ABI
Tracker

(GnuTLS)




Headers diff: 3.0.32 vs 3.1.0



 abstract.h (3.0.32)   abstract.h (3.1.0) 
skipping to change at line 26 skipping to change at line 26
* Lesser General Public License for more details. * Lesser General Public License for more details.
* *
* You should have received a copy of the GNU Lesser General Public License * You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/> * along with this program. If not, see <http://www.gnu.org/licenses/>
* *
*/ */
#ifndef __GNUTLS_ABSTRACT_H #ifndef __GNUTLS_ABSTRACT_H
#define __GNUTLS_ABSTRACT_H #define __GNUTLS_ABSTRACT_H
#include <stdarg.h>
#include <gnutls/gnutls.h> #include <gnutls/gnutls.h>
#include <gnutls/x509.h> #include <gnutls/x509.h>
#include <gnutls/pkcs11.h> #include <gnutls/pkcs11.h>
#include <gnutls/openpgp.h> #include <gnutls/openpgp.h>
#include <gnutls/tpm.h>
#ifdef __cplusplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
/* Public key operations */ /* Public key operations */
#define GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA 1
/* The following flag disables call to PIN callbacks etc.
* Only works for TPM keys.
*/
#define GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT (1<<3)
struct gnutls_pubkey_st; struct gnutls_pubkey_st;
typedef struct gnutls_pubkey_st *gnutls_pubkey_t; typedef struct gnutls_pubkey_st *gnutls_pubkey_t;
struct gnutls_privkey_st; struct gnutls_privkey_st;
typedef struct gnutls_privkey_st *gnutls_privkey_t; typedef struct gnutls_privkey_st *gnutls_privkey_t;
typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key, typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key,
void *userdata, void *userdata,
const gnutls_datum_t * raw_data, const gnutls_datum_t * raw_data,
gnutls_datum_t * signature); gnutls_datum_t * signature);
typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key, typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key,
void *userdata, void *userdata,
const gnutls_datum_t * cipherte xt, const gnutls_datum_t * cipherte xt,
gnutls_datum_t * plaintext); gnutls_datum_t * plaintext);
typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key,
void *userdata);
int gnutls_pubkey_init (gnutls_pubkey_t * key); int gnutls_pubkey_init (gnutls_pubkey_t * key);
void gnutls_pubkey_deinit (gnutls_pubkey_t key); void gnutls_pubkey_deinit (gnutls_pubkey_t key);
void gnutls_pubkey_set_pin_function (gnutls_pubkey_t key,
gnutls_pin_callback_t fn, void *userd
ata);
int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits ); int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits );
int gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt, int gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt,
unsigned int flags); unsigned int flags);
int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key, int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key,
gnutls_pkcs11_obj_t obj, unsigned int flag s); gnutls_pkcs11_obj_t obj, unsigned int flag s);
int gnutls_pubkey_import_openpgp (gnutls_pubkey_t key, int gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
gnutls_openpgp_crt_t crt, gnutls_openpgp_crt_t crt,
unsigned int flags); unsigned int flags);
int int
gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey, gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey,
unsigned int usage, unsigned int flags); unsigned int usage, unsigned int flags);
int
gnutls_pubkey_import_tpm_url (gnutls_pubkey_t pkey,
const char* url,
const char *srk_password,
unsigned int flags);
int
gnutls_pubkey_import_url (gnutls_pubkey_t key, const char *url,
unsigned int flags);
int
gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
const gnutls_datum_t * fdata,
gnutls_tpmkey_fmt_t format,
const char *srk_password,
unsigned int flags);
int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key, int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
gnutls_digest_algorithm_t * gnutls_digest_algorithm_t *
hash, unsigned int *mand); hash, unsigned int *mand);
int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key, int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key,
gnutls_datum_t * m, gnutls_datum_t * e); gnutls_datum_t * m, gnutls_datum_t * e);
int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key, int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * p, gnutls_datum_t * q,
gnutls_datum_t * g, gnutls_datum_t * y); gnutls_datum_t * g, gnutls_datum_t * y);
int gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key, gnutls_ecc_curve_t * curve, int gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key, gnutls_ecc_curve_t * curve,
skipping to change at line 142 skipping to change at line 160
int int
gnutls_pubkey_encrypt_data (gnutls_pubkey_t key, unsigned int flags, gnutls_pubkey_encrypt_data (gnutls_pubkey_t key, unsigned int flags,
const gnutls_datum_t * plaintext, const gnutls_datum_t * plaintext,
gnutls_datum_t * ciphertext); gnutls_datum_t * ciphertext);
int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key) ; int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key) ;
int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key) ; int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key) ;
int #define GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA 1
gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags, /* The following flag disables call to PIN callbacks etc.
const gnutls_datum_t * hash, * Only works for TPM keys.
const gnutls_datum_t * signature); */
#define GNUTLS_PUBKEY_DISABLE_CALLBACKS (1<<2)
int int
gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key, gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key,
gnutls_sign_algorithm_t algo, gnutls_sign_algorithm_t algo,
unsigned int flags, unsigned int flags,
const gnutls_datum_t * hash, const gnutls_datum_t * hash,
const gnutls_datum_t * signature); const gnutls_datum_t * signature);
int int
gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key, gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
const gnutls_datum_t * signature, const gnutls_datum_t * signature,
gnutls_digest_algorithm_t * hash); gnutls_digest_algorithm_t * hash);
int gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey,
unsigned int flags,
const gnutls_datum_t * data,
const gnutls_datum_t * signature);
int int
gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey, gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey,
gnutls_sign_algorithm_t algo, gnutls_sign_algorithm_t algo,
unsigned int flags, unsigned int flags,
const gnutls_datum_t * data, const gnutls_datum_t * data,
const gnutls_datum_t * signature); const gnutls_datum_t * signature);
/* Private key operations */ /* Private key operations */
int gnutls_privkey_init (gnutls_privkey_t * key); int gnutls_privkey_init (gnutls_privkey_t * key);
void gnutls_privkey_deinit (gnutls_privkey_t key); void gnutls_privkey_deinit (gnutls_privkey_t key);
void gnutls_privkey_set_pin_function (gnutls_privkey_t key,
gnutls_pin_callback_t fn, void *userd
ata);
int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key,
unsigned int *bits); unsigned int *bits);
gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key); gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key);
#define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE (1<<0) #define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE (1<<0)
#define GNUTLS_PRIVKEY_IMPORT_COPY (1<<1) #define GNUTLS_PRIVKEY_IMPORT_COPY (1<<1)
/* The following flag disables call to PIN callbacks etc.
* Only works for TPM keys.
*/
#define GNUTLS_PRIVKEY_DISABLE_CALLBACKS (1<<2)
int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
gnutls_pkcs11_privkey_t key, gnutls_pkcs11_privkey_t key,
unsigned int flags); unsigned int flags);
int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, int gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
gnutls_x509_privkey_t key, gnutls_x509_privkey_t key,
unsigned int flags); unsigned int flags);
int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
gnutls_openpgp_privkey_t key, gnutls_openpgp_privkey_t key,
unsigned int flags); unsigned int flags);
int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey,
const gnutls_datum_t * data,
gnutls_openpgp_crt_fmt_t format,
const gnutls_openpgp_keyid_t keyid,
const char* password);
int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format,
const char* password, unsigned int flag
s);
int
gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
const gnutls_datum_t * fdata,
gnutls_tpmkey_fmt_t format,
const char *srk_password,
const char *tpm_password, unsigned int flags)
;
int
gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey,
const char* url, const char *srk_password, const char *key_passwo
rd,
unsigned int flags);
int gnutls_privkey_import_url (gnutls_privkey_t key, const char *url, unsig
ned int flags);
int gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url
);
int int
gnutls_privkey_import_ext (gnutls_privkey_t pkey, gnutls_privkey_import_ext (gnutls_privkey_t pkey,
gnutls_pk_algorithm_t pk, gnutls_pk_algorithm_t pk,
void* userdata, void* userdata,
gnutls_privkey_sign_func sign_func, gnutls_privkey_sign_func sign_func,
gnutls_privkey_decrypt_func decrypt_func, gnutls_privkey_decrypt_func decrypt_func,
unsigned int flags); unsigned int flags);
int
gnutls_privkey_import_ext2 (gnutls_privkey_t pkey,
gnutls_pk_algorithm_t pk,
void* userdata,
gnutls_privkey_sign_func sign_func,
gnutls_privkey_decrypt_func decrypt_func,
gnutls_privkey_deinit_func deinit_func,
unsigned int flags);
int gnutls_privkey_sign_data (gnutls_privkey_t signer, int gnutls_privkey_sign_data (gnutls_privkey_t signer,
gnutls_digest_algorithm_t hash, gnutls_digest_algorithm_t hash,
unsigned int flags, unsigned int flags,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_datum_t * signature); gnutls_datum_t * signature);
int gnutls_privkey_sign_hash (gnutls_privkey_t signer, int gnutls_privkey_sign_hash (gnutls_privkey_t signer,
gnutls_digest_algorithm_t hash_algo, gnutls_digest_algorithm_t hash_algo,
unsigned int flags, unsigned int flags,
const gnutls_datum_t * hash_data, const gnutls_datum_t * hash_data,
skipping to change at line 302 skipping to change at line 361
gnutls_certificate_retrieve_function2 * func); gnutls_certificate_retrieve_function2 * func);
int int
gnutls_certificate_set_key (gnutls_certificate_credentials_t res, gnutls_certificate_set_key (gnutls_certificate_credentials_t res,
const char** names, const char** names,
int names_size, int names_size,
gnutls_pcert_st * pcert_list, gnutls_pcert_st * pcert_list,
int pcert_list_size, int pcert_list_size,
gnutls_privkey_t key); gnutls_privkey_t key);
#include <gnutls/compat.h>
int gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey,
unsigned int flags,
const gnutls_datum_t * data,
const gnutls_datum_t * signature) _GNUTLS_GC
C_ATTR_DEPRECATED;
int gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
const gnutls_datum_t * hash,
const gnutls_datum_t * signature) _GNUTLS_GCC_AT
TR_DEPRECATED;
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif #endif
 End of changes. 13 change blocks. 
16 lines changed or deleted 95 lines changed or added


 gnutls.h (3.0.32)   gnutls.h (3.1.0) 
skipping to change at line 54 skipping to change at line 54
#include <sys/types.h> #include <sys/types.h>
/* *INDENT-ON* */ /* *INDENT-ON* */
#endif #endif
/* Get time_t. */ /* Get time_t. */
#include <time.h> #include <time.h>
#ifdef __cplusplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#define GNUTLS_VERSION "3.0.32" #define GNUTLS_VERSION "3.1.0"
#define GNUTLS_VERSION_MAJOR 3 #define GNUTLS_VERSION_MAJOR 3
#define GNUTLS_VERSION_MINOR 0 #define GNUTLS_VERSION_MINOR 1
#define GNUTLS_VERSION_PATCH 32 #define GNUTLS_VERSION_PATCH 0
#define GNUTLS_VERSION_NUMBER 0x030020 #define GNUTLS_VERSION_NUMBER 0x030100
#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
/** /**
* gnutls_cipher_algorithm_t: * gnutls_cipher_algorithm_t:
* @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm. * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
* @GNUTLS_CIPHER_NULL: NULL algorithm. * @GNUTLS_CIPHER_NULL: NULL algorithm.
* @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys. * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
* @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode. * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
* @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys. * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
* @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys. * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
* @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys. * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
* @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys. * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
* @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys. * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
* @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys.
* @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys. * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
* @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys. * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
* @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys). * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
* @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys. * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
* @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys. * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
* @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode. * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode.
* @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode. * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode.
* @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode. * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode.
* @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode. * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode.
* @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit ke ys. * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit ke ys.
skipping to change at line 111 skipping to change at line 112
GNUTLS_CIPHER_AES_128_CBC = 4, GNUTLS_CIPHER_AES_128_CBC = 4,
GNUTLS_CIPHER_AES_256_CBC = 5, GNUTLS_CIPHER_AES_256_CBC = 5,
GNUTLS_CIPHER_ARCFOUR_40 = 6, GNUTLS_CIPHER_ARCFOUR_40 = 6,
GNUTLS_CIPHER_CAMELLIA_128_CBC = 7, GNUTLS_CIPHER_CAMELLIA_128_CBC = 7,
GNUTLS_CIPHER_CAMELLIA_256_CBC = 8, GNUTLS_CIPHER_CAMELLIA_256_CBC = 8,
GNUTLS_CIPHER_RC2_40_CBC = 90, GNUTLS_CIPHER_RC2_40_CBC = 90,
GNUTLS_CIPHER_DES_CBC = 91, GNUTLS_CIPHER_DES_CBC = 91,
GNUTLS_CIPHER_AES_192_CBC = 92, GNUTLS_CIPHER_AES_192_CBC = 92,
GNUTLS_CIPHER_AES_128_GCM = 93, GNUTLS_CIPHER_AES_128_GCM = 93,
GNUTLS_CIPHER_AES_256_GCM = 94, GNUTLS_CIPHER_AES_256_GCM = 94,
GNUTLS_CIPHER_CAMELLIA_192_CBC = 95,
/* used only for PGP internals. Ignored in TLS/SSL /* used only for PGP internals. Ignored in TLS/SSL
*/ */
GNUTLS_CIPHER_IDEA_PGP_CFB = 200, GNUTLS_CIPHER_IDEA_PGP_CFB = 200,
GNUTLS_CIPHER_3DES_PGP_CFB = 201, GNUTLS_CIPHER_3DES_PGP_CFB = 201,
GNUTLS_CIPHER_CAST5_PGP_CFB = 202, GNUTLS_CIPHER_CAST5_PGP_CFB = 202,
GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203, GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203,
GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204, GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204,
GNUTLS_CIPHER_AES128_PGP_CFB = 205, GNUTLS_CIPHER_AES128_PGP_CFB = 205,
GNUTLS_CIPHER_AES192_PGP_CFB = 206, GNUTLS_CIPHER_AES192_PGP_CFB = 206,
skipping to change at line 296 skipping to change at line 298
} gnutls_compression_method_t; } gnutls_compression_method_t;
/* /*
* Flags for gnutls_init() * Flags for gnutls_init()
* *
* @GNUTLS_SERVER: Connection end is a server. * @GNUTLS_SERVER: Connection end is a server.
* @GNUTLS_CLIENT: Connection end is a client. * @GNUTLS_CLIENT: Connection end is a client.
* @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS). * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
* @GNUTLS_NONBLOCK: Connection should not block (DTLS). * @GNUTLS_NONBLOCK: Connection should not block (DTLS).
* *
* Enumeration of different TLS connection end types.
*/ */
#define GNUTLS_SERVER 1 #define GNUTLS_SERVER 1
#define GNUTLS_CLIENT (1<<1) #define GNUTLS_CLIENT (1<<1)
#define GNUTLS_DATAGRAM (1<<2) #define GNUTLS_DATAGRAM (1<<2)
#define GNUTLS_NONBLOCK (1<<3) #define GNUTLS_NONBLOCK (1<<3)
/** /**
* gnutls_alert_level_t: * gnutls_alert_level_t:
* @GNUTLS_AL_WARNING: Alert of warning severity. * @GNUTLS_AL_WARNING: Alert of warning severity.
* @GNUTLS_AL_FATAL: Alert of fatal severity. * @GNUTLS_AL_FATAL: Alert of fatal severity.
skipping to change at line 427 skipping to change at line 430
GNUTLS_HANDSHAKE_FINISHED = 20, GNUTLS_HANDSHAKE_FINISHED = 20,
GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23, GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23,
GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254, GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254,
GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024, GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024,
} gnutls_handshake_description_t; } gnutls_handshake_description_t;
/** /**
* gnutls_certificate_status_t: * gnutls_certificate_status_t:
* @GNUTLS_CERT_INVALID: The certificate is not signed by one of the * @GNUTLS_CERT_INVALID: The certificate is not signed by one of the
* known authorities or the signature is invalid. * known authorities or the signature is invalid.
* @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed.
* @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509 this will be * @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509 this will be
* set only if CRLs are checked. * set only if CRLs are checked.
* @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known. * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known.
* This is the case if the issuer is not included in the trusted certific ate list. * This is the case if the issuer is not included in the trusted certific ate list.
* @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This * @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This
* may happen if this was a version 1 certificate, which is common with * may happen if this was a version 1 certificate, which is common with
* some CAs, or a version 3 certificate without the basic constrains exte nsion. * some CAs, or a version 3 certificate without the basic constrains exte nsion.
* @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an in secure * @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an in secure
* algorithm such as MD2 or MD5. These algorithms have been broken and * algorithm such as MD2 or MD5. These algorithms have been broken and
* should not be trusted. * should not be trusted.
* @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated. * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
* @GNUTLS_CERT_EXPIRED: The certificate has expired. * @GNUTLS_CERT_EXPIRED: The certificate has expired.
* @GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: The revocation data are old and
have been superseded.
* @GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: The revocation data have
a future issue date.
* *
* Enumeration of certificate status codes. Note that the status * Enumeration of certificate status codes. Note that the status
* bits have different meanings in OpenPGP keys and X.509 * bits have different meanings in OpenPGP keys and X.509
* certificate verification. * certificate verification.
*/ */
typedef enum typedef enum
{ {
GNUTLS_CERT_INVALID = 1<<1, GNUTLS_CERT_INVALID = 2,
GNUTLS_CERT_REVOKED = 1<<5, GNUTLS_CERT_REVOKED = 32,
GNUTLS_CERT_SIGNER_NOT_FOUND = 1<<6, GNUTLS_CERT_SIGNER_NOT_FOUND = 64,
GNUTLS_CERT_SIGNER_NOT_CA = 1<<7, GNUTLS_CERT_SIGNER_NOT_CA = 128,
GNUTLS_CERT_INSECURE_ALGORITHM = 1<<8, GNUTLS_CERT_INSECURE_ALGORITHM = 256,
GNUTLS_CERT_NOT_ACTIVATED = 1<<9, GNUTLS_CERT_NOT_ACTIVATED = 512,
GNUTLS_CERT_EXPIRED = 1<<10, GNUTLS_CERT_EXPIRED = 1024,
GNUTLS_CERT_SIGNATURE_FAILURE = 1<<11, GNUTLS_CERT_SIGNATURE_FAILURE = 2048
GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED = 1<<12,
GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = 1<<15,
} gnutls_certificate_status_t; } gnutls_certificate_status_t;
/** /**
* gnutls_certificate_request_t: * gnutls_certificate_request_t:
* @GNUTLS_CERT_IGNORE: Ignore certificate. * @GNUTLS_CERT_IGNORE: Ignore certificate.
* @GNUTLS_CERT_REQUEST: Request certificate. * @GNUTLS_CERT_REQUEST: Request certificate.
* @GNUTLS_CERT_REQUIRE: Require certificate. * @GNUTLS_CERT_REQUIRE: Require certificate.
* *
* Enumeration of certificate request types. * Enumeration of certificate request types.
*/ */
skipping to change at line 751 skipping to change at line 751
/* internal functions */ /* internal functions */
int gnutls_init (gnutls_session_t * session, int gnutls_init (gnutls_session_t * session,
unsigned int flags); unsigned int flags);
void gnutls_deinit (gnutls_session_t session); void gnutls_deinit (gnutls_session_t session);
#define _gnutls_deinit(x) gnutls_deinit(x) #define _gnutls_deinit(x) gnutls_deinit(x)
int gnutls_bye (gnutls_session_t session, gnutls_close_request_t how); int gnutls_bye (gnutls_session_t session, gnutls_close_request_t how);
int gnutls_handshake (gnutls_session_t session); int gnutls_handshake (gnutls_session_t session);
#define GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT ((unsigned int)-1)
void gnutls_handshake_set_timeout (gnutls_session_t session, unsigned int
sec);
int gnutls_rehandshake (gnutls_session_t session); int gnutls_rehandshake (gnutls_session_t session);
gnutls_alert_description_t gnutls_alert_get (gnutls_session_t session); gnutls_alert_description_t gnutls_alert_get (gnutls_session_t session);
int gnutls_alert_send (gnutls_session_t session, int gnutls_alert_send (gnutls_session_t session,
gnutls_alert_level_t level, gnutls_alert_level_t level,
gnutls_alert_description_t desc); gnutls_alert_description_t desc);
int gnutls_alert_send_appropriate (gnutls_session_t session, int err); int gnutls_alert_send_appropriate (gnutls_session_t session, int err);
const char *gnutls_alert_get_name (gnutls_alert_description_t alert); const char *gnutls_alert_get_name (gnutls_alert_description_t alert);
const char * gnutls_alert_get_strname (gnutls_alert_description_t alert); const char * gnutls_alert_get_strname (gnutls_alert_description_t alert);
skipping to change at line 776 skipping to change at line 779
/* Elliptic curves */ /* Elliptic curves */
const char * gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve); const char * gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve);
int gnutls_ecc_curve_get_size (gnutls_ecc_curve_t curve); int gnutls_ecc_curve_get_size (gnutls_ecc_curve_t curve);
gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session); gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
/* get information on the current session */ /* get information on the current session */
gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session); gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session);
gnutls_kx_algorithm_t gnutls_kx_get (gnutls_session_t session); gnutls_kx_algorithm_t gnutls_kx_get (gnutls_session_t session);
gnutls_mac_algorithm_t gnutls_mac_get (gnutls_session_t session); gnutls_mac_algorithm_t gnutls_mac_get (gnutls_session_t session);
gnutls_compression_method_t gnutls_compression_method_t
gnutls_compression_get (gnutls_session_t session); gnutls_compression_get (gnutls_session_t session);
gnutls_certificate_type_t gnutls_certificate_type_t
gnutls_certificate_type_get (gnutls_session_t session); gnutls_certificate_type_get (gnutls_session_t session);
int gnutls_sign_algorithm_get_requested (gnutls_session_t session, int gnutls_sign_algorithm_get_requested (gnutls_session_t session,
size_t indx, size_t indx,
gnutls_sign_algorithm_t * algo); gnutls_sign_algorithm_t * algo);
size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm); size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm);
size_t gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm); size_t gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm);
/* the name of the specified algorithms */ /* the name of the specified algorithms */
const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm); const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm);
const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm); const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm);
skipping to change at line 1727 skipping to change at line 1733
int gnutls_store_pubkey (const char* db_name, int gnutls_store_pubkey (const char* db_name,
gnutls_tdb_t tdb, gnutls_tdb_t tdb,
const char* host, const char* host,
const char* service, const char* service,
gnutls_certificate_type_t cert_type, gnutls_certificate_type_t cert_type,
const gnutls_datum_t * cert, const gnutls_datum_t * cert,
time_t expiration, time_t expiration,
unsigned int flags); unsigned int flags);
/* Other helper functions */
int gnutls_load_file(const char* filename, gnutls_datum_t * data);
int gnutls_url_is_supported (const char* url);
/* PIN callback */
/**
* gnutls_pin_flag_t:
* @GNUTLS_PIN_USER: The PIN for the user.
* @GNUTLS_PIN_SO: The PIN for the security officer (admin).
* @GNUTLS_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key l
ike signing.
* @GNUTLS_PIN_FINAL_TRY: This is the final try before blocking.
* @GNUTLS_PIN_COUNT_LOW: Few tries remain before token blocks.
* @GNUTLS_PIN_WRONG: Last given PIN was not correct.
*
* Enumeration of different flags that are input to the PIN function.
*/
typedef enum
{
GNUTLS_PIN_USER = (1 << 0),
GNUTLS_PIN_SO = (1 << 1),
GNUTLS_PIN_FINAL_TRY = (1 << 2),
GNUTLS_PIN_COUNT_LOW = (1 << 3),
GNUTLS_PIN_CONTEXT_SPECIFIC = (1 << 4),
GNUTLS_PIN_WRONG = (1 << 5),
} gnutls_pin_flag_t;
#define GNUTLS_PKCS11_PIN_USER GNUTLS_PIN_USER
#define GNUTLS_PKCS11_PIN_SO GNUTLS_PIN_SO
#define GNUTLS_PKCS11_PIN_FINAL_TRY GNUTLS_PIN_FINAL_TRY
#define GNUTLS_PKCS11_PIN_COUNT_LOW GNUTLS_PIN_COUNT_LOW
#define GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC GNUTLS_PIN_CONTEXT_SPECIFIC
#define GNUTLS_PKCS11_PIN_WRONG GNUTLS_PIN_WRONG
/**
* gnutls_pin_callback_t:
* @userdata: user-controlled data from gnutls_pkcs11_set_pin_function().
* @attempt: pin-attempt counter, initially 0.
* @token_url: URL of token.
* @token_label: label of token.
* @flags: a #gnutls_pin_flag_t flag.
* @pin: buffer to hold PIN, of size @pin_max.
* @pin_max: size of @pin buffer.
*
* Callback function type for PKCS#11 or TPM PIN entry. It is set by
* functions like gnutls_pkcs11_set_pin_function().
*
* The callback should provides the PIN code to unlock the token with
* label @token_label, specified by the URL @token_url.
*
* The PIN code, as a NUL-terminated ASCII string, should be copied
* into the @pin buffer (of maximum size @pin_max), and return 0 to
* indicate success. Alternatively, the callback may return a
* negative gnutls error code to indicate failure and cancel PIN entry
* (in which case, the contents of the @pin parameter are ignored).
*
* When a PIN is required, the callback will be invoked repeatedly
* (and indefinitely) until either the returned PIN code is correct,
* the callback returns failure, or the token refuses login (e.g. when
* the token is locked due to too many incorrect PINs!). For the
* first such invocation, the @attempt counter will have value zero;
* it will increase by one for each subsequent attempt.
*
* Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on er
ror.
*
* Since: 2.12.0
**/
typedef int (*gnutls_pin_callback_t) (void *userdata, int attempt,
const char *token_url,
const char *token_label,
unsigned int flags,
char *pin, size_t pin_max);
void gnutls_certificate_set_pin_function (gnutls_certificate_credentials_
t,
gnutls_pin_callback_t fn, void
*userdata);
/* Gnutls error codes. The mapping to a TLS alert is also shown in /* Gnutls error codes. The mapping to a TLS alert is also shown in
* comments. * comments.
*/ */
#define GNUTLS_E_SUCCESS 0 #define GNUTLS_E_SUCCESS 0
#define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3 #define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
#define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6 #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
#define GNUTLS_E_LARGE_PACKET -7 #define GNUTLS_E_LARGE_PACKET -7
#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSIO N */ #define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSIO N */
#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */ #define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
skipping to change at line 1901 skipping to change at line 1984
#define GNUTLS_E_USER_ERROR -320 #define GNUTLS_E_USER_ERROR -320
#define GNUTLS_E_ECC_NO_SUPPORTED_CURVES -321 #define GNUTLS_E_ECC_NO_SUPPORTED_CURVES -321
#define GNUTLS_E_ECC_UNSUPPORTED_CURVE -322 #define GNUTLS_E_ECC_UNSUPPORTED_CURVE -322
#define GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE -323 #define GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE -323
#define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324 #define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324
#define GNUTLS_E_ILLEGAL_PARAMETER -325 #define GNUTLS_E_ILLEGAL_PARAMETER -325
#define GNUTLS_E_NO_PRIORITIES_WERE_SET -326 #define GNUTLS_E_NO_PRIORITIES_WERE_SET -326
#define GNUTLS_E_X509_UNSUPPORTED_EXTENSION -327 #define GNUTLS_E_X509_UNSUPPORTED_EXTENSION -327
#define GNUTLS_E_SESSION_EOF -328 #define GNUTLS_E_SESSION_EOF -328
#define GNUTLS_E_OCSP_RESPONSE_ERROR -341 #define GNUTLS_E_TPM_ERROR -329
#define GNUTLS_E_TPM_KEY_PASSWORD_ERROR -330
#define GNUTLS_E_TPM_SRK_PASSWORD_ERROR -331
#define GNUTLS_E_TPM_SESSION_ERROR -332
#define GNUTLS_E_TPM_KEY_NOT_FOUND -333
#define GNUTLS_E_TPM_UNINITIALIZED -334
#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
#define GNUTLS_E_APPLICATION_ERROR_MAX -65000 #define GNUTLS_E_APPLICATION_ERROR_MAX -65000
#define GNUTLS_E_APPLICATION_ERROR_MIN -65500 #define GNUTLS_E_APPLICATION_ERROR_MIN -65500
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 15 change blocks. 
21 lines changed or deleted 110 lines changed or added


 gnutlsxx.h (3.0.32)   gnutlsxx.h (3.1.0) 
skipping to change at line 184 skipping to change at line 184
void set_transport_ptr (gnutls_transport_ptr_t ptr); void set_transport_ptr (gnutls_transport_ptr_t ptr);
void set_transport_ptr (gnutls_transport_ptr_t recv_ptr, void set_transport_ptr (gnutls_transport_ptr_t recv_ptr,
gnutls_transport_ptr_t send_ptr); gnutls_transport_ptr_t send_ptr);
gnutls_transport_ptr_t get_transport_ptr () const; gnutls_transport_ptr_t get_transport_ptr () const;
void get_transport_ptr (gnutls_transport_ptr_t & recv_ptr, void get_transport_ptr (gnutls_transport_ptr_t & recv_ptr,
gnutls_transport_ptr_t & send_ptr) const; gnutls_transport_ptr_t & send_ptr) const;
void set_transport_lowat (size_t num); void set_transport_lowat (size_t num);
void set_transport_push_function (gnutls_push_func push_func); void set_transport_push_function (gnutls_push_func push_func);
void set_transport_vec_push_function (gnutls_vec_push_func vec_push_fun c);
void set_transport_pull_function (gnutls_pull_func pull_func); void set_transport_pull_function (gnutls_pull_func pull_func);
void set_user_ptr (void *ptr); void set_user_ptr (void *ptr);
void *get_user_ptr () const; void *get_user_ptr () const;
void send_openpgp_cert (gnutls_openpgp_crt_status_t status); void send_openpgp_cert (gnutls_openpgp_crt_status_t status);
gnutls_credentials_type_t get_auth_type () const; gnutls_credentials_type_t get_auth_type () const;
gnutls_credentials_type_t get_server_auth_type () const; gnutls_credentials_type_t get_server_auth_type () const;
gnutls_credentials_type_t get_client_auth_type () const; gnutls_credentials_type_t get_client_auth_type () const;
 End of changes. 1 change blocks. 
0 lines changed or deleted 1 lines changed or added


 ocsp.h (3.0.32)   ocsp.h (3.1.0) 
skipping to change at line 252 skipping to change at line 252
int gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp, int gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
gnutls_x509_crt_t issuer, gnutls_x509_crt_t issuer,
unsigned int *verify, unsigned int *verify,
unsigned int flags); unsigned int flags);
int gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp, int gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp,
gnutls_x509_trust_list_t trustlist, gnutls_x509_trust_list_t trustlist,
unsigned int *verify, unsigned int *verify,
unsigned int flags); unsigned int flags);
int gnutls_ocsp_resp_check_crt (gnutls_ocsp_resp_t resp,
unsigned int indx,
gnutls_x509_crt_t crt);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* GNUTLS_OCSP_H */ #endif /* GNUTLS_OCSP_H */
 End of changes. 1 change blocks. 
4 lines changed or deleted 0 lines changed or added


 openpgp.h (3.0.32)   openpgp.h (3.1.0) 
skipping to change at line 31 skipping to change at line 31
*/ */
/* This file contains the types and prototypes for the OpenPGP /* This file contains the types and prototypes for the OpenPGP
* key and private key parsing functions. * key and private key parsing functions.
*/ */
#ifndef GNUTLS_OPENPGP_H #ifndef GNUTLS_OPENPGP_H
#define GNUTLS_OPENPGP_H #define GNUTLS_OPENPGP_H
#include <gnutls/gnutls.h> #include <gnutls/gnutls.h>
#include <limits.h>
#ifdef __cplusplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
/* Openpgp certificate stuff /* Openpgp certificate stuff
*/ */
/** /**
skipping to change at line 55 skipping to change at line 54
* *
* Enumeration of different OpenPGP key formats. * Enumeration of different OpenPGP key formats.
*/ */
typedef enum gnutls_openpgp_crt_fmt typedef enum gnutls_openpgp_crt_fmt
{ {
GNUTLS_OPENPGP_FMT_RAW, GNUTLS_OPENPGP_FMT_RAW,
GNUTLS_OPENPGP_FMT_BASE64 GNUTLS_OPENPGP_FMT_BASE64
} gnutls_openpgp_crt_fmt_t; } gnutls_openpgp_crt_fmt_t;
#define GNUTLS_OPENPGP_KEYID_SIZE 8 #define GNUTLS_OPENPGP_KEYID_SIZE 8
#define GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE 20
typedef unsigned char gnutls_openpgp_keyid_t[GNUTLS_OPENPGP_KEYID_SIZE]; typedef unsigned char gnutls_openpgp_keyid_t[GNUTLS_OPENPGP_KEYID_SIZE];
/* gnutls_openpgp_cert_t should be defined in gnutls.h /* gnutls_openpgp_cert_t should be defined in gnutls.h
*/ */
/* initializes the memory for gnutls_openpgp_crt_t struct */ /* initializes the memory for gnutls_openpgp_crt_t struct */
int gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key); int gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key);
/* frees all memory */ /* frees all memory */
void gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key); void gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key);
skipping to change at line 81 skipping to change at line 79
void *output_data, void *output_data,
size_t * output_data_size); size_t * output_data_size);
int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert, int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert,
gnutls_certificate_print_formats_t format, gnutls_certificate_print_formats_t format,
gnutls_datum_t * out); gnutls_datum_t * out);
/* The key_usage flags are defined in gnutls.h. They are /* The key_usage flags are defined in gnutls.h. They are
* the GNUTLS_KEY_* definitions. * the GNUTLS_KEY_* definitions.
*/ */
#define GNUTLS_OPENPGP_MASTER_KEYID_IDX INT_MAX
int gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key, int gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key,
unsigned int *key_usage); unsigned int *key_usage);
int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, void *f pr, int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, void *f pr,
size_t * fprlen); size_t * fprlen);
int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key, int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
unsigned int idx, unsigned int idx,
void *fpr, size_t * fprlen ); void *fpr, size_t * fprlen );
int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
int idx, char *buf, size_t * sizeof_buf) ; int idx, char *buf, size_t * sizeof_buf) ;
skipping to change at line 303 skipping to change at line 299
* @session: a TLS session * @session: a TLS session
* @keyfpr: key fingerprint * @keyfpr: key fingerprint
* @keyfpr_length: length of key fingerprint * @keyfpr_length: length of key fingerprint
* @key: output key. * @key: output key.
* *
* A callback of this type is used to retrieve OpenPGP keys. Only * A callback of this type is used to retrieve OpenPGP keys. Only
* useful on the server, and will only be used if the peer send a key * useful on the server, and will only be used if the peer send a key
* fingerprint instead of a full key. See also * fingerprint instead of a full key. See also
* gnutls_openpgp_set_recv_key_function(). * gnutls_openpgp_set_recv_key_function().
* *
* The variable @key must be allocated using gnutls_malloc().
*
* Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned, * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
* otherwise an error code is returned. * otherwise an error code is returned.
*/ */
typedef int (*gnutls_openpgp_recv_key_func) (gnutls_session_t session, typedef int (*gnutls_openpgp_recv_key_func) (gnutls_session_t session,
const unsigned char *keyfpr, const unsigned char *keyfpr,
unsigned int keyfpr_length, unsigned int keyfpr_length,
gnutls_datum_t * key); gnutls_datum_t * key);
void void
gnutls_openpgp_set_recv_key_function (gnutls_session_t session, gnutls_openpgp_set_recv_key_function (gnutls_session_t session,
 End of changes. 4 change blocks. 
6 lines changed or deleted 0 lines changed or added


 pkcs11.h (3.0.32)   pkcs11.h (3.1.0) 
skipping to change at line 59 skipping to change at line 59
* *
* Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code
* on error. * on error.
* *
* Since: 2.12.0 * Since: 2.12.0
**/ **/
typedef int (*gnutls_pkcs11_token_callback_t) (void *const userdata, typedef int (*gnutls_pkcs11_token_callback_t) (void *const userdata,
const char *const label, const char *const label,
unsigned retry); unsigned retry);
/**
* gnutls_pkcs11_pin_flag_t:
* @GNUTLS_PKCS11_PIN_USER: The PIN for the user.
* @GNUTLS_PKCS11_PIN_SO: The PIN for the security officer.
* @GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action an
d key like signing.
* @GNUTLS_PKCS11_PIN_FINAL_TRY: This is the final try before blocking.
* @GNUTLS_PKCS11_PIN_COUNT_LOW: Few tries remain before token blocks.
* @GNUTLS_PKCS11_PIN_WRONG: Last given PIN was not correct.
*
* Enumeration of different PIN flags.
*/
typedef enum
{
GNUTLS_PKCS11_PIN_USER = (1 << 0),
GNUTLS_PKCS11_PIN_SO = (1 << 1),
GNUTLS_PKCS11_PIN_FINAL_TRY = (1 << 2),
GNUTLS_PKCS11_PIN_COUNT_LOW = (1 << 3),
GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = (1 << 4),
GNUTLS_PKCS11_PIN_WRONG = (1 << 5),
} gnutls_pkcs11_pin_flag_t;
/**
* gnutls_pkcs11_pin_callback_t:
* @userdata: user-controlled data from gnutls_pkcs11_set_pin_function().
* @attempt: pin-attempt counter, initially 0.
* @token_url: PKCS11 URL.
* @token_label: label of PKCS11 token.
* @flags: a #gnutls_pkcs11_pin_flag_t flag.
* @pin: buffer to hold PIN, of size @pin_max.
* @pin_max: size of @pin buffer.
*
* Callback function type for PKCS#11 PIN entry. It is set by
* gnutls_pkcs11_set_pin_function().
*
* The callback should provides the PIN code to unlock the token with
* label @token_label, specified by the URL @token_url.
*
* The PIN code, as a NUL-terminated ASCII string, should be copied
* into the @pin buffer (of maximum size @pin_max), and return 0 to
* indicate success. Alternatively, the callback may return a
* negative gnutls error code to indicate failure and cancel PIN entry
* (in which case, the contents of the @pin parameter are ignored).
*
* When a PIN is required, the callback will be invoked repeatedly
* (and indefinitely) until either the returned PIN code is correct,
* the callback returns failure, or the token refuses login (e.g. when
* the token is locked due to too many incorrect PINs!). For the
* first such invocation, the @attempt counter will have value zero;
* it will increase by one for each subsequent attempt.
*
* Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on er
ror.
*
* Since: 2.12.0
**/
typedef int (*gnutls_pkcs11_pin_callback_t) (void *userdata, int attempt,
const char *token_url,
const char *token_label,
unsigned int flags,
char *pin, size_t pin_max);
struct gnutls_pkcs11_obj_st; struct gnutls_pkcs11_obj_st;
typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t; typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t;
#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */ #define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */
#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */ #define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */
/* pkcs11.conf format: /* pkcs11.conf format:
* load = /lib/xxx-pkcs11.so * load = /lib/xxx-pkcs11.so
* load = /lib/yyy-pkcs11.so * load = /lib/yyy-pkcs11.so
*/ */
int gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_f ile); int gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_f ile);
int gnutls_pkcs11_reinit (void); int gnutls_pkcs11_reinit (void);
void gnutls_pkcs11_deinit (void); void gnutls_pkcs11_deinit (void);
void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn, void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
void *userdata); void *userdata);
void gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn, void gnutls_pkcs11_set_pin_function (gnutls_pin_callback_t fn,
void *userdata); void *userdata);
gnutls_pin_callback_t gnutls_pkcs11_get_pin_function (void **userdata);
int gnutls_pkcs11_add_provider (const char *name, const char *params); int gnutls_pkcs11_add_provider (const char *name, const char *params);
int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj); int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj);
void gnutls_pkcs11_obj_set_pin_function (gnutls_pkcs11_obj_t,
gnutls_pin_callback_t fn,
void *userdata);
#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */ #define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */
#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */ #define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */
#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */ #define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */
#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO (1<<3) /* force login as a secu rity officer in the token for the operation */ #define GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO (1<<3) /* force login as a secu rity officer in the token for the operation */
#define GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE (1<<4) /* marked as private (re quires PIN to access) */ #define GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE (1<<4) /* marked as private (re quires PIN to access) */
#define GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE (1<<5) /* marked as not pri vate */ #define GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE (1<<5) /* marked as not pri vate */
/** /**
* gnutls_pkcs11_url_type_t: * gnutls_pkcs11_url_type_t:
skipping to change at line 228 skipping to change at line 174
} gnutls_pkcs11_obj_info_t; } gnutls_pkcs11_obj_info_t;
int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt, int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt,
gnutls_pkcs11_obj_info_t itype, void *outpu t, gnutls_pkcs11_obj_info_t itype, void *outpu t,
size_t * output_size); size_t * output_size);
/** /**
* gnutls_pkcs11_obj_attr_t: * gnutls_pkcs11_obj_attr_t:
* @GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL: Specify all certificates. * @GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL: Specify all certificates.
* @GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED: Specify all certificates marked as trusted. * @GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED: Specify all certificates marked as trusted.
* @GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA: Specify all certificates marked as trusted and are CAs.
* @GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY: Specify all certificates with a corresponding private key. * @GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY: Specify all certificates with a corresponding private key.
* @GNUTLS_PKCS11_OBJ_ATTR_PUBKEY: Specify all public keys. * @GNUTLS_PKCS11_OBJ_ATTR_PUBKEY: Specify all public keys.
* @GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY: Specify all private keys. * @GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY: Specify all private keys.
* @GNUTLS_PKCS11_OBJ_ATTR_ALL: Specify all objects. * @GNUTLS_PKCS11_OBJ_ATTR_ALL: Specify all objects.
* *
* Enumeration of several attributes for object enumeration. * Enumeration of several attributes for object enumeration.
*/ */
typedef enum typedef enum
{ {
GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */ GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */
GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */
GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corr esponding private key */ GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corr esponding private key */
GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */ GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */
GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */ GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */
GNUTLS_PKCS11_OBJ_ATTR_ALL, /* everything! */ GNUTLS_PKCS11_OBJ_ATTR_ALL /* everything! */
GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA,
} gnutls_pkcs11_obj_attr_t; } gnutls_pkcs11_obj_attr_t;
/** /**
* gnutls_pkcs11_token_info_t: * gnutls_pkcs11_token_info_t:
* @GNUTLS_PKCS11_TOKEN_LABEL: The token's label * @GNUTLS_PKCS11_TOKEN_LABEL: The token's label
* @GNUTLS_PKCS11_TOKEN_SERIAL: The token's serial number * @GNUTLS_PKCS11_TOKEN_SERIAL: The token's serial number
* @GNUTLS_PKCS11_TOKEN_MANUFACTURER: The token's manufacturer * @GNUTLS_PKCS11_TOKEN_MANUFACTURER: The token's manufacturer
* @GNUTLS_PKCS11_TOKEN_MODEL: The token's model * @GNUTLS_PKCS11_TOKEN_MODEL: The token's model
* *
* Enumeration of types for retrieving token information. * Enumeration of types for retrieving token information.
skipping to change at line 296 skipping to change at line 240
gnutls_pkcs11_token_init (const char *token_url, gnutls_pkcs11_token_init (const char *token_url,
const char *so_pin, const char *label); const char *so_pin, const char *label);
int int
gnutls_pkcs11_token_get_mechanism (const char *url, unsigned int idx, gnutls_pkcs11_token_get_mechanism (const char *url, unsigned int idx,
unsigned long *mechanism); unsigned long *mechanism);
int gnutls_pkcs11_token_set_pin (const char *token_url, int gnutls_pkcs11_token_set_pin (const char *token_url,
const char *oldpin, const char *oldpin,
const char *newpin, const char *newpin,
unsigned int flags /*gnutls_pkcs11_pin_fla g_t */ unsigned int flags /*gnutls_pin_flag_t */
); );
int gnutls_pkcs11_token_get_url (unsigned int seq, int gnutls_pkcs11_token_get_url (unsigned int seq,
gnutls_pkcs11_url_type_t detailed, gnutls_pkcs11_url_type_t detailed,
char **url); char **url);
int gnutls_pkcs11_token_get_info (const char *url, int gnutls_pkcs11_token_get_info (const char *url,
gnutls_pkcs11_token_info_t ttype, gnutls_pkcs11_token_info_t ttype,
void *output, size_t * output_size); void *output, size_t * output_size);
#define GNUTLS_PKCS11_TOKEN_HW 1 #define GNUTLS_PKCS11_TOKEN_HW 1
int gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags); int gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags);
int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list, int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
unsigned int *const n_list, unsigned int *const n_list,
const char *url, const char *url,
gnutls_pkcs11_obj_attr_t attrs, gnutls_pkcs11_obj_attr_t attrs,
unsigned int flags unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ ); /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int
gnutls_pkcs11_obj_list_import_url2 (gnutls_pkcs11_obj_t ** p_list,
unsigned int *n_list,
const char *url,
gnutls_pkcs11_obj_attr_t attrs,
unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt, int gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt,
gnutls_pkcs11_obj_t pkcs11_crt); gnutls_pkcs11_obj_t pkcs11_crt);
int gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, const char *u rl, int gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, const char *u rl,
unsigned int flags unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ ); /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t ob j); gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t ob j);
const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t type); const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t type);
int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs,
unsigned int cert_max, unsigned int cert_max,
gnutls_pkcs11_obj_t * const objs, gnutls_pkcs11_obj_t * const objs,
unsigned int flags /* must be zero */); unsigned int flags /* must be zero */);
/* private key functions...*/ /* private key functions...*/
int gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key); int gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key);
void gnutls_pkcs11_privkey_set_pin_function (gnutls_pkcs11_privkey_t,
gnutls_pin_callback_t fn, void
*userdata);
void gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key); void gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key);
int gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key, int gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
unsigned int *bits); unsigned int *bits);
int gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey, int gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey,
gnutls_pkcs11_obj_info_t itype, gnutls_pkcs11_obj_info_t itype,
void *output, size_t * output_size); void *output, size_t * output_size);
int gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey, int gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey,
const char *url, unsigned int flags); const char *url, unsigned int flags);
 End of changes. 9 change blocks. 
67 lines changed or deleted 20 lines changed or added


 pkcs12.h (3.0.32)   pkcs12.h (3.1.0) 
skipping to change at line 61 skipping to change at line 61
int indx, gnutls_pkcs12_bag_t bag); int indx, gnutls_pkcs12_bag_t bag);
int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t ba g); int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t ba g);
int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass) ; int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass) ;
int gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass); int gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass);
int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass) ; int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass) ;
int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass, int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
unsigned int flags); unsigned int flags);
#define GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED 1
int gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12,
const char *password,
gnutls_x509_privkey_t * key,
gnutls_x509_crt_t ** chain,
unsigned int * chain_len,
gnutls_x509_crt_t ** extra_certs,
unsigned int * extra_certs_len,
gnutls_x509_crl_t * crl,
unsigned int flags);
/** /**
* gnutls_pkcs12_bag_type_t: * gnutls_pkcs12_bag_type_t:
* @GNUTLS_BAG_EMPTY: Empty PKCS-12 bag. * @GNUTLS_BAG_EMPTY: Empty PKCS-12 bag.
* @GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: PKCS-12 bag with PKCS-8 encrypted key. * @GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: PKCS-12 bag with PKCS-8 encrypted key.
* @GNUTLS_BAG_PKCS8_KEY: PKCS-12 bag with PKCS-8 key. * @GNUTLS_BAG_PKCS8_KEY: PKCS-12 bag with PKCS-8 key.
* @GNUTLS_BAG_CERTIFICATE: PKCS-12 bag with certificate. * @GNUTLS_BAG_CERTIFICATE: PKCS-12 bag with certificate.
* @GNUTLS_BAG_CRL: PKCS-12 bag with CRL. * @GNUTLS_BAG_CRL: PKCS-12 bag with CRL.
* @GNUTLS_BAG_SECRET: PKCS-12 bag with secret PKCS-9 keys. * @GNUTLS_BAG_SECRET: PKCS-12 bag with secret PKCS-9 keys.
* @GNUTLS_BAG_ENCRYPTED: Encrypted PKCS-12 bag. * @GNUTLS_BAG_ENCRYPTED: Encrypted PKCS-12 bag.
* @GNUTLS_BAG_UNKNOWN: Unknown PKCS-12 bag. * @GNUTLS_BAG_UNKNOWN: Unknown PKCS-12 bag.
 End of changes. 1 change blocks. 
0 lines changed or deleted 11 lines changed or added


 x509.h (3.0.32)   x509.h (3.1.0) 
skipping to change at line 184 skipping to change at line 184
int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert,
void *ret, size_t * ret_size, void *ret, size_t * ret_size,
unsigned int *critical); unsigned int *critical);
int gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *b uf, int gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *b uf,
size_t * buf_size); size_t * buf_size);
int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *bu f, int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *bu f,
size_t * buf_size); size_t * buf_size);
void gnutls_x509_crt_set_pin_function (gnutls_x509_crt_t crt,
gnutls_pin_callback_t fn, void *user
data);
/** /**
* gnutls_info_access_what_t: * gnutls_info_access_what_t:
* @GNUTLS_IA_ACCESSMETHOD_OID: Get accessMethod OID. * @GNUTLS_IA_ACCESSMETHOD_OID: Get accessMethod OID.
* @GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE: Get accessLocation name ty pe. * @GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE: Get accessLocation name ty pe.
* @GNUTLS_IA_URI: Get accessLocation URI value. * @GNUTLS_IA_URI: Get accessLocation URI value.
* @GNUTLS_IA_OCSP_URI: get accessLocation URI value for OCSP. * @GNUTLS_IA_OCSP_URI: get accessLocation URI value for OCSP.
* @GNUTLS_IA_CAISSUERS_URI: get accessLocation URI value for caIssuers. * @GNUTLS_IA_CAISSUERS_URI: get accessLocation URI value for caIssuers.
* *
* Enumeration of types for the @what parameter of * Enumeration of types for the @what parameter of
* gnutls_x509_crt_get_authority_info_access(). * gnutls_x509_crt_get_authority_info_access().
skipping to change at line 599 skipping to change at line 602
* @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow trusted CA certificates * @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow trusted CA certificates
* with version 1. This is safer than %GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA _CRT, * with version 1. This is safer than %GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA _CRT,
* and should be used instead. That way only signers in your trusted list * and should be used instead. That way only signers in your trusted list
* will be allowed to have certificates of version 1. This is the default. * will be allowed to have certificates of version 1. This is the default.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA * @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA
* certificates that have version 1. This option is to be used * certificates that have version 1. This option is to be used
* to deprecate all certificates of version 1. * to deprecate all certificates of version 1.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by * @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by
* anyone trusted but exists in the trusted CA list do not treat it * anyone trusted but exists in the trusted CA list do not treat it
* as trusted. * as trusted.
* @GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN: A certificate chain is tolerated
* if unsorted (the case with many TLS servers out there).
* @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that * @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that
* have version 1 (both root and intermediate). This might be * have version 1 (both root and intermediate). This might be
* dangerous since those haven't the basicConstraints * dangerous since those haven't the basicConstraints
* extension. Must be used in combination with * extension. Must be used in combination with
* %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT. * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.
* @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed
* using the broken MD2 algorithm. * using the broken MD2 algorithm.
* @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed
* using the broken MD5 algorithm. * using the broken MD5 algorithm.
* @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation * @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation
skipping to change at line 630 skipping to change at line 631
GNUTLS_VERIFY_DISABLE_CA_SIGN = 1, GNUTLS_VERIFY_DISABLE_CA_SIGN = 1,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2,
GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4, GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4,
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8, GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32,
GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 64, GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 64,
GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 128, GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 128,
GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256, GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256,
GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 512, GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 512,
GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1024,
} gnutls_certificate_verify_flags; } gnutls_certificate_verify_flags;
int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert, int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
gnutls_x509_crt_t issuer); gnutls_x509_crt_t issuer);
int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
int cert_list_length, int cert_list_length,
const gnutls_x509_crt_t * CA_list, const gnutls_x509_crt_t * CA_list,
int CA_list_length, int CA_list_length,
const gnutls_x509_crl_t * CRL_list, const gnutls_x509_crl_t * CRL_list,
skipping to change at line 675 skipping to change at line 675
int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
const void *oid, const void *oid,
unsigned int critical); unsigned int critical);
/* Private key handling. /* Private key handling.
*/ */
/* Flags for the gnutls_x509_privkey_export_pkcs8() function. /* Flags for the gnutls_x509_privkey_export_pkcs8() function.
*/ */
#define GNUTLS_PKCS8_PLAIN GNUTLS_PKCS_PLAIN
#define GNUTLS_PKCS8_USE_PKCS12_3DES GNUTLS_PKCS_USE_PKCS12_3DES
#define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR
#define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40
/** /**
* gnutls_pkcs_encrypt_flags_t: * gnutls_pkcs_encrypt_flags_t:
* @GNUTLS_PKCS_PLAIN: Unencrypted private key. * @GNUTLS_PKCS_PLAIN: Unencrypted private key.
* @GNUTLS_PKCS8_PLAIN: Same as %GNUTLS_PKCS_PLAIN. * @GNUTLS_PKCS_NULL_PASSWORD: Some schemas distinguish between an empty an d a NULL password.
* @GNUTLS_PKCS_USE_PKCS12_3DES: PKCS-12 3DES. * @GNUTLS_PKCS_USE_PKCS12_3DES: PKCS-12 3DES.
* @GNUTLS_PKCS8_USE_PKCS12_3DES: Same as %GNUTLS_PKCS_USE_PKCS12_3DES.
* @GNUTLS_PKCS_USE_PKCS12_ARCFOUR: PKCS-12 ARCFOUR. * @GNUTLS_PKCS_USE_PKCS12_ARCFOUR: PKCS-12 ARCFOUR.
* @GNUTLS_PKCS8_USE_PKCS12_ARCFOUR: Same as %GNUTLS_PKCS_USE_PKCS12_ARCFOU R.
* @GNUTLS_PKCS_USE_PKCS12_RC2_40: PKCS-12 RC2-40. * @GNUTLS_PKCS_USE_PKCS12_RC2_40: PKCS-12 RC2-40.
* @GNUTLS_PKCS8_USE_PKCS12_RC2_40: Same as %GNUTLS_PKCS_USE_PKCS12_RC2_40.
* @GNUTLS_PKCS_USE_PBES2_3DES: PBES2 3DES. * @GNUTLS_PKCS_USE_PBES2_3DES: PBES2 3DES.
* @GNUTLS_PKCS_USE_PBES2_AES_128: PBES2 AES-128. * @GNUTLS_PKCS_USE_PBES2_AES_128: PBES2 AES-128.
* @GNUTLS_PKCS_USE_PBES2_AES_192: PBES2 AES-192. * @GNUTLS_PKCS_USE_PBES2_AES_192: PBES2 AES-192.
* @GNUTLS_PKCS_USE_PBES2_AES_256: PBES2 AES-256. * @GNUTLS_PKCS_USE_PBES2_AES_256: PBES2 AES-256.
* *
* Enumeration of different PKCS encryption flags. * Enumeration of different PKCS encryption flags.
*/ */
typedef enum gnutls_pkcs_encrypt_flags_t typedef enum gnutls_pkcs_encrypt_flags_t
{ {
GNUTLS_PKCS_PLAIN = 1, GNUTLS_PKCS_PLAIN = 1,
GNUTLS_PKCS8_PLAIN = GNUTLS_PKCS_PLAIN,
GNUTLS_PKCS_USE_PKCS12_3DES = 2, GNUTLS_PKCS_USE_PKCS12_3DES = 2,
GNUTLS_PKCS8_USE_PKCS12_3DES = GNUTLS_PKCS_USE_PKCS12_3DES,
GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
GNUTLS_PKCS8_USE_PKCS12_ARCFOUR = GNUTLS_PKCS_USE_PKCS12_ARCFOUR,
GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
GNUTLS_PKCS8_USE_PKCS12_RC2_40 = GNUTLS_PKCS_USE_PKCS12_RC2_40,
GNUTLS_PKCS_USE_PBES2_3DES = 16, GNUTLS_PKCS_USE_PBES2_3DES = 16,
GNUTLS_PKCS_USE_PBES2_AES_128 = 32, GNUTLS_PKCS_USE_PBES2_AES_128 = 32,
GNUTLS_PKCS_USE_PBES2_AES_192 = 64, GNUTLS_PKCS_USE_PBES2_AES_192 = 64,
GNUTLS_PKCS_USE_PBES2_AES_256 = 128 GNUTLS_PKCS_USE_PBES2_AES_256 = 128,
GNUTLS_PKCS_NULL_PASSWORD = 256
} gnutls_pkcs_encrypt_flags_t; } gnutls_pkcs_encrypt_flags_t;
int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key); int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);
void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key); void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key);
gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t
key); key);
int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst,
gnutls_x509_privkey_t src); gnutls_x509_privkey_t src);
int gnutls_x509_privkey_import (gnutls_x509_privkey_t key, int gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format); gnutls_x509_crt_fmt_t format);
int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
const char *password, const char *password,
unsigned int flags); unsigned int flags);
int gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t key,
const gnutls_datum_t *data,
const char* password);
int gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format,
const char* password, unsigned int flags
);
int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
const gnutls_datum_t * m, const gnutls_datum_t * m,
const gnutls_datum_t * e, const gnutls_datum_t * e,
const gnutls_datum_t * d, const gnutls_datum_t * d,
const gnutls_datum_t * p, const gnutls_datum_t * p,
const gnutls_datum_t * q, const gnutls_datum_t * q,
const gnutls_datum_t * u); const gnutls_datum_t * u);
int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
const gnutls_datum_t * m, const gnutls_datum_t * m,
const gnutls_datum_t * e, const gnutls_datum_t * e,
skipping to change at line 978 skipping to change at line 986
int int
gnutls_x509_trust_list_verify_crt ( gnutls_x509_trust_list_verify_crt (
gnutls_x509_trust_list_t list, gnutls_x509_trust_list_t list,
gnutls_x509_crt_t *cert_list, gnutls_x509_crt_t *cert_list,
unsigned int cert_list_size, unsigned int cert_list_size,
unsigned int flags, unsigned int flags,
unsigned int *verify, unsigned int *verify,
gnutls_verify_output_function func); gnutls_verify_output_function func);
/* trust list convenience functions */
int
gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list,
const gnutls_datum_t * cas,
const gnutls_datum_t * crls,
gnutls_x509_crt_fmt_t type,
unsigned int tl_flags,
unsigned int tl_vflags);
int
gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list,
const char* ca_file,
const char* crl_file,
gnutls_x509_crt_fmt_t type,
unsigned int tl_flags,
unsigned int tl_vflags);
int
gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
unsigned int tl_flags, unsigned int
tl_vflags);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* GNUTLS_X509_H */ #endif /* GNUTLS_X509_H */
 End of changes. 15 change blocks. 
12 lines changed or deleted 43 lines changed or added

This html diff was produced by rfcdiff 1.41.The latest version is available from http://tools.ietf.org/tools/rfcdiff/