ABI
Tracker

(GnuTLS)



Headers diff: 3.1.3 vs 3.1.4



 gnutls.h (3.1.3)   gnutls.h (3.1.4) 
skipping to change at line 54 skipping to change at line 54
#include <sys/types.h> #include <sys/types.h>
/* *INDENT-ON* */ /* *INDENT-ON* */
#endif #endif
/* Get time_t. */ /* Get time_t. */
#include <time.h> #include <time.h>
#ifdef __cplusplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#define GNUTLS_VERSION "3.1.3" #define GNUTLS_VERSION "3.1.4"
#define GNUTLS_VERSION_MAJOR 3 #define GNUTLS_VERSION_MAJOR 3
#define GNUTLS_VERSION_MINOR 1 #define GNUTLS_VERSION_MINOR 1
#define GNUTLS_VERSION_PATCH 3 #define GNUTLS_VERSION_PATCH 4
#define GNUTLS_VERSION_NUMBER 0x030103 #define GNUTLS_VERSION_NUMBER 0x030104
#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
/** /**
* gnutls_cipher_algorithm_t: * gnutls_cipher_algorithm_t:
* @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm. * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
* @GNUTLS_CIPHER_NULL: NULL algorithm. * @GNUTLS_CIPHER_NULL: NULL algorithm.
skipping to change at line 432 skipping to change at line 432
GNUTLS_HANDSHAKE_FINISHED = 20, GNUTLS_HANDSHAKE_FINISHED = 20,
GNUTLS_HANDSHAKE_CERTIFICATE_STATUS = 22, GNUTLS_HANDSHAKE_CERTIFICATE_STATUS = 22,
GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23, GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23,
GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254, GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254,
GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024, GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024,
} gnutls_handshake_description_t; } gnutls_handshake_description_t;
/** /**
* gnutls_certificate_status_t: * gnutls_certificate_status_t:
* @GNUTLS_CERT_INVALID: The certificate is not signed by one of the * @GNUTLS_CERT_INVALID: The certificate is not signed by one of the
* known authorities or the signature is invalid. * known authorities or the signature is invalid (deprecated by the flags
* %GNUTLS_CERT_SIGNATURE_FAILURE and %GNUTLS_CERT_SIGNER_NOT_FOUND).
* @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed. * @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed.
* @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509 this will be * @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509 this will be
* set only if CRLs are checked. * set only if CRLs are checked.
* @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known. * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known.
* This is the case if the issuer is not included in the trusted certific ate list. * This is the case if the issuer is not included in the trusted certific ate list.
* @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This * @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This
* may happen if this was a version 1 certificate, which is common with * may happen if this was a version 1 certificate, which is common with
* some CAs, or a version 3 certificate without the basic constrains exte nsion. * some CAs, or a version 3 certificate without the basic constrains exte nsion.
* @GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: The certificate's signer constr
aints were
* violated.
* @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an in secure * @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an in secure
* algorithm such as MD2 or MD5. These algorithms have been broken and * algorithm such as MD2 or MD5. These algorithms have been broken and
* should not be trusted. * should not be trusted.
* @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated. * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
* @GNUTLS_CERT_EXPIRED: The certificate has expired. * @GNUTLS_CERT_EXPIRED: The certificate has expired.
* @GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: The revocation data are old and
have been superseded.
* @GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: The revocation data have
a future issue date.
* @GNUTLS_CERT_UNEXPECTED_OWNER: The owner is not the expected one.
* *
* Enumeration of certificate status codes. Note that the status * Enumeration of certificate status codes. Note that the status
* bits have different meanings in OpenPGP keys and X.509 * bits may have different meanings in OpenPGP keys and X.509
* certificate verification. * certificate verification.
*/ */
typedef enum typedef enum
{ {
GNUTLS_CERT_INVALID = 2, GNUTLS_CERT_INVALID = 1<<1,
GNUTLS_CERT_REVOKED = 32, GNUTLS_CERT_REVOKED = 1<<5,
GNUTLS_CERT_SIGNER_NOT_FOUND = 64, GNUTLS_CERT_SIGNER_NOT_FOUND = 1<<6,
GNUTLS_CERT_SIGNER_NOT_CA = 128, GNUTLS_CERT_SIGNER_NOT_CA = 1<<7,
GNUTLS_CERT_INSECURE_ALGORITHM = 256, GNUTLS_CERT_INSECURE_ALGORITHM = 1<<8,
GNUTLS_CERT_NOT_ACTIVATED = 512, GNUTLS_CERT_NOT_ACTIVATED = 1<<9,
GNUTLS_CERT_EXPIRED = 1024, GNUTLS_CERT_EXPIRED = 1<<10,
GNUTLS_CERT_SIGNATURE_FAILURE = 2048 GNUTLS_CERT_SIGNATURE_FAILURE = 1<<11,
GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED = 1<<12,
GNUTLS_CERT_UNEXPECTED_OWNER = 1<<14,
GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = 1<<15,
GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE = 1<<16,
} gnutls_certificate_status_t; } gnutls_certificate_status_t;
/** /**
* gnutls_certificate_request_t: * gnutls_certificate_request_t:
* @GNUTLS_CERT_IGNORE: Ignore certificate. * @GNUTLS_CERT_IGNORE: Ignore certificate.
* @GNUTLS_CERT_REQUEST: Request certificate. * @GNUTLS_CERT_REQUEST: Request certificate.
* @GNUTLS_CERT_REQUIRE: Require certificate. * @GNUTLS_CERT_REQUIRE: Require certificate.
* *
* Enumeration of certificate request types. * Enumeration of certificate request types.
*/ */
skipping to change at line 809 skipping to change at line 819
/* the name of the specified algorithms */ /* the name of the specified algorithms */
const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm); const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm);
const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm); const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm);
const char *gnutls_compression_get_name (gnutls_compression_method_t const char *gnutls_compression_get_name (gnutls_compression_method_t
algorithm); algorithm);
const char *gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm); const char *gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm);
const char *gnutls_certificate_type_get_name (gnutls_certificate_type_t const char *gnutls_certificate_type_get_name (gnutls_certificate_type_t
type); type);
const char *gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm); const char *gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm);
const char *gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm); const char *gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm);
int gnutls_sign_is_secure (gnutls_sign_algorithm_t algorithm);
gnutls_digest_algorithm_t gnutls_digest_algorithm_t
gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign); gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign);
gnutls_pk_algorithm_t gnutls_pk_algorithm_t
gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign); gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign);
gnutls_sign_algorithm_t gnutls_sign_algorithm_t
gnutls_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_pk_to_sign (gnutls_pk_algorithm_t pk,
gnutls_digest_algorithm_t hash); gnutls_digest_algorithm_t hash);
#define gnutls_sign_algorithm_get_name gnutls_sign_get_name #define gnutls_sign_algorithm_get_name gnutls_sign_get_name
skipping to change at line 956 skipping to change at line 968
const char const char
*gnutls_supplemental_get_name (gnutls_supplemental_data_format_type_t *gnutls_supplemental_get_name (gnutls_supplemental_data_format_type_t
type); type);
/* SessionTicket, RFC 5077. */ /* SessionTicket, RFC 5077. */
int gnutls_session_ticket_key_generate (gnutls_datum_t * key); int gnutls_session_ticket_key_generate (gnutls_datum_t * key);
int gnutls_session_ticket_enable_client (gnutls_session_t session); int gnutls_session_ticket_enable_client (gnutls_session_t session);
int gnutls_session_ticket_enable_server (gnutls_session_t session, int gnutls_session_ticket_enable_server (gnutls_session_t session,
const gnutls_datum_t * key); const gnutls_datum_t * key);
/* SRTP, RFC 5764 */
/**
* gnutls_srtp_profile_t:
* @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80: 128 bit AES with a 80 bit HMAC-SHA1
* @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32: 128 bit AES with a 32 bit HMAC-SHA1
* @GNUTLS_SRTP_NULL_HMAC_SHA1_80: NULL cipher with a 80 bit HMAC-SHA1
* @GNUTLS_SRTP_NULL_HMAC_SHA1_32: NULL cipher with a 32 bit HMAC-SHA1
*
* Enumeration of different SRTP protection profiles.
*/
typedef enum
{
GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80 = 0x0001,
GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32 = 0x0002,
GNUTLS_SRTP_NULL_HMAC_SHA1_80 = 0x0005,
GNUTLS_SRTP_NULL_HMAC_SHA1_32 = 0x0006
} gnutls_srtp_profile_t;
int gnutls_srtp_set_profile (gnutls_session_t session,
gnutls_srtp_profile_t profile);
int gnutls_srtp_set_profile_direct (gnutls_session_t session,
const char *profiles, const char **er
r_pos);
int gnutls_srtp_get_selected_profile (gnutls_session_t session,
gnutls_srtp_profile_t *profile);
const char *gnutls_srtp_get_profile_name (gnutls_srtp_profile_t profile);
int gnutls_srtp_get_profile_id (const char *name,
gnutls_srtp_profile_t *profile);
int gnutls_srtp_get_keys (gnutls_session_t session,
void *key_material,
unsigned int key_material_size,
gnutls_datum_t *client_key,
gnutls_datum_t *client_salt,
gnutls_datum_t *server_key,
gnutls_datum_t *server_salt);
int gnutls_srtp_set_mki (gnutls_session_t session, const gnutls_datum_t *
mki);
int gnutls_srtp_get_mki (gnutls_session_t session, gnutls_datum_t *mki);
int gnutls_key_generate (gnutls_datum_t * key, unsigned int key_size); int gnutls_key_generate (gnutls_datum_t * key, unsigned int key_size);
/* if you just want some defaults, use the following. /* if you just want some defaults, use the following.
*/ */
int gnutls_priority_init (gnutls_priority_t * priority_cache, int gnutls_priority_init (gnutls_priority_t * priority_cache,
const char *priorities, const char **err_pos); const char *priorities, const char **err_pos);
void gnutls_priority_deinit (gnutls_priority_t priority_cache); void gnutls_priority_deinit (gnutls_priority_t priority_cache);
int gnutls_priority_get_cipher_suite_index (gnutls_priority_t pcache, uns igned int idx, unsigned int *sidx); int gnutls_priority_get_cipher_suite_index (gnutls_priority_t pcache, uns igned int idx, unsigned int *sidx);
int gnutls_priority_set (gnutls_session_t session, int gnutls_priority_set (gnutls_session_t session,
skipping to change at line 1019 skipping to change at line 1071
gnutls_cipher_algorithm_t cipher, gnutls_cipher_algorithm_t cipher,
gnutls_mac_algorithm_t mac, gnutls_mac_algorithm_t mac,
gnutls_compression_method_t comp, gnutls_compression_method_t comp,
const gnutls_datum_t* master, const gnutls_datum_t* master,
const gnutls_datum_t * session_id); const gnutls_datum_t * session_id);
/* returns the session ID */ /* returns the session ID */
#define GNUTLS_MAX_SESSION_ID 32 #define GNUTLS_MAX_SESSION_ID 32
int gnutls_session_get_id (gnutls_session_t session, void *session_id, int gnutls_session_get_id (gnutls_session_t session, void *session_id,
size_t * session_id_size); size_t * session_id_size);
int gnutls_session_get_id2 (gnutls_session_t session, gnutls_datum_t *ses sion_id);
int gnutls_session_channel_binding (gnutls_session_t session, int gnutls_session_channel_binding (gnutls_session_t session,
gnutls_channel_binding_t cbtype, gnutls_channel_binding_t cbtype,
gnutls_datum_t * cb); gnutls_datum_t * cb);
/* checks if this session is a resumed one /* checks if this session is a resumed one
*/ */
int gnutls_session_is_resumed (gnutls_session_t session); int gnutls_session_is_resumed (gnutls_session_t session);
int gnutls_session_resumption_requested (gnutls_session_t session); int gnutls_session_resumption_requested (gnutls_session_t session);
skipping to change at line 1219 skipping to change at line 1272
int gnutls_certificate_set_ocsp_status_request_file (gnutls_certificate_c redentials_t res, int gnutls_certificate_set_ocsp_status_request_file (gnutls_certificate_c redentials_t res,
const char* response _file, unsigned int flags); const char* response _file, unsigned int flags);
int gnutls_ocsp_status_request_enable_client (gnutls_session_t session, int gnutls_ocsp_status_request_enable_client (gnutls_session_t session,
gnutls_datum_t *responder_id , gnutls_datum_t *responder_id ,
size_t responder_id_size, size_t responder_id_size,
gnutls_datum_t *request_exte nsions); gnutls_datum_t *request_exte nsions);
int gnutls_ocsp_status_request_get (gnutls_session_t session, gnutls_datu m_t *response); int gnutls_ocsp_status_request_get (gnutls_session_t session, gnutls_datu m_t *response);
int gnutls_ocsp_status_request_is_checked (gnutls_session_t session, unsi
gned int flags);
/* global state functions /* global state functions
*/ */
int gnutls_global_init (void); int gnutls_global_init (void);
void gnutls_global_deinit (void); void gnutls_global_deinit (void);
/** /**
* gnutls_time_func: * gnutls_time_func:
* @t: where to store time. * @t: where to store time.
* *
* Function prototype for time()-like function. Set with * Function prototype for time()-like function. Set with
skipping to change at line 1684 skipping to change at line 1739
int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session, int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session,
gnutls_datum_t *id); gnutls_datum_t *id);
time_t gnutls_certificate_activation_time_peers (gnutls_session_t session ); time_t gnutls_certificate_activation_time_peers (gnutls_session_t session );
time_t gnutls_certificate_expiration_time_peers (gnutls_session_t session ); time_t gnutls_certificate_expiration_time_peers (gnutls_session_t session );
int gnutls_certificate_client_get_request_status (gnutls_session_t sessio n); int gnutls_certificate_client_get_request_status (gnutls_session_t sessio n);
int gnutls_certificate_verify_peers2 (gnutls_session_t session, int gnutls_certificate_verify_peers2 (gnutls_session_t session,
unsigned int *status); unsigned int *status);
int gnutls_certificate_verify_peers3 (gnutls_session_t session,
const char* hostname,
unsigned int *status);
int gnutls_certificate_verification_status_print (unsigned int status,
gnutls_certificate_type_t type,
gnutls_datum_t * out, unsigned int flags);
int gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * dat a, int gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * dat a,
char *result, size_t * result_size); char *result, size_t * result_size);
int gnutls_pem_base64_decode (const char *header, int gnutls_pem_base64_decode (const char *header,
const gnutls_datum_t * b64_data, const gnutls_datum_t * b64_data,
unsigned char *result, size_t * result_size ); unsigned char *result, size_t * result_size );
int gnutls_pem_base64_encode_alloc (const char *msg, int gnutls_pem_base64_encode_alloc (const char *msg,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_datum_t * result); gnutls_datum_t * result);
 End of changes. 13 change blocks. 
13 lines changed or deleted 81 lines changed or added


 x509.h (3.1.3)   x509.h (3.1.4) 
skipping to change at line 633 skipping to change at line 633
* with version 1. This is safer than %GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA _CRT, * with version 1. This is safer than %GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA _CRT,
* and should be used instead. That way only signers in your trusted list * and should be used instead. That way only signers in your trusted list
* will be allowed to have certificates of version 1. This is the default. * will be allowed to have certificates of version 1. This is the default.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA * @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA
* certificates that have version 1. This option is to be used * certificates that have version 1. This option is to be used
* to deprecate all certificates of version 1. * to deprecate all certificates of version 1.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by * @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by
* anyone trusted but exists in the trusted CA list do not treat it * anyone trusted but exists in the trusted CA list do not treat it
* as trusted. * as trusted.
* @GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN: A certificate chain is tolerated * @GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN: A certificate chain is tolerated
* if unsorted (the case with many TLS servers out there). * if unsorted (the case with many TLS servers out there). This is the
* default since GnuTLS 3.1.4.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Do not tolerate an unsorted
* certificate chain.
* @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that * @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that
* have version 1 (both root and intermediate). This might be * have version 1 (both root and intermediate). This might be
* dangerous since those haven't the basicConstraints * dangerous since those haven't the basicConstraints
* extension. Must be used in combination with * extension. Must be used in combination with
* %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT. * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.
* @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed
* using the broken MD2 algorithm. * using the broken MD2 algorithm.
* @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed
* using the broken MD5 algorithm. * using the broken MD5 algorithm.
* @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation * @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation
* and expiration validity periods of certificate chains. Don't set * and expiration validity periods of certificate chains. Don't set
* this unless you understand the security implications. * this unless you understand the security implications.
* @GNUTLS_VERIFY_DISABLE_CRL_CHECKS: Disable checking for validity * @GNUTLS_VERIFY_DISABLE_CRL_CHECKS: Disable checking for validity
* using certificate revocation lists. * using certificate revocation lists or the available OCSP data.
* *
* Enumeration of different certificate verify flags. * Enumeration of different certificate verify flags.
*/ */
typedef enum gnutls_certificate_verify_flags typedef enum gnutls_certificate_verify_flags
{ {
GNUTLS_VERIFY_DISABLE_CA_SIGN = 1, GNUTLS_VERIFY_DISABLE_CA_SIGN = 1<<0,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 1<<1,
GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4, GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1<<2,
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8, GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1<<3,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1<<4,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1<<5,
GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 64, GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1<<6,
GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 128, GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1<<7,
GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256, GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1<<8,
GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 512, GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1<<9,
GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1024, GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1<<10,
GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1<<11,
} gnutls_certificate_verify_flags; } gnutls_certificate_verify_flags;
int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert, int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
gnutls_x509_crt_t issuer); gnutls_x509_crt_t issuer);
int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
int cert_list_length, int cert_list_length,
const gnutls_x509_crt_t * CA_list, const gnutls_x509_crt_t * CA_list,
int CA_list_length, int CA_list_length,
const gnutls_x509_crl_t * CRL_list, const gnutls_x509_crl_t * CRL_list,
 End of changes. 3 change blocks. 
13 lines changed or deleted 17 lines changed or added

This html diff was produced by rfcdiff 1.41.The latest version is available from http://tools.ietf.org/tools/rfcdiff/