED -293
/* PKCS11 related */ /* PKCS11 related */
#define GNUTLS_E_PKCS11_ERROR -300 #define GNUTLS_E_PKCS11_ERROR -300
#define GNUTLS_E_PKCS11_LOAD_ERROR -301 #define GNUTLS_E_PKCS11_LOAD_ERROR -301
#define GNUTLS_E_PARSING_ERROR -302 #define GNUTLS_E_PARSING_ERROR -302
#define GNUTLS_E_PKCS11_PIN_ERROR -303 #define GNUTLS_E_PKCS11_PIN_ERROR -303
 End of changes. 6 change blocks. 
3 lines changed or deleted 6 lines changed or added


 pkcs11.h (3.4.1)   pkcs11.h (3.4.2) 
skipping to change at line 189 skipping to change at line 189
int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert, int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert,
gnutls_datum_t * issuer, gnutls_datum_t * issuer,
gnutls_x509_crt_fmt_t fmt, gnutls_x509_crt_fmt_t fmt,
unsigned int flags); unsigned int flags);
int gnutls_pkcs11_get_raw_issuer_by_dn (const char *url, const gnutls_datum _t *dn, int gnutls_pkcs11_get_raw_issuer_by_dn (const char *url, const gnutls_datum _t *dn,
gnutls_datum_t *issuer, gnutls_datum_t *issuer,
gnutls_x509_crt_fmt_t fmt, gnutls_x509_crt_fmt_t fmt,
unsigned int flags); unsigned int flags);
int gnutls_pkcs11_get_raw_issuer_by_subject_key_id (const char *url,
const gnutls_datum_t *dn,
const gnutls_datum_t *spki,
gnutls_datum_t *issuer,
gnutls_x509_crt_fmt_t fmt,
unsigned int flags);
int gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert, int gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
unsigned int flags); unsigned int flags);
#if 0 #if 0
/* for documentation */ /* for documentation */
int gnutls_pkcs11_copy_x509_crt(const char *token_url, int gnutls_pkcs11_copy_x509_crt(const char *token_url,
gnutls_x509_crt_t crt, gnutls_x509_crt_t crt,
const char *label, unsigned int flags const char *label, unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ ); /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
 End of changes. 1 change blocks. 
0 lines changed or deleted 7 lines changed or added


 x509.h (3.4.1)   x509.h (3.4.2) 
skipping to change at line 615 skipping to change at line 615
int gnutls_x509_rdn_get(const gnutls_datum_t * idn, int gnutls_x509_rdn_get(const gnutls_datum_t * idn,
char *buf, size_t * sizeof_buf); char *buf, size_t * sizeof_buf);
int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn,
int indx, void *buf, size_t * sizeof_buf); int indx, void *buf, size_t * sizeof_buf);
int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn,
const char *oid, int indx, const char *oid, int indx,
unsigned int raw_flag, void *buf, unsigned int raw_flag, void *buf,
size_t * sizeof_buf); size_t * sizeof_buf);
typedef void *gnutls_x509_dn_t; typedef struct gnutls_x509_dn_st *gnutls_x509_dn_t;
typedef struct gnutls_x509_ava_st { typedef struct gnutls_x509_ava_st {
gnutls_datum_t oid; gnutls_datum_t oid;
gnutls_datum_t value; gnutls_datum_t value;
unsigned long value_tag; unsigned long value_tag;
} gnutls_x509_ava_st; } gnutls_x509_ava_st;
int gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert, int gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert,
gnutls_x509_dn_t * dn); gnutls_x509_dn_t * dn);
int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert, int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert,
gnutls_x509_dn_t * dn); gnutls_x509_dn_t * dn);
int gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, int irdn, int gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, int irdn,
int iava, gnutls_x509_ava_st * ava); int iava, gnutls_x509_ava_st * ava);
int gnutls_x509_dn_get_str(gnutls_x509_dn_t dn, gnutls_datum_t *str);
int gnutls_x509_dn_init(gnutls_x509_dn_t * dn); int gnutls_x509_dn_init(gnutls_x509_dn_t * dn);
int gnutls_x509_dn_import(gnutls_x509_dn_t dn, int gnutls_x509_dn_import(gnutls_x509_dn_t dn,
const gnutls_datum_t * data); const gnutls_datum_t * data);
int gnutls_x509_dn_export(gnutls_x509_dn_t dn, int gnutls_x509_dn_export(gnutls_x509_dn_t dn,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size); void *output_data, size_t * output_data_size);
int gnutls_x509_dn_export2(gnutls_x509_dn_t dn, int gnutls_x509_dn_export2(gnutls_x509_dn_t dn,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
skipping to change at line 769 skipping to change at line 771
int int
gnutls_x509_crl_get_extension_data2(gnutls_x509_crl_t crl, gnutls_x509_crl_get_extension_data2(gnutls_x509_crl_t crl,
unsigned indx, gnutls_datum_t * data); unsigned indx, gnutls_datum_t * data);
int gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t crl, int gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t crl,
const void *id, size_t id_size); const void *id, size_t id_size);
int gnutls_x509_crl_set_number(gnutls_x509_crl_t crl, int gnutls_x509_crl_set_number(gnutls_x509_crl_t crl,
const void *nr, size_t nr_size); const void *nr, size_t nr_size);
/* PKCS7 structures handling
*/
struct gnutls_pkcs7_int;
typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t;
int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7);
void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7);
int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format);
int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7,
gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
int gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7,
gnutls_x509_crt_fmt_t format,
gnutls_datum_t * out);
int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7);
int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, int indx,
void *certificate, size_t * certificate_size);
int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7,
const gnutls_datum_t * crt);
int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);
int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx);
int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7,
int indx, void *crl, size_t * crl_size);
int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7);
int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7,
const gnutls_datum_t * crl);
int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl);
int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx);
/* X.509 Certificate verification functions. /* X.509 Certificate verification functions.
*/ */
/** /**
* gnutls_certificate_verify_flags: * gnutls_certificate_verify_flags:
* @GNUTLS_VERIFY_DISABLE_CA_SIGN: If set a signer does not have to be * @GNUTLS_VERIFY_DISABLE_CA_SIGN: If set a signer does not have to be
* a certificate authority. This flag should normally be disabled, * a certificate authority. This flag should normally be disabled,
* unless you know what this means. * unless you know what this means.
* @GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: If set a signer in the trust ed * @GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: If set a signer in the trust ed
* list is never checked for expiration or activation. * list is never checked for expiration or activation.
skipping to change at line 833 skipping to change at line 800
* @GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Do not tolerate an unsorted * @GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Do not tolerate an unsorted
* certificate chain. * certificate chain.
* @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that * @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that
* have version 1 (both root and intermediate). This might be * have version 1 (both root and intermediate). This might be
* dangerous since those haven't the basicConstraints * dangerous since those haven't the basicConstraints
* extension. * extension.
* @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed
* using the broken MD2 algorithm. * using the broken MD2 algorithm.
* @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed
* using the broken MD5 algorithm. * using the broken MD5 algorithm.
* @GNUTLS_VERIFY_ALLOW_BROKEN: Allow certificates to be signed
* using any broken algorithm.
* @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation * @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation
* and expiration validity periods of certificate chains. Don't set * and expiration validity periods of certificate chains. Don't set
* this unless you understand the security implications. * this unless you understand the security implications.
* @GNUTLS_VERIFY_DISABLE_CRL_CHECKS: Disable checking for validity * @GNUTLS_VERIFY_DISABLE_CRL_CHECKS: Disable checking for validity
* using certificate revocation lists or the available OCSP data. * using certificate revocation lists or the available OCSP data.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS: When including a hostname * @GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS: When including a hostname
* check in the verification, do not consider any wildcards. * check in the verification, do not consider any wildcards.
* @GNUTLS_VERIFY_USE_TLS1_RSA: This indicates that a (raw) RSA signature i
s provided
* as in the TLS 1.0 protocol. Not all functions accept this flag.
* *
* Enumeration of different certificate verify flags. Additional * Enumeration of different certificate verify flags. Additional
* verification profiles can be set using GNUTLS_PROFILE_TO_VFLAGS() * verification profiles can be set using GNUTLS_PROFILE_TO_VFLAGS()
* and %gnutls_certificate_verification_profiles_t. * and %gnutls_certificate_verification_profiles_t.
*/ */
typedef enum gnutls_certificate_verify_flags { typedef enum gnutls_certificate_verify_flags {
GNUTLS_VERIFY_DISABLE_CA_SIGN = 1 << 0, GNUTLS_VERIFY_DISABLE_CA_SIGN = 1 << 0,
GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1 << 2, GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1 << 2,
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1 << 3, GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1 << 3,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1 << 4, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1 << 4,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1 << 5, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1 << 5,
GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1 << 6, GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1 << 6,
GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1 << 7, GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1 << 7,
GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1 << 8, GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1 << 8,
GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1 << 9, GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1 << 9,
GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1 << 10, GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1 << 10,
GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1 << 11, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1 << 11,
GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS = 1 << 12, GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS = 1 << 12,
GNUTLS_VERIFY_USE_TLS1_RSA = 1 << 13
/* cannot exceed 2^24 due to GNUTLS_PROFILE_TO_VFLAGS() */ /* cannot exceed 2^24 due to GNUTLS_PROFILE_TO_VFLAGS() */
} gnutls_certificate_verify_flags; } gnutls_certificate_verify_flags;
#define GNUTLS_VERIFY_ALLOW_BROKEN (GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2|GNUTLS
_VERIFY_ALLOW_SIGN_RSA_MD5)
/** /**
* gnutls_certificate_verification_profiles_t: * gnutls_certificate_verification_profiles_t:
* @GNUTLS_PROFILE_VERY_WEAK: A verification profile that * @GNUTLS_PROFILE_VERY_WEAK: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_VERY_WEAK (64 bits) * corresponds to @GNUTLS_SEC_PARAM_VERY_WEAK (64 bits)
* @GNUTLS_PROFILE_LOW: A verification profile that * @GNUTLS_PROFILE_LOW: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_LOW (80 bits) * corresponds to @GNUTLS_SEC_PARAM_LOW (80 bits)
* @GNUTLS_PROFILE_LEGACY: A verification profile that * @GNUTLS_PROFILE_LEGACY: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_LEGACY (96 bits) * corresponds to @GNUTLS_SEC_PARAM_LEGACY (96 bits)
* @GNUTLS_PROFILE_MEDIUM: A verification profile that * @GNUTLS_PROFILE_MEDIUM: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_MEDIUM (112 bits) * corresponds to @GNUTLS_SEC_PARAM_MEDIUM (112 bits)
skipping to change at line 923 skipping to change at line 897
int gnutls_x509_crt_verify(gnutls_x509_crt_t cert, int gnutls_x509_crt_verify(gnutls_x509_crt_t cert,
const gnutls_x509_crt_t * CA_list, const gnutls_x509_crt_t * CA_list,
int CA_list_length, unsigned int flags, int CA_list_length, unsigned int flags,
unsigned int *verify); unsigned int *verify);
int gnutls_x509_crl_verify(gnutls_x509_crl_t crl, int gnutls_x509_crl_verify(gnutls_x509_crl_t crl,
const gnutls_x509_crt_t * CA_list, const gnutls_x509_crt_t * CA_list,
int CA_list_length, unsigned int flags, int CA_list_length, unsigned int flags,
unsigned int *verify); unsigned int *verify);
int
gnutls_x509_crt_verify_data2(gnutls_x509_crt_t crt,
gnutls_sign_algorithm_t algo,
unsigned int flags,
const gnutls_datum_t * data,
const gnutls_datum_t * signature);
int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
const gnutls_x509_crl_t * const gnutls_x509_crl_t *
crl_list, int crl_list_length); crl_list, int crl_list_length);
int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert,
gnutls_digest_algorithm_t algo, gnutls_digest_algorithm_t algo,
void *buf, size_t * buf_size); void *buf, size_t * buf_size);
int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert,
int indx, void *oid, int indx, void *oid,
skipping to change at line 1112 skipping to change at line 1093
gnutls_datum_t * e, gnutls_datum_t * e,
gnutls_datum_t * d, gnutls_datum_t * d,
gnutls_datum_t * p, gnutls_datum_t * p,
gnutls_datum_t * q, gnutls_datum_t * q,
gnutls_datum_t * u); gnutls_datum_t * u);
int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key, int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key,
gnutls_ecc_curve_t * curve, gnutls_ecc_curve_t * curve,
gnutls_datum_t * x, gnutls_datum_t * x,
gnutls_datum_t * y, gnutls_datum_t * y,
gnutls_datum_t * k); gnutls_datum_t * k);
int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key,
gnutls_digest_algorithm_t digest,
unsigned int flags,
const gnutls_datum_t * data,
void *signature,
size_t * signature_size);
/* Certificate request stuff. /* Certificate request stuff.
*/ */
int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq,
gnutls_x509_privkey_t key, gnutls_x509_privkey_t key,
gnutls_digest_algorithm_t dig, gnutls_digest_algorithm_t dig,
unsigned int flags); unsigned int flags);
int gnutls_x509_crq_print(gnutls_x509_crq_t crq, int gnutls_x509_crq_print(gnutls_x509_crq_t crq,
gnutls_certificate_print_formats_t gnutls_certificate_print_formats_t
skipping to change at line 1290 skipping to change at line 1279
int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t
list, gnutls_x509_crt_t cert, list, gnutls_x509_crt_t cert,
gnutls_x509_crt_t * issuer, gnutls_x509_crt_t * issuer,
unsigned int flags); unsigned int flags);
int gnutls_x509_trust_list_get_issuer_by_dn(gnutls_x509_trust_list_t list, int gnutls_x509_trust_list_get_issuer_by_dn(gnutls_x509_trust_list_t list,
const gnutls_datum_t *dn, const gnutls_datum_t *dn,
gnutls_x509_crt_t *issuer, gnutls_x509_crt_t *issuer,
unsigned int flags); unsigned int flags);
int gnutls_x509_trust_list_get_issuer_by_subject_key_id(gnutls_x509_trust_l
ist_t list,
const gnutls_datum_t *dn,
const gnutls_datum_t *spki,
gnutls_x509_crt_t *issuer,
unsigned int flags);
#define GNUTLS_TL_VERIFY_CRL 1 #define GNUTLS_TL_VERIFY_CRL 1
#define GNUTLS_TL_USE_IN_TLS (1<<1) #define GNUTLS_TL_USE_IN_TLS (1<<1)
#define GNUTLS_TL_NO_DUPLICATES (1<<2) #define GNUTLS_TL_NO_DUPLICATES (1<<2)
#define GNUTLS_TL_NO_DUPLICATE_KEY (1<<3) #define GNUTLS_TL_NO_DUPLICATE_KEY (1<<3)
#define GNUTLS_TL_GET_COPY (1<<4) #define GNUTLS_TL_GET_COPY (1<<4)
int int
gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list, gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list,
const gnutls_x509_crt_t * clist, const gnutls_x509_crt_t * clist,
unsigned clist_size, unsigned int flags); unsigned clist_size, unsigned int flags);
int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t
skipping to change at line 1421 skipping to change at line 1416
gnutls_datum_t data; gnutls_datum_t data;
} gnutls_x509_ext_st; } gnutls_x509_ext_st;
void gnutls_x509_ext_deinit(gnutls_x509_ext_st *ext); void gnutls_x509_ext_deinit(gnutls_x509_ext_st *ext);
int int
gnutls_x509_ext_print(gnutls_x509_ext_st *exts, unsigned int exts_size, gnutls_x509_ext_print(gnutls_x509_ext_st *exts, unsigned int exts_size,
gnutls_certificate_print_formats_t format, gnutls_certificate_print_formats_t format,
gnutls_datum_t * out); gnutls_datum_t * out);
#include <gnutls/pkcs7.h>
/* *INDENT-OFF* */ /* *INDENT-OFF* */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
/* *INDENT-ON* */ /* *INDENT-ON* */
#endif /* GNUTLS_X509_H */ #endif /* GNUTLS_X509_H */
 End of changes. 11 change blocks. 
36 lines changed or deleted 36 lines changed or added

This html diff was produced by rfcdiff 1.41.The latest version is available from http://tools.ietf.org/tools/rfcdiff/